HOME  
     
 

SERVICES


Privacy and Access to Information Compliance Services

  • Privacy and Access to Information Risk Management     [more]
  • Privacy/ Access to Information Audits and Privacy Impact Assesments     [more]
  • Privacy Policy Development and Implementation     [more]
  • Privacy Officer Advising      [more]
  • Legal Investigations and Hearings   [more]
  • Workshops and Seminars      [more]


PRIVACY AND ACCESS TO INFORMATION COMPLIANCE SERVICES


Privacy and Access to Information Risk Management

Failure to implement an adequate privacy program places an organization at risk of legal liability as well as at risk of significant negative customer relations, brand, public relations, corporate governance, and human resources effects.

Streamline Counsel provides organizations with the solution to addressing and managing this risk. We will set out the specific steps to compliance for the organization, and will advise with respect to all aspects of the design and implementation of an organization-wide privacy program.

For government authorities and other public bodies we advise with respect to compliance with the British Columbia Freedom of Information and Protection of Privacy Act, including in the establishment of standard operating procedures for the handling of access requests and the protection of client and employee records.

Privacy breaches such as the theft of portable devices containing client or employee personal information carries high risk of significant cost for an organization. How a privacy breach is investigated and managed is critical to reducing costs, restoring an organisation's reputation, and repairing relations with the breach victims. We advise organizations with respect to all aspects of managing privacy breaches, from investigating breach causes and responding to media and client questions, to implementing policies to prevent breach recurrence.


Privacy Audits and Privacy Impact Assessments

Personal Information Inventory / Privacy Audit- The First Step in Compliance

Streamline Counsel  supports organizations in conducting an in-depth assessment of their existing privacy environment. A review of the organization’s practices will reveal the manner in which personal information is collected, used, disclosed and stored. This type of audit is a critical first step towards compliance with privacy laws and regulations.

Streamline Counsel  supports public sector clients in conducting an in-depth assessment of their existing privacy and access to information environment. A review of the organization’s practices will reveal the manner in which personal information is collected, used, disclosed and stored, and the manner in which public access to the organization’s records is provided. This type of audit is a critical first step towards compliance with access to information and privacy laws and regulations.

Diagnostic Audit of Current Privacy Program / Access to Information Compliance Program

For private sector organizations which have already developed some privacy procedures, this diagnostic assessment will review and analyze what further steps are required to meet privacy compliance.  An analysis of personal information collection, use, disclosure, and storage will be undertaken, and all privacy policies and procedures will be reviewed and assessed.

For government authorities and other public bodies we also conduct diagnostic assessments where we review and analyze what further steps are required to meet compliance with the British Columbia Freedom of Information and Protection of Privacy Act. Privacy and access to information policies and procedures will be reviewed and assessed.

Privacy Impact Assessments

Private Sector

Streamline Counsel will assess any new programs or services an organization wishes to offer, or assess a new records management system, in order to determine the privacy impact and to assist the organization in avoiding legal penalties, negative media coverage, costly data theft or data breach incidents, and other risks. This assessment will clearly set out options for the organization to manage the compliance and other risks identified and recommend any policy amendments and additional steps the organization should undertake prior to the implementation of the new initiative.

Public Sector

Recent changes to the British Columbia Freedom of Information and Protection of Privacy Act require all public sector organizations to conduct an in depth assessment of compliance with all privacy requirements set out in the Act prior to implementing any “new system, program, or activity” which involves personal information. This in depth assessment is called a Privacy Impact Assessment (PIA) and will be required, for example, whenever a new electronic system containing any personal information is implemented, in most cases where  there will be a new use of personal information previously collected, and with most outsourcing activities. In many cases the PIA must be submitted to the enforcement authority for review. Streamline Counsel will advise the organization in conducting Privacy Impact Assessments and has many years of experience in doing so.


Privacy Policy Development and Implementation

Having organization-wide privacy policies to protect personal information collected, used, and disclosed is a legal requirement.

Streamline Counsel has the legal expertise required to draft an organization’s privacy policies so that they comply with the applicable privacy legislation. From a risk management and a compliance perspective, most organizations require two organization-wide “over-reaching” privacy policies – one with respect to employee personal information and one with respect to information collected from clients/customers, web site visitors, investors, and others external to the organization. We have drafted both types of policies for a wide range of organizations in Canada. In addition to ensuring legal compliance, our experts draft policies so that they benefit an organization from a corporate governance, client relations, investor relations and human resources perspective.

In addition to drafting legally compliant privacy policies, Streamline Counsel offers practical “on the ground” advice on how to implement the policy and how to train staff in meeting the policy’s requirements.


Privacy Officer Advising

Our privacy lawyers and experts can advise any Privacy Officer:

  • With respect to the investigation and determination of specific privacy complaints;
  • In how to meet legal as well as business requirements in implementing an internal process for handling privacy inquiries and complaints;
  • In how to meet legal as well as business requirements in implementing an internal process for handling requests for access to personal information;
  • With respect to the legal exceptions to consent, and whether an organization is permitted to disclose personal information to a government authority or investigative body which requests it; and
  • With respect to any other privacy issues the organization may face.

Legal Investigations and Hearings

Our privacy lawyers and experts have the experience to advise organizations dealing with the Office of the Privacy Commissioner or other privacy law enforcement authorities.

We advise organizations which are the subject of enforcement audits. We also advise organizations which are parties to enforcement authority privacy complaint or access request investigations and hearings. We advise not only with respect to privacy legal requirements, but also with respect to customer and employee relations, media coverage issues, and “best practices”.


Workshops and Seminars

Privacy training for staff is legally required. Streamline Counsel offers workshops and seminars to enable organizations to meet this legal requirement and to realize the benefits of privacy compliance from a customer relations, marketing, public relations, and human resources perspective. All Streamline Counsel workshop leaders have legal as well as extensive teaching and training experience. We offer seminars and workshops “in-house” as well as at our offices in Vancouver.

Contact us for information about our training packages.