CPOI LIBRARY

Helpful checklists, "how to" articles and organized links to excellent compliance information available on the internet from sources such as Privacy Commissioner's Office, Industry Canada, the Chartered Accountants of Canada and more are freely available on the internet. Use our library to conveniently access this information.

Table of Contents

• OPO Checklists and Articles
• How to Write a Privacy Policy
• Sample privacy policies
• Compliance Guides
• Model contract clauses for transferring data
• Office of the Privacy Commissioner's Fact Sheets
• Privacy Impact Assessment Resources
• Provincial Resources

OPO Checklists

• How to collect personal information
• How to store personal information
• How to use or disclose personal information

OPO Articles

• How to distinguish personal information from other information
• How to respond to requests for access to personal information
• How to respond to requests to correct personal information

Click here to return to this tutorial's table of contents

How to Write a Privacy Policy:

• Create your privacy policy online right now with The OECD Privacy Statement Generator
  http://www.oecd.org/document/39/0,2340,en_2649_34255_28863271_1_1_
  1_1,00.html

Click here to return to this tutorial's table of contents

Sample privacy policies:

• CSA International - This policy of the Canadian Standards Association includes provisions for an online working group workspace.
• Canadian Institute of Chartered Accountants - This policy includes provisions for web visitors and the use of membership information.

Click here to return to this tutorial's table of contents

Compliance Guides

• Canada's Privacy Commissioner's "Guide for Businesses and Organizations to Canada's Personal Information Protection and Electronic Documents Act"
• Canadian Institute of Chartered Accountants' Privacy Package
• Industry Canada's Privacy for Business
• Industry Canada's Online E-security and Privacy Guide
• Treasury Board of Canada Secretariat's Privacy Impact Assessment (PIA) E-learning tool
• The Information and Privacy Commissioner of Ontario's Privacy Diagnostic Tool (PDT) Workbook They describe it as a self-assessment program used to help businesses gauge their privacy readiness.
• Manitoba's Obudsman's "Privacy Compliance Tool Guide" for FIPPA and PHIA.

Click here to return to this tutorial's table of contents

Model contract clauses for transferring data

• British Columbia's model contract language at
  http://www.mser.gov.bc.ca/privacyaccess/Privacy/Tools/PIPA_Tool_9.pdf
• The European Commission's Model Contracts for the transfer of personal data to third countries http://europa.eu.int/comm/justice_home/fsj/privacy/modelcontracts/index_en.htm is available in the pdf here http://europa.eu.int/eur-lex/lex/LexUriServ/site/en/oj/2004/l_385/l_38520041229en00740084.pdf
• The International Chamber of Commerce's Model clauses for use in contracts involving transborder data flows http://www.iccwbo.org/home/statements_rules/rules/1998/model_clauses.asp

Click here to return to this tutorial's table of contents

Office of the Privacy Commissioner of Canada's Fact Sheets

• Best Practices for dealing with pre-PIPEDA personal information (grandfathering) http://www.privcom.gc.ca/fs-fi/02_05_d_22_e.asp
• Determining the appropriate form of consent under the Personal Information Protection and Electronic Documents Act http://www.privcom.gc.ca/fs-fi/02_05_d_24_e.asp
• Best Practices for the use of Social Insurance Numbers in the private sector http://www.privcom.gc.ca/fs-fi/02_05_d_21_e.asp
• Faxing Personal Information http://www.privcom.gc.ca/fs-fi/02_05_d_04_e.asp
• Best Practices for Recording of Customer Telephone Calls http://www.privcom.gc.ca/fs-fi/02_05_d_14_e.asp
• Organizations' Guide to Complaint Investigations under the Personal Information Protection and Electronic Documents Act http://www.privcom.gc.ca/fs-fi/02_05_d_20_e.asp
• Questions and Answers regarding the application of PIPEDA, Alberta and British Columbia's Personal Information Protection Acts (PIPAs) http://www.privcom.gc.ca/fs-fi/02_05_d_26_e.asp
• Privacy in the Workplace http://www.privcom.gc.ca/fs-fi/02_05_d_17_e.asp
• Application of the Personal Information Protection and Electronic Documents Act to Employee Records http://www.privcom.gc.ca/fs-fi/02_05_d_18_e.asp
• The Application of the Personal Information Protection and Electronic Documents Act to Charitable and Non-Profit Organizations http://www.privcom.gc.ca/fs-fi/02_05_d_19_e.asp
• Municipalities, Universities, Schools, and Hospitals http://www.privcom.gc.ca/fs-fi/02_05_d_25_e.asp
• Complying with the Personal Information Protection and Electronic Documents Act
• http://www.privcom.gc.ca/fs-fi/02_05_d_16_e.asp (Their Guide for Organizations and Businesses is more comprehensive and may be found here http://www.privcom.gc.ca/information/guide_e.asp or by pdf here http://www.privcom.gc.ca/information/guide_e.pdf )

Click here to return to this tutorial's table of contents

Privacy Impact Assessment Resources

The Treasury Board of Canada Secretariat's information on Privacy Impact Assessments:

• PIA e-learning tool http://www.tbs-sct.gc.ca/pgol-pged/piatp-pfefvp/index_e.asp
• Report on Best Practices Identified During the Implementation of the Privacy Impact Assessment Policy and Guidelines http://www.tbs-sct.gc.ca/pgol-pged/pia-best/pia-best00_e.asp
• Privacy Impact Assessment Guidelines: A Framework to Manage Privacy Risks http://www.tbs-sct.gc.ca/pubs_pol/ciopubs/pia-pefr/paipg-pefrld1_e.asp and Revision Notice for Privacy Impact Assessment Guidelines: A Framework to Manage Privacy Risks: http://www.tbs-sct.gc.ca/pubs_pol/ciopubs/pia-pefr/paipg-pefrld_e.asp
• Privacy Impact Assessment Policies and guidelines http://www.tbs-sct.gc.ca/pubs_pol/ciopubs/pia-pefr/siglist_e.asp

Click here to return to this tutorial's table of contents

Provincial Resources

• Provincial Legislation, related government websites and local privacy commissioner offices

Alberta's Personal Information Protection Act

• Compliance guides for Alberta's Personal Information Protection Act are available here http://www.oipc.ab.ca/pipa/publications.cfm
• Investigation Reports applying Alberta PIPA private sector privacy legislation available here: http://www.oipc.ab.ca/pipa/

British Columbia's Personal Information Protection Act

• Personal Information Protection Act Guide http://www.mser.gov.bc.ca/privacyaccess/Privacy/GuidePIPA.htm
• Implementation Tools http://www.mser.gov.bc.ca/privacyaccess/Privacy/Tools/Tools_toc.htmincluding model contract language at http://www.mser.gov.bc.ca/privacyaccess/Privacy/Tools/PIPA_Tool_9.pdf
• Decisions relating to the application of British Columbia's PIPA which can be found on the Office of the Information and Privacy Commissioner's website here: http://www.oipc.bc.ca/sector_private/orders_decisions/index.htm

Manitoba

• Manitoba's Obudsman's "Privacy Compliance Tool Guide" for FIPPA and PHIA.

Click here to return to this tutorial's table of contents