Scope
This procedure forms part of 博犖整氈窒s Protection of Privacy and Access to Information policy (the Policy), and sets out procedures by which the Institute will promote privacy awareness and education within the 博犖整氈窒 Community and amongst its Service Providers. Terms not otherwise defined in this procedure are as defined in the Policy.
Privacy Awareness and Education
General Awareness within the 博犖整氈窒 Community
博犖整氈窒 may, from time to time and at the discretion of the General Counsel, provide mandatory or optional in-house training and education on topics related to privacy protection and access to information. The General Counsel will consider the volume and sensitivity of Personal Information in the custody or under the control of the Institute when determining timely and reasonable intervals of such training and education.
Employees who use Personal Information
博犖整氈窒 will ensure that Employees who use any Personal Information in the course of their duties at 博犖整氈窒 complete the FOIPPA Foundations course at least every two years.
Service Provider Privacy Obligations
博犖整氈窒 will ensure that Service Providers are informed of their privacy obligations under the Act. In particular, 博犖整氈窒 will ensure that agreements with Service Providers contain contractual terms that address the Service Providers privacy obligations, which may include, depending on the circumstances:
- representations of the Service Provider reflecting their awareness that 博犖整氈窒 is subject to the Act and that the Act expressly extends such obligations to Service Providers;
- covenants of the Service Provider to comply with the Act and the Policy; and
- covenants of the Service Provider to comply with a privacy protection schedule to be attached to the agreement with a particular Service Provider.