Information Privacy Commissioner/ Ontario Français | Contact Us | Site Map | Advanced Search info
Skip Navigation Links
Privacy
Access To Information
Resources
Decisions & Resolutions
About Us
Home | Browse All Resources | Discussion Papers | A Policy is Not Enough: It Must be Reflected in Concrete Practices

E-mail | Print | Accessibility | Share:

Add to Twitter |
Skip Navigation Links.

A Policy is Not Enough: It Must be Reflected in Concrete Practices

Document

A Policy is Not Enough: It Must be Reflected in Concrete Practices
Summary Privacy policies and procedures alone, without a concrete strategy for implementation, will not protect an organization from privacy risks. The policies and procedures must be actively communicated, and staff must be educated about measures that need to be in place, so that policies will be reflected in actions. This paper sets out a series of seven steps that organizations should consider implementing in order to effectively translate their privacy policies into privacy practices.
Keywords Privacy by Design, A Policy is Not Enough, best practices, protecting privacy, risk management
Author(s) Office of the Information & Privacy
Commissioner of Ontario
Published Date Sep 05, 2012

<< Back
Back to Top
25 Years of Access and Privacy
Privacy|Access to Information|Resources|Decisions & Resolutions|About Us
Français|Contact Us|Site Map|Advanced Search|RSS|Accessibility|Twitter Policy|Privacy Policy
© Copyright 2013 Information and Privacy Commissioner of Ontario. All Rights Reserved.
To search for a specific word or phrase, use quotation marks around each search term. (Example: "smart meter")