Securing Personal Information: A Self-Assessment Tool For Organizations

May 03

New from the Office of the Privacy Commissioner of Canada today – a very helpful toolkit to help organizations assess their own internal privacy and personal information protection policies and practices. The questionnaire topics are designed to step an auditor or compliance officer through 17 different areas including systems security, records management, physical security, incident management, business continuity planning, among others.

While created by the Canadian Federal Privacy Commissioner, it also includes input from provincial counterparts, and ISO standards. It’s a comprehensive, simple-to-use checklist that is useful for an organization regardless of jurisdiction.

I took the online survey, giving dummy answers to test out the tool and see what the end result would be. Was pleased to find an well-organized summary that I could view, print or email to myself. Responses were scored, and categorized by whether I was above, below or meeting the most basic requirements.

Anyone in the information or records management field in Canada should certainly take a close look at this privacy assessment tool – could be incredibly helpful to your clients or internal stakeholders, especially organizations with limited budgets who want and need to do the right thing, but have to bootstrap their compliance best practices.

I could also see this easily adapted for other jurisdictions, or specific industries. Just make sure you review the copyright policies here first… OPC copyright policies