Friday, February 11, 2005

Training, training, training! Privacy laws can be implemented without going off the deep end ...

It continually drives me bonkers when I read about how some organizations implement privacy laws (see below). Granted, these laws are not always easy to understand, but they usually can be implemented without completely shutting down normal business operations or even normal personal interactions.

A huge part of the problem is that the laws are not very easy to understand, particularly if you sit down a read them from beginning to end. Most laypeople have a hard enough time staying awake during the process and it is rare to actually make it through the law in one sitting. But even if you can manage to make it that far, there in little in the laws themselves to help you in translating theory to practice. (You're not alone: I've dealt with lawyers who have little understanding of the law itself, let alone how it should be implemented. A law degree does not automatically confer an ability to figure it out.)

So what's to be done? People need to be trained about what the law means and how it needs to be integrated into their operations. Front line employees don't need to memorize section 7(3)(c)(ii), but they do need to know how to do their job in this new regulatory environment. They need to know how to meet customer expectations. They need to know how to deal with circumstances where privacy laws may entail a bit more process for their customers. And they need some common sense.

On this front, I have to give full marks to the Nova Scotia Department of Justice, which recently held a series of workshops for department administrators of the Freedom of Information and Protection of Privacy Act throughout the province. And they had the good sense to include a unit on PIPEDA. Though this law doesn't generally apply to the same organizations subject to FOIPOP, it has been a major source of confusion.

CBC Manitoba - Ombudsman slams province over privacy laws:

"Tuckett says there are many cases where public officials do not use common sense in providing people with access to their own personal information.

'I had a call from somebody where they were talking to somebody in a medical doctor's office and asking about the condition of the person and the doctor came up and said, 'You know, you can't talk about your medical condition with other people in our office because it's contrary to PHIA,'' he says.

'I call it 'PHIAnoia' because, you know what it is, it's this, 'I can't share that, I can't do this.' Privacy laws were never intended to be applied so rigidly that all of a sudden you can't have normal human relations with people.'

Tuckett recommends the government should set up a training program to help its employees understand privacy and access laws. This report will be Tuckett's last as ombudsman; he is retiring as of Feb. 11."

No comments: