It goes without saying that working remotely has its pros and cons. Even those who were working from home before the start of the pandemic are finding that they continually need to adjust. For instance, have you stopped to think about your privacy and the privacy of your organization—and how to protect it? Does working from home pose a greater security risk for our organizations? In this episode, you’ll learn about the risks of privacy breaches and get some tips from the Treasury Board of Canada Secretariat on how to better protect your information.
When personal information is used, shared or managed inappropriately, that’s a privacy breach. We need to think about how the new tools we use to work together and deliver services to Canadians will protect personal information and prevent privacy breaches. Creating a completely secure environment in your home or any remote environment may seem like mission impossible, but it’s our duty to ensure we handle all information with care.
Here are some tips to make it easier for you:
- Review your models: Consider the changes to your daily work routines or service delivery models and the effects on how personal information is created, collected, used, disclosed, retained and disposed of. Keeping information digital and reducing paper is a great start and encouraged. Work with your ATIP office to establish if any changes being considered require a Privacy Impact Assessment.
- Vet your tools: It’s easier than ever to find resources to make your work a little easier, but before using any new tools to communicate personal information, contact your Information Management (IM) team, security and privacy officials to ensure that the specific tool is appropriate. Things to look out for are whether the information is being stored, and if so – where?
- Who or what is listening? Take precautions against inappropriate disclosures of personal information when you have a passive listening device nearby by removing or turning off the smart device. This could include Google’s Assistant, Apple’s Siri, Amazon’s Alexa, Facebook’s Portal, or your TVs. Learn about securing your devices.
Keep in mind that any inappropriate creation, collection, use, disclosure, retention or disposition of the personal information is a privacy breach.
- Some personal information about public servants such as your name, title, classification, work email address and work phone number is not considered to be protected personal information by the Privacy Act.
- Digital systems are the preferred means of creating, capturing and managing information.
- Your work computer is not an official corporate repository. Use the appropriate repository which is connected to your network to ensure privacy and security is maintained.
Privacy breaches can often be avoided by being mindful of the personal information we use and how we manage it in our day to day work. If you have questions or if you suspect that a privacy breach has occurred contact your ATIP office or talk to your supervisor for assistance.
Learn more about preventing privacy breaches
- Protecting Personal Information When Working Remotely
- Guidance for the Secure Use of Collaboration Tools
- Secure Remote Working wiki
- Directive on Security Management - Appendix J: Standard on Security Categorization
- Directive on Service and Digital
- Interim Directive on Privacy Impact Assessment
- Interim Policy on Privacy Protection