strictly confidential enterprise privacy strategy memorial university may 2007
TRANSCRIPT
Strictly Confidential 2
Topics for Today
•What is an Enterprise Strategy?
•ATIPP Legislation
•Compliance requirements overview
•Privacy policy
•Organizing for privacy
•Privacy checklist• Getting your comments
•Privacy impact assessment • Overview
•Questions
Strictly Confidential 3
Memorial Enterprise Privacy Strategy
• Data Gathering: Completing the Privacy Checklist
• Review of Current Documentation
• Gap Analysis, Enterprise Capacity Check
• Ensuring Best Practices• Roles, responsibilities, accountabilities, polices, procedures, training, audit
• Setting Priorities and Plan for addressing Gaps, privacy vulnerabilities
• Implementation and Resourcing schedule for moving towards compliance
Strictly Confidential 4
Glossary
• Privacy analyst means a person in a department who has been designated the role of coordinating privacy compliance activities and privacy impact assessment with in that department.
• Project means 'scheme', 'program', 'initiative', 'application', 'system' and any other defined course of endeavour.
• PIA means Privacy Impact Assessment
• Privacy Officer refers to Rosemary Smith and her team and advisory group
Strictly Confidential 5
Legislation
• Part IV of the Access to Information and Protection of Privacy (ATIPP) Act
• Not yet proclaimed – proclamation expected spring 2007• Planning currently underway• Primary privacy legislation for all government departments and agencies• This is the focus of current planning activities
• Personal Information Protection and Electronic Documents Act (PIPEDA)• Federal private-sector privacy legislation• Does not apply to provincial government departments or agencies• May apply to certain mash sector organizations in some circumstances• Applies to provincial private sector for commercial transactions
• Privacy Act of Newfoundland and Labrador• Establishes right to sue for privacy breaches ("tort")• Requires no specific action by government departments or agencies, but does
bind the Crown
Strictly Confidential 6
ATIPP Act Definitions
• “Personal Information” (PI)• (o) "personal information" means recorded information about an identifiable
individual, including• (i) the individual's name, address or telephone number,• (ii) the individual's race, national or ethnic origin, colour, or religious or political
beliefs or associations,• (iii) the individual's age, sex, sexual orientation, marital status or family status,• (iv) an identifying number, symbol or other particular assigned to the individual,• (v) the individual's fingerprints, blood type or inheritable characteristics,• (vi) information about the individual's health care status or history, including a
physical or mental disability,• (vii) information about the individual's educational, financial, criminal or employment
status or history,• (viii) the opinions of a person about the individual, and• (ix) the individual's personal views or opinions;
Strictly Confidential 7
ATIPP Act Definitions
• ATIPP Act imposes compliance requirements for the collection, use and disclosure of PI
• “Collection”• The addition of new PI to the records of a public body, or the revision of
existing PI based on other information originating outside the public body
• Encompasses all flows of PI into a public body from outside, provided the PI is recorded
• “Use”• Reference to, or application of, PI for any purpose within the public body
• Uses involving decisions about the individual are particularly important
• “Disclosure”• Transfer of PIA from the records of the public body to any entity that is not part
of the public body, subject to the definition of “employee” in the ATIPP Act
• Encompasses all flows of PIA out of a public body from inside
Strictly Confidential 8
ATIPP Act Definitions
• “Employee”• (e) "employee", in relation to a public body, includes a person retained under
a contract to perform services for the public body;
• “Head”• (f) "head", in relation to a public body, means
• (i) in the case of a department, the minister who presides over it,• (ii) in the case of a corporation, its chief executive officer,• (iii) in the case of an unincorporated body, the minister appointed under the
Executive Council Act to administer the Act under which the body is established, or the minister who is otherwise responsible for the body, or
• (iv) in another case, the person or group of persons designated under section 66 or in the regulations as the head of the public body;
Strictly Confidential 9
ATIPP Act Definitions
• “Public body”• (p) "public body" means
• (i) a department created under the Executive Council Act, or a branch of the executive government of the province,
• (ii) a corporation, the ownership of which, or a majority of the shares of which• is vested in the Crown,• (iii) a corporation, commission or body, the majority of the members of which, or the
majority of members of the board of directors of which are appointed by an Act, the Lieutenant-Governor in Council or a minister,
• (iv) a local public body,
• and includes a body designated for this purpose in the regulations made under section 73, but does not include,
• (v) the office of a member or an officer of the House of Assembly,• (vi) the Trial Division, the Court of Appeal or the Provincial Court, or• (vii) a body listed in the Schedule;
Strictly Confidential 10
ATIPP Act Definitions
• “Local public body”• (k) "local public body" means
• (i) an educational body,• (ii) a health care body, and• (iii) a local government body;
• “Health care body”• (g) "health care body" means
• (i) a hospital board or authority as defined in the Hospitals Act,• (ii) a health and community services board established under the Health and
Community Services Act,• (iii) the Cancer Treatment and Research Foundation,• (iv) the Mental Health Review Board,• (v) the Newfoundland and Labrador Centre for Health Information, and• (vi) a body designated as a health care body in the regulations made under section
73;
Strictly Confidential 11
Compliance Requirements: Collection
• PI may be collected only if• Authorized by legislation
• Required for law enforcement purposes
• Necessary for an operating program or activity of a public body
• Collection must normally be directly from the subject, with specific exceptions
• Subject must be informed of (with specific exceptions)• Legal authority for collection
• Purpose of collection
• Contact information for someone to whom questions may be directed
• PI to be kept accurate and up-to-date if used for decisions about subject• Retain for one year
• Subject has right to request correction of PI
• Reasonable security measures required
Strictly Confidential 12
Compliance Requirements: Use
• PI may be used only• For original purpose or a consistent purpose
• With the consent of the subject
• For a purpose related to specified disclosure purposes in Section 38, 39• Requires reasonable and direct connection to disclosure purpose• Must be necessary for legally authorized purposes of the public body that uses the
information
• Use of PI limited to the minimum amount required for the specific purpose
• Cannot collect or retain PI “just in case”
Strictly Confidential 13
Compliance Requirements: Disclosure
• PI may be disclosed only• As specified in Section 39
• For a purpose consistent with purpose of collection• Under court order• To an employee or the minister, if necessary for his or her duties• To the Auditor General or Provincial Archives• To an MHA when PI subject has requested assistance• For a law enforcement investigation• To protect the health and safety of any individual• When authorized or required by other provincial or federal legislation• others
• With the consent of the subject
• For research or statistical purposes, subject to specified conditions
• From the Provincial Archives, subject to specified conditions
Strictly Confidential 14
Introduction to PIAs
• PIA: “An evaluation process which allows those involved in the collection, use or disclosure of Personal Information to assess and evaluate privacy, confidentiality or security risks associated with these activities, and to develop measures intended to mitigate the identified risks.”
• Identifies potential areas of noncompliance with the applicable privacy legislation and policy.
• Identifies risks
• Identifies measures to mitigate those risks.
• Due diligence exercise
• Best focused on risk assessment, not pure compliance
• Report should be a public document• Certain appendices may be withheld, e.g., sensitive security details
• Need clear ATIPP authority to withhold
Strictly Confidential 15
PIA Purposes
• Provide information for informed policy, system design or procurement decisions.
• Ensure that privacy protection is a key consideration in the initial framing of a project’s objectives and activities.
• Provide a consistent format and structured process for analyzing compliance to legislation.
• Ensure that the protection of privacy is included in core criteria for projects.
• Identify a clear accountability and demonstrate due diligence
• Document the flow of personal information.
• Identify means to reduce or eliminate privacy risks.
• Build public trust and confidence
Strictly Confidential 16
Draft PIA Policy
• “Public Bodies within the Government of Newfoundland and Labrador will conduct PIAs for all new and significantly redesigned collections, uses or disclosures of Personal Information that may raise potential privacy risks.”
• (Whether a given project involves potential privacy risks is to be determined in part by the Privacy Checklist, which we will discuss later)
• “A privacy impact assessment shall consist of:• “a specific assessment against the privacy provisions of the Access to
Information and Protection of Privacy Act;
• “a data flow description for the collection, use or disclosure of Personal Information;
• “a threat and risk assessment of the collection, use or disclosure of Personal Information.”
• PIAs to be conducted using tools and procedures that conform with GNL Privacy Legislation
Strictly Confidential 17
Draft PIA Policy - Roles
• Public body• Head is responsible for compliance with the privacy provisions of ATIPP Act.
• Departments have ultimate responsibility for compliance with the privacy provisions of the ATIPP Act.
• The Sr, Exec. responsible for ensuring that a PIA is completed in accordance with this policy if necessary.
• PIAs to be approved by the Head, or by a person designated in writing by him or her to review and approve PIAs.
• PIAs involving information technology Projects or initiatives should also be approved by Memorial’s Privacy Officer, or by a person designated in writing by her to review and approve PIAs.
Strictly Confidential 18
Draft PIA Policy - Roles
• Office of the ATIPP Coordinator GNL• Developing and maintaining the privacy impact assessment process and
procedures.
• Ensuring that the process and procedures are understood throughout the Government of Newfoundland and Labrador and the broader public sector.
• Changes to PIA Policy and related processes and procedures subject to the approval of the minister responsible for the ATIPP Office.
• Memorial University Privacy Officer • Approval of privacy impact assessments, in cooperation with responsible
Department(s)
• Incorporate PIAs into Memorial’s project management standards,
• Continued leadership and key resource for developing privacy capacities at Memorial University
Strictly Confidential 19
Draft PIA Policy - Roles
• Project Manager• Conducting the PIA, or ensuring that it is conducted
• Overseeing the PIA process
• If the Project does not have a Project Manager assigned, the manager who otherwise carries day-to-day responsibility for the Project is responsible
• The Project Manager to undertake PIAs in accordance with the relevant PIA procedures and best practices approved by Memorial University Privacy Officer.
Strictly Confidential 20
Analytical Phases of a PIA
• Phase 1: Project Initiation• Overall scope of the PIA determined• Appropriate tools are selected or developed • Collection and organization of information about the project• Selection of the people and skill sets. • Establishment of the PIA team and a PIA work plan • Retention of external expertise if required.
• Phase 2: Data Flow Analysis• Flow of personal information into, with the in, and out of data repositories and
systems that are part of the project is examined.
• Phase 3: Privacy Risk Analysis• Data flow analysis is assessed in the context of compliance requirements,
privacy principles, the sensitivity and volume of the personal information involved, and other factors.
• Risk factors and mitigation measures.
• Phase 4: Report Preparation
Strictly Confidential 21
Operational Stages of a PIA
1. Complete Privacy Checklist (all projects)
2. Determine need for PIA• Privacy checklist guides decision
• Decision rendered by project steering committee, OR
• Any department involved in Project can force a PIA
3. Project manager assembles PIA team• PIA team assembles documentation and information
4. PIA team determines need for outside expertise• Should not be required for most PIAs, but…
• … Consider for very complex or sensitive PIAs
5. Conduct PIA using PIA Template
6. Prepare a report of findings and PIA implementation plan
7. Report and implementation plan approved by participating departments and Privacy Officer
8. Put implementation plan into effect and proceed with project
Strictly Confidential 22
Timing Considerations
• Total elapsed time in working days
• ‘Easy’ PIA• the project is of limited scope• low volumes of personal information involved• personal information is not particularly sensitive. • 21-91 working days
• ‘Hard’ PIA• the project is of wide scope• large volumes of personal information• at least some personal information is very sensitive• 34-140 working days
• Completion times will decrease with PIA experience
Strictly Confidential 23
PIAs and Project Management
• PIA process should be integrated as much as possible with project management processes
• important to understand where privacy risks might arise as soon as possible in project planning
• Complete privacy checklist before the project charter is approved if possible
• For IT projects, PIA is usually best done between the completion of the business analysis and the completion of application data models
• For non-IT projects, PIA should be completed after PI requirements reasonably well-known but before any part of the project involving PI is rendered operational.
Strictly Confidential 24
PIA Team
• One or more representatives with specific privacy and security expertise (these will often be different people), including client department Privacy Coordinator
• Project manager(s) (from the larger project team)
• IT staff, including staff from the Memorial’s CIO or equivalent and external vendors, as appropriate
• Reps from business areas within the client department(s) that will supply, collect, use, or disclose personal information involved in the project
• Legal counsel if necessary, but the lawyer’s involvement can often be limited to specific legal questions
• Communications staff, if the project is likely to have a high public profile or if privacy risks are likely to become public
Strictly Confidential 25
PIAs and Security
• PIAs and TRA's• A privacy impact assessment is not the same thing as a security threat and
risk assessment (TRA), but …
• Privacy and security must be considered in the same breath. • Privacy considerations will sometimes constrain security options
• Security is an essential prerequisite for privacy protection.
• Privacy and security measures influence each other in ways that may not be fully appreciated at the beginning of a project.
• Planned for eventual integration of PIA and TRA processes• Not right away; requires development of privacy and security policy and
procedures first
• Ensure security personnel involved in every PIA
• Ensure privacy personnel involved in every TRA
• Pursue security standards compliance
Strictly Confidential 26
Contracts
• When project involves external vendors or contractors, an important part of the PIA is the assessment of the relevant contractual provisions.
• When a public body outsources any aspect of the management of personal information, it must ensure that the contractor provides a degree of privacy protection that is at least equivalent to the protection provided by the public body itself.
• In general, the responsibility for privacy protection under the ATIPP Act cannot be delegated by a public body to a contractor.
• The public body must therefore ensure that the contractor meets the obligations to which the public body is bound.
Strictly Confidential 27
Essential Privacy Terms
• Privacy: not defined in legislation or regulations
• What is privacy?
[general discussion and consensus]
Strictly Confidential 28
Essential Security Terms
• Personal identification (identity verification)• Done once during user registration
• Enrolment• Done once for each online service or programme a registered user is
authorised to access
• Authentication • Done each time a user logs into a system
• Authorisation• Checked each time a user accesses an online service or programme
• Accounting (auditing)• Done via audit logs or audit trails that record who does what when
Strictly Confidential 29
Privacy & Security Contrasted
• Confidentiality• (e.g.: User authentication &
authorization)
• Data Integrity • (e.g.: non-repudiation,
audit trails)
• System AvailabilitySecurity
• Accountability
• Consent
• Limiting Collection
• Limiting Use, Disclosure, Retention
• Accuracy
• Security Safeguards
• Openness
• Individual Access
• Challenging Compliance
Privacy
Strictly Confidential 30
Privacy & Security Contrasted
Privacy
Collection Limitation,Data Quality,
Purpose SpecificationUse Limitation,
Security Safeguards, Openness
Individual Access Accountability
Shared PracticesData Quality & Integrity,
Accuracy)Security Safeguards
Individual Access (availability)
Use Limitation (Authorization)
Non
SecurityAccess Controls (Confidentiality, Data Integrity, Availability),
Authentication, Authorization,
repudiation
Strictly Confidential 31
Why Perform a Privacy Impact Analysis?
Consider a hypothetical Memorial project:Project 1: Unified Database of Addresses
for all Memorial staff, students, academics, researchers, alumni• shared by all departments) • benefits: eliminate duplication, effort, reduce cost, etc.
• Ask yourself these questions: • Does each project have a privacy impact?• Can the impact be lessened? • Is the residual impact too high?
[general discussion and consensus]
Strictly Confidential 32
Why Perform a Privacy Impact Analysis?
• Privacy analysis has many factors
• It is difficult to know when the analysis is complete without some pre-existing framework or checklist to refer to
• Need a framework for the analysis
Strictly Confidential 33
A Framework for Privacy Impact Analysis …cont.
ATIPP creates a privacy protection scheme that the government must follow to protect an individual’s right to privacy. The scheme includes rules regarding personal information: • collection, • retention, • use, • disclosure and • disposal • in its custody or control.
• If an individual feels his/her privacy has been compromised by a government institution, he/she may complain to the Information and Privacy Commissioner who may investigate the complaint.
• Individuals who are given access to their personal information have the right to request correction of that information where they believe there may be an error or omission.
• Where this request is refused, individuals may require that a statement of disagreement be attached to the information.
• Individuals may also require that all parties to whom the information has been disclosed in the preceding year be notified of the correction or statement of disagreement.
Strictly Confidential 34
A Framework for Privacy Impact Analysis
• Privacy Principles:• Canadian Standards Association’s Model Code for the Protection of Personal Information
• Code was published in March 1996 as a national standard for Canada. It upholds ten basic privacy principles constitute a widely recognised and principled approach to data protection in Canada.
• Ten privacy principles:1. Accountability for personal information2. Identifying the purposes for collection, use and disclosure of personal info3. Consent4. Limiting collection of personal information5. Limiting use, disclosure and retention of personal information.6. Accuracy of personal information 7. Safeguards for the protection of personal information8. Openness about personal information management practices 9. Individual access to personal information 10. Challenging compliance
• Government privacy and security directives
Strictly Confidential 35
A Framework for Privacy Impact Analysis
• Canadian Standards Association’s Model Code for the Protection of Personal Information • Code was published in March 1996 as a national standard for Canada. • Code upholds ten basic privacy principles. These core principles constitute a widely
recognised and principled approach to data protection in Canada.• Ten privacy principles:
1. Accountability for personal information2. Identifying the purposes for collection, use and disclosure of personal info3. Consent4. Limiting collection of personal information5. Limiting use, disclosure and retention of personal information.6. Accuracy of personal information 7. Safeguards for the protection of personal information8. Openness about practices concerning the management of personal information9. Individual access to personal information 10. Challenging compliance
Strictly Confidential 36
Privacy Tool Set
• PIAs are not always needed
• Some projects only need simple PIAs
• Some projects need Extended PIAs
• Extended PIAs can be a lengthy and challenging undertaking
• How to determine whether a PIA is needed?
• If needed, how to determine whether a simple one will suffice or whether an extended PIA is needed?
Strictly Confidential 37
Privacy Tool Set
Tool set consists of two tools:
• A privacy compliance checklist contains a series of about 40 multiple-choice questions in a workbook that automatically computes a score and advises whether a PIA should be performed
• If a PIA is indicated, a PIA template helps the user though the process with a predefined template and a set of yes/no questions for the use to answer• an attached workbook automatically scores responses and advises on whether potential
problems remain
• If the Messages and Warnings indicate a Extended PIA is suggested the user can use the Supplementary Considerations component of the PIA Template.
Strictly Confidential 38
Process
Complete PIA template
Potential privacy compliance
issues or privacy risk factors?
Complete Mandatory Privacy
Compliance Checklist
Project Exceeds privacy risk thresholds?
Extended PIA
Privacy Assessment ConcludedImplement privacy measuresNo
Yes
Yes
No
Start
Strictly Confidential 39
Timing
• PIA may result in changes and adjustments needing to be made to the project design, and possibly to the project plan as well.
• PIA may identify issues that represent significant project risk (such as the possibility of non-compliance by data sources).
• Therefore advisable to undertake the privacy analysis as early as practicable in the project life-cycle. • This means that the process should be performed preferably as part of the Concept
Phase, and no later than the Definition Phase.
Strictly Confidential 40
Who Performs the Analysis?
• As is the case with PIAs themselves, the analysis needs to be performed by the project team, i.e., the operational segment of Memorial University that is responsible for the project as a whole.
Strictly Confidential 41
Information Gathering
• The process should preferably be performed as part of Concept Phase, and no later than Definition Phase.
• Caveat: only limited documentation will be available during early stages of a project, and there will be uncertainty about the project's scope and the features of the intended system
Strictly Confidential 42
Economy of Effort
Toolset determines whether a project’s potential privacy impact is high, moderate, low, or none:Projects that have No Privacy-Impact: • Project team begins the Privacy Checklist • Privacy Checklist indicates that no further action is required. • Request for approval of the project can be accompanied by a declaration that the proposal is
compliant with I&IT Directive para. 21, in that an appropriate form of assessment has concluded that no PIA is required.
Projects that have a Low to Moderate Privacy Impact:• Project team completes the Privacy Checklist • Privacy Checklist will suggest need for a PIA• Project team completes the PIA Template Projects that have a High Privacy Impact:• Project team completes the Privacy Checklist • Privacy Checklist will suggest need for a PIA• Project team completes the PIA Template • PIA Template will suggest need for an extended PIA
Strictly Confidential 43
Toolset Minimises Effort
Complete PIA template
Potential privacy compliance
issues or privacy risk factors?
Complete Mandatory Privacy
Compliance Checklist
Project Exceeds privacy risk thresholds?
Extended PIA
Privacy Assessment ConcludedImplement privacy measuresNo
Yes
Yes
No
Start
No-Privacy-Impact Project(only part of the checklist needs
to be completed)
Low-Privacy-Impact Project
ModeratePrivacy-Impact Project
High-Privacy-Impact Project
Strictly Confidential 44
Provisional Nature of the Analysis
• Determination of No, Low or High Privacy Impact is provisional, not final:• as the project is articulated from conception, through definition and planning to
implementation, its profile may evolve from Low-PII to High-PII, or from High-PII to Low-PII, particularly if key aspects that caused it to be ranked so highly are later withdrawn; and
• PIA process may uncover information that is inconsistent with the provisional conclusions reached during the Privacy Compliance Checklist, resulting in revisions and change in the PIA process.
• Therefore, it is essential that project manager remains sensitive throughout the project life-cycle to the possibility that the Privacy Compliance may need to be re-visited, or that the PIA Process Specification (step 3 above) may need to be revised at some later point in the project life-cycle.
Strictly Confidential 45
Privacy Checklist
• Rapid, easily completed exercise to determine whether a full PIA is required
• Focused on legislative compliance
• Checklist approach; requires little or no privacy expertise
• Can be automated for basic expert system functions
• Proposed version based on automated Alberta Privacy Planning Tool, to be demonstrated
• Recommend adaptation of Alberta tool for Newfoundland, but need to consider:• IT infrastructure• Adaptation cost• Time required
• Benefits of automated checklist:• Fast recommendations• Thorough responses• Consistency in evaluation of risk factors• Reduced labour overhead for preliminary privacy reviews
Strictly Confidential 46
Privacy Checklist
• Institutions have compliance obligations in relation to privacy law, Privacy Checklist provides institutions with convenient means to check and document compliance with ATIPP.
• Checklist is [currently] an Excel workbook that includes three main spreadsheets. • a checklist spreadsheet containing about 40 multiple choice questions. • a short approvals form• a scoring spreadsheet that calculates a score based on answers provided on the
checklist spreadsheet.• a warnings and suggestions spreadsheet
Strictly Confidential 47
Privacy Checklist …cont.
• Questions are all multiple choice• Questions are designed to be straightforward and readily understood• Multiple-choice answers are designed to be objective (i.e., evidence-based
rather than based on opinion)• Privacy-protective answers receive a positive score• Answers that may pose privacy problems receive a negative score• “Don’t know” is usually scored as negatively as the most negative available
choice
Strictly Confidential 48
Scoring in the Checklist
Scoring is calculated automaticallyScoring has several steps:• Answer to each multi-choice question is assigned a positive or negative score
(questions, answers, and scores on subsequent slides) • Weighting factors may increase the positive or negative score under certain
circumstances (e.g.: the project collects a certain type of data but does not use it or disclose it)
• All the scores (both positive and negative) are summed to calculate a raw score
• Raw score is normalized to a score of zero to 100:• Worst possible score is mapped to zero• Best possible raw score is mapped to 100
Strictly Confidential 49
Results of Checklist
Recommendations are automatically made as to whether the PIA template needs to be completed.
PIA template will need to be completed:• if the normalized score is less than the established threshold or• if there are more positively scored answers than negatively scored answers, or• If project, as indicated by answers given, involves the outsourcing of personal
information management functions or• If project, as indicated by answers given, involves disclosure of identifiers (i.e.,
identifying numbers or symbols) or fingerprints PIA template may need to be completed:• If project, as indicated by answers to specific questions, is a large one• If project, as indicated by answers given, involves collection of identifiers (i.e.,
identifying numbers or symbols) or fingerprints
Strictly Confidential 50
Checklist Scoring
• The Scorings embedded in the checklist to assess compliance vulnerabilities have been provided as examples of default settings and are by way of example.
• The Scorings in the checklist can been modified by Memorial’s Privacy Officer based on use and experience and might not reflect the numbers provided in the version currently being commented on by Enterprise Privacy Strategy participants: you.
Strictly Confidential 51
Questions in the Checklist (sample)
• Will the project collect, store, use or disclose personal information about identifiable individuals?• Yes [-3]
• No [+3]
• Unknown [-3]
• Other (please elaborate) [-3]
If user is certain that no personal information about any identifiable individual will be collected, used, or disclosed, they are advised that the checklist is complete.
Strictly Confidential 53
PIA Template
• Use of template helps to ensure consideration of all major factors
• Focused on risk assessment, not just legislative compliance
• Even with the template, PIA requires judgment and expertise
• No universally recognized format or template for PIAs
• Most jurisdictions that are active in privacy impact assessment use templates; may or may not be mandatory
• Content of template should be a responsibility of the ATIPP office, with input from departments and staff from the CIO
• Proposed template based on British Columbia template• Similar legislation
• Includes some elements from Alberta template, to address corporate issues
• Revised to ensure compatibility with Newfoundland legislation