Témoins sur le site Web du Groupe CSA

Nous utilisons des témoins pour créer une expérience d'utilisation du site Web plus sécuritaire et plus efficace pour nos clients. Pour plus d'information sur les témoins et sur la façon de les désactiver, consultez la page sur notre Politique de confidentialité. En savoir plus

logo close
Centre de préférences en matière de confidentialité

Veuillez gérer vos choix de témoins en activant ou en désactivant les touches à bascule de consentement sous Objectifs ci-dessous.

Vous pouvez modifier vos préférences en tout temps, tel que décrit dans notre Politique sur les témoins. Politique de cookies

  • Paramètres des témoins
  • Liste des témoins
close
    Skip to content
    CSA Store
    • Groupe CSA
    • CSA OnDemandMC
    • Communauté CSA
    • Contactez Nous
    • Catalogue
      • Chercher par domaine

        • Électricité
        • Carburants et Transport
        • Pétrole et Gaz Naturel
        • Environnement et ressources naturelles
        • Construction et Infrastructure
        • Mécanique Industrielle et équipement
        • Nucléaire
        • Soins de santé et bien-être
        • Santé et sécurité au travail
        • Les systèmes de gestion
      • Chercher par éditeur

        • ASME
        • ASTM
        • Goupe CSA
        • ESA
        • IEC
        • ISO
        • NRC
        • ORNAC
        • TSSA
      • Catalogue ICS

        • Parcourir par classification internationale des normes (codes ICS)
    • Abonnement
      • Chercher par domaine

        • Électricité
        • Carburants et Transport
        • Pétrole et Gaz Naturel
        • Environnement et ressources naturelles
        • Construction et Infrastructure
        • Mécanique Industrielle et équipement
        • Nucléaire
        • Soins de santé et bien-être
        • Santé et sécurité au travail
        • Les systèmes de gestion
      • Abonnements CSA

        • Pourquoi Choisir Les Abonnements?
        • À Propos de CSA AvantageMC
        • À Propos de CSA OnDemandMC
        • Collections CSA OnDemandMC
      • Catalogue ICS

        • Parcourir par classification internationale des normes (codes ICS)
    • Services
    Cart Icon0
    ×
    Connexion / S'inscrire
    French / CAD

    LANGUE

    en

    fr

    Monnaie

    CAD

    USD

    • Groupe CSA
    • CSA OnDemandMC
    • Communauté CSA
    • Contactez Nous
    Liste de souhaits

    Catalogue

    • Chercher par domaine

      • Électricité
      • Carburants et Transport
      • Pétrole et Gaz Naturel
      • Environnement et ressources naturelles
      • Construction et Infrastructure
      • Mécanique Industrielle et équipement
      • Nucléaire
      • Soins de santé et bien-être
      • Santé et sécurité au travail
      • Les systèmes de gestion
    • Chercher par éditeur

      • ASME
      • ASTM
      • Goupe CSA
      • ESA
      • IEC
      • ISO
      • NRC
      • ORNAC
      • TSSA
    • Catalogue ICS

      • Parcourir par classification internationale des normes (codes ICS)

    Abonnement

    • Chercher par domaine

      • Électricité
      • Carburants et Transport
      • Pétrole et Gaz Naturel
      • Environnement et ressources naturelles
      • Construction et Infrastructure
      • Mécanique Industrielle et équipement
      • Nucléaire
      • Soins de santé et bien-être
      • Santé et sécurité au travail
      • Les systèmes de gestion
    • Abonnements CSA

      • Pourquoi Choisir Les Abonnements?
      • À Propos de CSA AvantageMC
      • À Propos de CSA OnDemandMC
      • Collections CSA OnDemandMC
    • Catalogue ICS

      • Parcourir par classification internationale des normes (codes ICS)

    Services

    Menu toggle Icon
    Connexion / S'inscrire
    French / CAD

    LANGUE

    en

    fr

    Monnaie

    CAD

    USD

    Liste de souhaits Mon panier (
    )

    Section de recherche

      • Accueil
      • Groupe CSA
      • Systèmes de gestion
      • Systèmes de gestion (ISO)
      • PRIVACY PACKAGE

      Codes et normes - Achat

      PRIVACY PACKAGE

      Consists of PLUS 8300, Making the CSA Privacy Code Work for You - A Workbook on Applying the CSA Model Code for the Protection of Personal Information (CAN/CSA-Q830) to Your Organization; PLUS 8830, Implementing Privacy Codes of Practice - Commentary and CSA Q830:03, Model Code for the Protection of Personal Information

      SKU: 2416670 Publié par CSA Group Année de publication 2004 236 pages

      détails du produit

      • Préface / Portée

      PLUS 8300 (1st ed. pub. 1996) - Making the CSA Privacy Code Work for You - A Workbook on Applying the CSA Model Code for the Protection of Personal Information (CAN/CSA-Q830) to Your Organization


      Introduction - The Purpose of This Workbook


      The Publication CAN/CSA-Q830, A Model Code for the Protection of Personal Information, referred to as the CSA Code,


      (a) provides the principles for the management of personal information;


      (b) specifies the minimum requirements for the adequate protection of personal information held by participating organizations;


      (c) makes the Canadian public aware of how personal information should be protected; and


      (d) provides standards by which the international community can measure the protection of personal information in Canada.


      This workbook is designed to provide practical, useful advice to help organizations understand and apply CSA's Model Code for the protection of personal information. The workbook is intended to be used in conjunction with the CSA Code, but it is not a replacement. The text of the CSA Code in its entirety should be referred to, when required, as the final authority on matters of interpretation. The workbook was developed and reviewed by the CSA Technical Committee on Privacy, to provide guidance on how to apply the CSA Code effectively. Organizations will find it a valuable tool, particularly for those individuals directly responsible for implementing the CSA Code. However, the use of the workbook is not mandatory.


      The CSA Code can be applied to all types of organizations, from small sole proprietorships to large corporate enterprises; from service clubs and charities to universities and hospitals; from organizations that hold very little personal information to those that specialize in information collection and use.


      While CSA has produced only one workbook to cover this vast range of information users, the principles of the CSA Code are universal and can, accordingly, be applied to all types of organizations whether they are large or small, locally based or multinational, and whether they use the simplest of information management methods or are at the leading edge of electronic information use.


      What differs principally between organizations is the amount and variety of information collected, its sensitivity, and its relative value, both to the individuals providing it and the organizations using it. The workbook addresses these differences with examples drawn from a range of organizational experiences and with practical, commonsense solutions. Whatever type of organization you are involved with, this workbook will provide you with basic information you need to implement the CSA Code in an appropriate way.


      The CSA Code was developed as a national voluntary standard for personal information protection. As you apply the CSA Code, remember that its ultimate success depends upon an underlying commitment to integrity and fairness in the use of personal information. Organizations must always balance their need for information collection, use, and disclosure with the privacy rights of the individual.


      Implementing the CSA Code may be a time-consuming task; however, once implemented, the ongoing maintenance of systems and procedures to meet the Standard should become a routine operation.


      In support of the CSA Code, the Quality Management Institute (QMI) is offering three levels or tiers of recognition as follows:


      Tier 1 - Declaration of the organization's intent to apply the CSA Code.


      Tier 2 - Verification by QMI that the CSA Code has been implemented to an acceptable standard.


      Tier 3 - Registration with QMI.


      For more details on these tiers and the role of the Quality Management Institute, see Appendix B.


      CSA has also published (August 1995) the background research report, Implementing Privacy Codes of Practice: A Report to the Canadian Standards Association (PLUS 8830), written by Colin Bennett of the University of Victoria. Readers who seek further background information about the functions and implementation of Privacy Codes in Canada and overseas might also want to obtain this publication.


      -------------------------------------------------------------------------------------------------------------------------------


      PLUS 8830 (1st ed. pub. 1995) - Implementing Privacy Codes of Practice - Commentary


      Introduction


      The Model Code for the Protection of Personal Information being developed under the auspices of the Canadian Standards Association (CSA) has the potential to advance the cause of personal-data protection in Canada. No other country has attempted to negotiate and establish on a voluntary basis a general minimum standard for privacy protection in its private sector. As an innovation in privacy protection policy, therefore, the implementation of the code does raise a number of intricate questions that have never been addressed before, either in Canada or overseas.


      The CSA has commissioned this research in order to gain a better appreciation of how the CSA Model Code might promote the effective and consistent implementation of personal-data protection standards. This research is presented in a report organized into three parts, which may be read cumulatively or separately. Part I consists of a description of how existing privacy codes are implemented and overseen both in Canada and in selected foreign countries. This analysis will review the scope and depth of data protection policy in Canada and contrast that coverage with the position overseas.


      Chapter One presents a brief overview of the regulatory provisions currently in force in Canada that affect the collection, storage, processing, and disclosure of personal information. This provides some context for the later discussion of codes and highlights some of the current issues that are being debated about policy responses to the privacy problem. The CSA Model Code is being developed at a time when there is a stimulating debate amongst advocates and experts about whether the legislative solutions of the 1970s and 1980s are adequate for the years ahead. The CSA initiative is one of a number of innovative approaches that have been offered to respond to the more complicated challenge of protecting personal privacy within the fluid, decentralized, networked information highway environment of the 21st century.


      Chapter Two analyses the meaning of voluntary or self-regulatory data protection. It describes the evolution of privacy codes in Canada and presents a typology of the diverse range of instruments that have that label. Chapter Three provides a more detailed discussion of the major codes of practice from the Canadian Bankers Association, the insurance industry, Stentor, the Canadian Direct Marketing Association, and the Cable Television Standards Foundation. These codes are compared according to the way they perform certain essential functions of consumer education, complaints resolution, employee training, and oversight.


      Chapter Four analyses the function of privacy codes of practice under different regulatory systems in other countries, with a particular emphasis upon Britain, the Netherlands, and New Zealand. This will highlight the advantages (and disadvantages) of developing codes of practice within the statutory framework of a general data protection law. Chapter Five provides an overview of the current state of personal-data protection in Canada's private sector and outlines the ways in which the CSA Model Code might facilitate the effective implementation of privacy codes of practice.


      Part II of the report draws what I regard to be the most useful lessons from historical and comparative experience about the drafting of codes of practice, about promoting greater consumer awareness, about providing effective redress and participation for the data subject, and about raising the level of accountability within organizations that process personal information. This analysis will be directed toward the operational guidelines to be presented in the accompanying Workbook.


      Part III of the report addresses the central question of what it should mean to adopt the CSA Model Code. I analyse the roles that various organizations might play in monitoring its implementation, bearing in mind the diversity of private sector practices and the different legal, technological, and economic environments in which different sectors have to operate. The analysis will consider the ways that the implementation of the privacy code might be integrated into existing standard-setting mechanisms, and attempt to draw lessons from the oversight of standards in related policy fields. Part III concludes with an analysis of the incentives that might be at work to encourage organizations to sign on.


      There are several questions that this research will not, and cannot, address. This report is not going to evaluate the adequacy of existing codes of practice in different sectors. I will make some comments on the overall picture for privacy protection in Canada. But I cannot judge the effectiveness of individual sectoral or company policies in order to rank their relative success in meeting privacy standards. Whether or not data protection codes or laws work is a question that is extremely difficult to answer in any definite way. Data protection rules (including codes of practice) encompass an intricate blend of organizational obligations and consumer/citizen rights. There is not, then, one overall standard of workability. Moreover, the success of these instruments will obviously vary within individual sectors, within individual firms, and across time and space. The context of rapid technological, economic, and regulatory change and uncertainty also means that an evaluation today could be dated tomorrow.


      This report will also not comment on the wording of the CSA Model Code. It will focus instead on the process through which organizational obligations may be fulfilled and individual rights exercised. Thus an evaluation of the substantive content of the code and the wording of different principles is beyond the scope of this research. Moreover, I have concluded from my research on this subject, over some 15 years in Europe and North America, that debates on personal-data protection in most societies have centered as much on questions of implementation and enforcement as on the wording of principles. That is not to deny the intricate problems that arise over the interpretation of key words like consent, collection, processing, disclosure, and so on.


      Finally, this report cannot discuss in any great depth the particular privacy challenges in individual sectors of the economy. The analysis obviously has to be cognizant of the shifting and indistinct boundaries between industry sectors. Moreover, future implementation of the CSA Model Code must remain sensitive to variations in community needs, according to their size, the importance and sensitivity of the information collected, and whether personal data are employee- or consumer-related. The privacy issue spans all sectors. It has legal, economic, technological, and political dimensions in every corner of advanced industrial societies.


      Thus I bring to this research neither an in-depth expertise in any one sector, nor a particular competence in computer and communications technologies, management information systems, or network security. Instead, I bring the expertise of the policy analyst: a grasp of the general philosophy behind privacy claims, how that theory has been translated into a public policy of personal-data protection in different societies, and how that policy has been implemented in different jurisdictions. Two of the intriguing and perennial features of this area of public policy are its constant attention to the experiences of others and its abiding need to draw lessons. The central purpose of this research is just that - to draw lessons.


      The research methodology has involved the following activities (see Appendix 1 for the Terms of Reference). First, a substantial quantity of documentary evidence has been collected and analyzed. This includes codes of practice, regulations, guidance notes, promotional materials, training manuals, and so on. The report will be accompanied by a Sourcebook of the most relevant materials gathered from different Canadian and foreign organizations.


      Secondly, non-structured interviews have been conducted with representatives from a range of public and private organizations in Canada, including trade associations, the offices of Information and Privacy Commissioners, offices of other federal agencies, consumer associations and public interest groups, and experts in auditing, management information systems, and computer security. A list of the agencies and organizations contacted is included in Appendix 2.


      Thirdly, potentially very useful information has been gathered from overseas data protection authorities. I took the opportunity to attend, in September 1994, the 15th Annual Conference of Data Protection Commissioners, in the Hague, which allowed formal and informal contacts with officials from Britain, France, Germany, the Netherlands, New Zealand, Australia, and Ireland. Each of these countries has experiences of data protection of potential interest to the CSA.


      Finally, I have also drawn upon the secondary literature on privacy and data protection in North America and Europe. Whilst there exist a vast number of books and articles on privacy and the laws on privacy, there is, curiously, very little on codes of practice. I am hopeful, therefore, that this research will not only contribute to the resolution of questions relating to the implementation of the CSA Model Code but will also fill a longstanding gap in the literature on privacy and data protection.


      At the outset, it is necessary to clarify my use of certain terms. The CSA is developing a Model Code for the Protection of Personal Information. Many organizations, however, describe these instruments as privacy codes, and I shall continue to use this designation from time to time. However, it is necessary to point out that this is something of a misnomer. Most, if not all, privacy codes deal solely with the question of information privacy or personal-data protection. Yet privacy is a broader value that encompasses other interests besides the protection of personal information, including the limitation of intrusiveness by the press, the protection of a realm of private intimate decision-making, the right to engage in unconventional lifestyles, and so on. Privacy has become an umbrella value through which is justified the general right to be let alone. We should be careful, therefore, in not claiming too much from privacy codes of practice, beyond the control over the collection, storage, processing, and transmittal of personal information.


      I am grateful to many people for providing me with the raw material for this study. A large number of organizations provided relevant written materials. Representatives from a substantial number of these were contacted and interviewed in person (see Appendix 2). I guaranteed anonymity in all the interviews I conducted. I would like to acknowledge, however, my appreciation for the time that many people spent with me and for the candour with which everyone responded to my enquiries. I am also very grateful to my research assistant, Darren Osadchuk, a graduate student in the Department of Political Science at the University of Victoria, for his help in collecting and organizing the large amount of material upon which this study is based.


      Colin J. Bennett, Associate Professor, Department of Political Science, University of Victoria.


      -----------------------------------------------------------------------------------------------------------------------------------


      CSA Q830:03 - Model Code for the Protection of Personal Information


      Scope


      1.1

      This model code describes the minimum requirements for the protection of personal information. Any applicable legislation is to be considered in implementing these requirements.


      1.2

      This Standard may be applied to all personal information. Provided the minimum requirements are met, organizations may tailor this Standard to meet their specific circumstances. For example, policies and practices may vary, depending upon whether the personal information relates to members, employees, customers, or other individuals.


      1.3

      The objective of this Standard is to assist organizations in developing and implementing policies and practices to be used when managing personal information.


      copyright imgDemander des autorisations de copyright

      Achat

      Langue

      Radio input

      Format

      Radio input
      • FAQs
      • Nous contacter
      • Email produit

      TPS: 119441681 RT0001
      TVQ: 1006017360 TQ0001

      Comparer les formats

      Déterminer le type d’abonnement qui vous convient.

      Select the subscription format that is right for you. Table with 13 rows and 3 columns, identifies features available and not available for the two different subscription formats - CSA Advantage TM and CSA OnDemand TM
      Caractéristiques CSA AdvantageMC CSA OnDemandMC
      Accès hors ligne CSA AdvantageMC. fonction disponible. Accès hors ligne CSA OnDemandMC. fonction disponible. Accès hors ligne
      Recherche plein texte CSA AdvantageMC. fonction disponible. Recherche plein texte CSA OnDemandMC. fonction disponible. Recherche plein texte
      Création de faits saillants et notes personnelles CSA AdvantageMC. fonction disponible. Création de faits saillants et notes personnelles CSA OnDemandMC. fonction disponible. Création de faits saillants et notes personnelles
      Nouvelles éditions ajoutées automatiquement CSA AdvantageMC. fonction disponible. Nouvelles éditions ajoutées automatiquement CSA OnDemandMC. fonction disponible. Nouvelles éditions ajoutées automatiquement
      Inclût toutes les langues offertes et les versions archivées des normes. CSA AdvantageMC. fonction non disponible. Inclût toutes les langues offertes et les versions archivées des normes. CSA OnDemandMC. fonction disponible. Inclût toutes les langues offertes et les versions archivées des normes.
      Mes fichiers – création de fichiers personnalisés par l’ajout de dispositions, de tableaux ou de figures tirés d’une norme à votre fichier personnel pour consultation rapide CSA AdvantageMC. fonction disponible. Mes fichiers – création de fichiers personnalisés par l’ajout de dispositions, de tableaux ou de figures tirés d’une norme à votre fichier personnel pour consultation rapide CSA OnDemandMC. fonction non disponible. Mes fichiers – création de fichiers personnalisés par l’ajout de dispositions, de tableaux ou de figures tirés d’une norme à votre fichier personnel pour consultation rapide
      Basculement entre vos fichiers et la norme entière pour conserver le contexte CSA AdvantageMC. fonction disponible. Basculement entre vos fichiers et la norme entière pour conserver le contexte CSA OnDemandMC. fonction non disponible. Basculement entre vos fichiers et la norme entière pour conserver le contexte
      Aperçu instantané du contenu ciblé par une référence à l’intérieur du livre CSA AdvantageMC. fonction disponible. Aperçu instantané du contenu ciblé par une référence à l’intérieur du livre CSA OnDemandMC. fonction non disponible. Aperçu instantané du contenu ciblé par une référence à l’intérieur du livre
      Exportation des notes personnelles vers Excel CSA AdvantageMC. fonction disponible. Exportation des notes personnelles vers Excel CSA OnDemandMC. fonction non disponible. Exportation des notes personnelles vers Excel
      Transfert des notes et faits saillants quand des mises à jour sont accessibles CSA AdvantageMC. fonction disponible. Transfert des notes et faits saillants quand des mises à jour sont accessibles CSA OnDemandMC. fonction non disponible. Transfert des notes et faits saillants quand des mises à jour sont accessibles
      Compatibilité avec Adobe Reader (lecteur PDF) et avec les navigateurs sous iOS et Android CSA AdvantageMC. fonction non disponible. Compatibilité avec Adobe Reader (lecteur PDF) et avec les navigateurs sous iOS et Android CSA OnDemandMC. fonction disponible. Compatibilité avec Adobe Reader (lecteur PDF) et avec les navigateurs sous iOS et Android
      Web, Android, iOS Compatible CSA AdvantageMC. fonction disponible. Web, Android, iOS Compatible CSA OnDemandMC. fonction non disponible. Web, Android, iOS Compatible

      Suivez-nous sur les médias sociaux

      Procurez-vous notre infolettre

      Infolettre de la CSA

      • À propos de CSA Store
      • Abonnement
      • Services
      • Catalogue
      • Question fréquemment posée
      • Politiques de retour
      • Détails sur la réalisation
      • SUPPORT EBOOK
      • Mises à jour de Produit
      • CONTACTEZ-NOUS
      • GROUPE CSA
      • COMMUNAUTÉS
      • Service de mise à jour CSA
      • À propos de CSA Store
      • Abonnement
      • Services
      • Catalogue
      • Question fréquemment posée
      • Politiques de retour
      • Détails sur la réalisation
      • SUPPORT EBOOK
      • Mises à jour de Produit
      • CONTACTEZ-NOUS
      • GROUPE CSA
      • COMMUNAUTÉS
      • Service de mise à jour CSA

      • Conditions générales
      • Politique de confidentialité
      • Accessibilité
      © 2023 Association canadienne de normalisation. Tous les droits sont réservés

      Connexion gratuite/inscription requise

      L’accès à la lecture de ce document n’est offert qu’à des personnes au Canada.

      Un compte d’utilisateur gratuit est requis pour lire ce document.

      Se connecter ou s’inscrire