Introduction - The Purpose of This Workbook
The Publication CAN/CSA-Q830, A Model Code for the Protection of Personal Information, referred to as the CSA Code,
(a) provides the principles for the management of personal information;
(b) specifies the minimum requirements for the adequate protection of personal information held by participating organizations;
(c) makes the Canadian public aware of how personal information should be protected; and
(d) provides standards by which the international community can measure the protection of personal information in Canada.
This workbook is designed to provide practical, useful advice to help organizations understand and apply CSA's Model Code for the protection of personal information. The workbook is intended to be used in conjunction with the CSA Code, but it is not a replacement. The text of the CSA Code in its entirety should be referred to, when required, as the final authority on matters of interpretation. The workbook was developed and reviewed by the CSA Technical Committee on Privacy, to provide guidance on how to apply the CSA Code effectively. Organizations will find it a valuable tool, particularly for those individuals directly responsible for implementing the CSA Code. However, the use of the workbook is not mandatory.
The CSA Code can be applied to all types of organizations, from small sole proprietorships to large corporate enterprises; from service clubs and charities to universities and hospitals; from organizations that hold very little personal information to those that specialize in information collection and use.
While CSA has produced only one workbook to cover this vast range of information users, the principles of the CSA Code are universal and can, accordingly, be applied to all types of organizations whether they are large or small, locally based or multinational, and whether they use the simplest of information management methods or are at the leading edge of electronic information use.
Preface
What differs principally between organizations is the amount and variety of information collected, its sensitivity, and its relative value, both to the individuals providing it and the organizations using it. The workbook addresses these differences with examples drawn from a range of organizational experiences and with practical, commonsense solutions. Whatever type of organization you are involved with, this workbook will provide you with basic information you need to implement the CSA Code in an appropriate way.
The CSA Code was developed as a national voluntary standard for personal information protection. As you apply the CSA Code, remember that its ultimate success depends upon an underlying commitment to integrity and fairness in the use of personal information. Organizations must always balance their need for information collection, use, and disclosure with the privacy rights of the individual.
Implementing the CSA Code may be a time-consuming task; however, once implemented, the ongoing maintenance of systems and procedures to meet the Standard should become a routine operation.
CSA has also published (August 1995) the background research report, Implementing Privacy Codes of Practice: A Report to the Canadian Standards Association (PLUS 8830), written by Colin Bennett of the University of Victoria. Readers who seek further background information about the functions and implementation of Privacy Codes in Canada and overseas might also want to obtain this publication.