Scope
This procedure forms part of JIBC’s Protection of Privacy and Access to Information policy (the “Policy”), and sets out procedures by which the Institute will promote privacy awareness and education within the JIBC Community and amongst its Service Providers. Terms not otherwise defined in this procedure are as defined in the Policy.
Privacy Awareness and Education
General Awareness within the JIBC Community
JIBC may, from time to time and at the discretion of the General Counsel, provide mandatory or optional in-house training and education on topics related to privacy protection and access to information. The General Counsel will consider the volume and sensitivity of Personal Information in the custody or under the control of the Institute when determining timely and reasonable intervals of such training and education.
Employees who use Personal Information
JIBC will ensure that Employees who use any Personal Information in the course of their duties at JIBC complete the FOIPPA Foundations course at least every two years.
Service Provider Privacy Obligations
JIBC will ensure that Service Providers are informed of their privacy obligations under the Act. In particular, JIBC will ensure that agreements with Service Providers contain contractual terms that address the Service Provider’s privacy obligations, which may include, depending on the circumstances:
- representations of the Service Provider reflecting their awareness that JIBC is subject to the Act and that the Act expressly extends such obligations to Service Providers;
- covenants of the Service Provider to comply with the Act and the Policy; and
- covenants of the Service Provider to comply with a privacy protection schedule to be attached to the agreement with a particular Service Provider.