How to Build and Implement Your Own Privacy Management Plan

Part I – The Ten Guiding Principles

The primary purpose of compliance with any Privacy Act is not to guarantee that Personal Information (“Pi“) will not be compromised, but to be able to prove that you have diligently taken every precautionary measure to protect Pi in accordance with the Ten Guiding Principles.

The Ten Guiding Principles are the backbone of any Privacy Management Plan. It is essential to know these principles well and to keep them in mind at every step of building your plan. The following, is a concise summary of each of these principles.

Principle 1 – Accountability

An organization or sole practitioner is responsible for personal information under their control. One person or more must be designated as accountable for the organization’s compliance or their own compliance with the following principles.

Principle 2 – Identifying Purposes

The purposes for which personal information is collected must be clearly identified by the organization or sole practitioner at or before the time the information is collected.

Principle 3 – Valid Consent (Revision 2015)

Full knowledge and valid consent of a person is required for the collection, use, or disclosure of personal information, except where inappropriate. Quote, “Consent is considered valid only if it is reasonable to expect that individuals to whom an organization’s activities are directed would understand the nature, purpose and consequences of the collection, use or disclosure, to which they are consenting.

Principle 4 – Limiting Collection

The collection of personal information must be limited to what is necessary for the purposes which have been identified by the organization or sole practitioner. Information must be collected using fair and lawful methods.

Principle 5 – Limiting Use, Disclosure, and Retention

Personal information must not be used or disclosed for any purpose other than that for which it was collected; the only exceptions are when the individual gives valid consent or there is a requirement by law. Personal information must only be retained for as long as is necessary for the fulfillment of those purposes as well as to allow sufficient time for recourse, appropriate to the purpose for its collection.

Principle 6 – Accuracy

Personal information must be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.

Principle 7 – Safeguards

Personal information must be protected by security safeguards appropriate to the sensitivity of the information

Principle 8 – Openness

An organization or sole practitioner must provide ready access for individuals, to specific information about its policies and practices relating to the management of personal information.

Principle 9 – Individual Access

Upon request, an individual must be informed of the existence, use, and disclosure of his or her personal information and must be given access to that information. An individual must be able to challenge the accuracy and completeness of the information and have it amended as appropriate.(There are conditions and limitations to access. These are detailed in Part IV – Management Plan Implementation.)

Principle 10 – Challenging Compliance

An individual must be able to address a challenge concerning compliance with the above principles, to the designated person or people accountable for the organization’s compliance or to the sole practitioner responsible for their own compliance.

In Part II – Risk Analysis Self Assessment, the principle of “Accountability” is applied, to carry out a privacy and security audit of your daily information handling, processing, disclosure and storage policies and procedures.

 

Click4Time Software Inc.
"Winner of multiple Canada Health Infoway awards including the fastest growing e-scheduling company serving Canadian health care."

Connect with Us
Canada / US: 1-877-425-4254
Worldwide:1-604-210-1039
Email: support@click4time.com

Join our monthly newsletter to keep up on all the newest updates

© Click4Time 2025