The COVID-19 pandemic has had deep privacy and security ramifications for individuals, organizations and government bodies. While many of us are familiar with privacy as an issue that relates to our personal or professional lives, the pandemic has accelerated a lot of concern and awareness for information privacy.
For instance, to combat the spread of the virus, organizations have had to collect, use and disclose sensitive data. Recently, as restaurants in Ontario open their doors to patrons again, they are also required to collect personal contact information from their customers to trace COVID-19 cases.
This pandemic has caused many people and organizations to quickly educate themselves on privacy concerns and issues. While there was already a significant shortage of information privacy professionals before the COVID-19 crisis, now more than ever, organizations need personnel who can assess, implement and audit privacy policies to ensure personal data is protected, collected and used according to proper guidelines.
To help fill this skills gap, the York University School of Continuing Studies is launching a 6-month, part-time and online Certificate in Information Privacy on September 21. This new program will allow students to improve their privacy awareness as well as contribute to better the privacy practices within the organizations they work.
Before the launch of this highly relevant new program, we decided to speak with Peter Kosmala, an instructor and program advisory member for the Certificate in Information Privacy and privacy thought leader, on how the pandemic has changed the landscape for information privacy, and what organizations and individuals can do to keep sensitive data safe.
Privacy Concerns While Working Remotely
For months, employees across the world have been working from home, living with their office in their home and fusing their personal and professional lives.
With people having to open their homes to their jobs, family members within that household now have visibility into this working context. Workers who handle sensitive data related to individuals or a company must approach their workspace with a new level of scrutiny that they didn’t have to when they were in the office.
With working from home arrangements likely to continue for the rest of this year and into the next, managers and employees should ask themselves these questions:
- What am I doing with data I access for my work? Is it accessible to others in my household?
- Are the devices and computers I’m using protected?
- Am I vulnerable to any compromise or attack?
- How can I also protect my personal space and maintain a separation from my working and personal life?
These are concerns privacy professionals’ asses every day as they are tasked with protecting the personal information of their organization, employees, and clients.
Many of us are now working in space we feel safe and comfortable in , such as our home office, living room or dining room. But even though you are working in a space that feels comfortable, it’s important to remember that it is no longer just your living space – it’s also a work environment that requires proper privacy safeguards.
When working from home, it’s important to be aware of your surroundings; what are the objects around you? What space are you occupying? Who are the people that are around you? When interacting with people in your home working space, you need to be aware of the level of visibility that they have into your workspace.
When participating in video calls, do a sweep through your area to check what’s visible and if you need to remove any sensitive materials from others’ view. You should also make sure the video conversation itself is secure – you don’t want anyone who is not privy to that discussion listening to what might be sensitive information.
It’s important to treat your home workspace like a typical office environment. And that means being aware of your surroundings; what’s sensitive, what’s personal, and what needs to remain out of view and inaccessible to others.
Want to learn more about Information and Privacy Protection? Keep an eye on this page, along with our social media accounts, as we release a new video each week covering a different topic! Below are a few of the discussion points to look forward to:
- Machines and Devices
- Data Usage
Machines and Devices
In addition to your physical working space, you need to make sure that your virtual working space is safe and secure. That means double-checking that your desktop, laptop, tablet or smartphone is fully equipped with the latest operating system, applications and anti-virus software. This may not be something you’ll need to fix yourself, but you should be posing these questions to your organization or manager. If you are self-employed, you should seek out a technical professional that can help you update your work devices.
You may also have digital folders on your device that contain sensitive data, such as personal, financial, health or proprietary information. These assets are considered sensitive to varying degrees and you need to have that awareness. Before engaging in any online video conferencing or screen sharing technologies, you should do a sweep to make sure no sensitive data on display. Be mindful of what others can see on your screen, know what you can share to others, and make sure it is properly protected.
The COVID-19 pandemic has accelerated pre-existing concerns that Canadians had about how data is used in their private lives and in the work environment. In Canada, there is now a renewed energy to look at the laws and regulations that protect Canadians in an individual and working context. PIPEDA (The Personal Information Protection and Electronic Documents Act), Canada’s national privacy law, will undergo a significant reform soon in parliament, as areas it does not address, such as employee privacy concerns, will be reexamined. Ontario is also considering its first-ever private sector privacy law instead of defaulting to PIPEDA. These new and reformed privacy laws are important developments for individuals and organizations to know and get involved in. They are important issues, and Canadians should have a voice in the outcomes.
Peter Kosmala is an instructor and Program Advisory Council member for the School of Continuing Studies Certificate in Information Privacy. Peter is a recognized thought leader in information privacy with 20 years of international experience as a former marketer, technologist, lobbyist and association leader and as a current consultant, educator and keynote speaker.
Peter helped grow the International Association of Privacy Professionals (IAPP) from a professional community to the world’s largest privacy association as its first Assistant Director and then as Vice President. He led the creation of the first professional certification in privacy, the IAPP’s Certified Information Privacy Professional (CIPP) in 2004 and launched the CIPP-Canada (CIPP/C) in 2006. Today, over 30,000 professionals globally hold one or more of the CIPP credentials which certify knowledge in privacy laws, standards and practices.
Peter helped to establish the Canadian office of the IAPP and the Canada Privacy Symposium, the flagship annual event held in Toronto since 2006. He has worked closely with practitioners, policy makers and regulators from around the world on privacy matters.
Peter’s roots are in digital media at WIRED magazine and Hotwired, one of the very first Web publishing sites. He also served as the first managing director of the Digital Advertising Alliance (DAA) and led the expansion of the “Your Ad Choices” consumer privacy preference program.
Peter has served in leadership roles at technology companies CMGI and dataxu (now Roku), trade associations the 4A’s, DAA and the NAI and ad agencies Wells Rich Greene BDDP and MVBMS Partners/EURO RSCG. He has represented industry in policy working groups and technical standards bodies such as the Trustworthy Accountability Group (TAG) and the World Wide Web Consortium (W3C). Presently, Peter advises clients on the digital media marketplace and the evolving regulatory environment for information privacy.
Are you a professional working in information technology, marketing or human resources, and are looking for a career upgrade? Or perhaps you just want to better understand privacy as a public policy issue? In either case, the new Certificate in Information Privacy may be the right program for you. Learn more about this innovative new program or register today.