Keeping pace with privacy issues is critical to the Office of the Privacy Commissioner of Canada (OPC), an organization whose mandate is to protect and promote the privacy rights of Canadians. The Commissioner has the power to investigate complaints, conduct audits and pursue legal action under two federal laws: the Privacy Act, and the Personal Information Protection and Electronic Documents Act (PIPEDA). With the landscape constantly evolving, it takes effort to stay on top of current privacy concerns. In order to meet this challenge, the OPC partnered with the IAPP for assistance with training its staff. The OPC now boasts 48 IAPP-trained professionals throughout the organization.
Increase Employee Knowledge of Privacy Practices and Principles
In order to better serve their clients, employees at the OPC are supported in the development of their knowledge of personal information protection issues through a variety of different formal and informal training opportunities.
Annually, the OPC conducts a process in which employees set objectives and identify training needs related to those objectives. According to Maureen Munhall, Director of Human Resources at the OPC, “In reviewing the results of the learning plans this year, we noted a common element: the need for ongoing privacy training.”
The OPC approached Kris Klein, CIPP/C, Managing Director of IAPP Canada, to see how it could help respond to that need. The end goal was to further expand OPC employees’ knowledge of the Privacy Act and PIPEDA principles to help them in their day-to-day responsibilities. In addition, the OPC sought perspective on how privacy issues are being handled globally.
On-site Training Tailored Specifically to OPC Staff Needs
The OPC worked with the IAPP to provide training targeted to the specific needs of OPC privacy professionals. The OPC staff members had great interest in taking part in the training according to Munhall. Participants included staff members that were new to the OPC and the field of privacy, as well as employees that were more familiar with the subject. The IAPP conducted two on-site sessions, delivering both the Certification Foundation training and a Canada-specific training course based on the body of knowledge for the Certified Information Privacy Professional/Canada (CIPP/C).
According to Munhall, by centering the training sessions on the areas of concern that were specific to the OPC, the conversations that ensued were “a focused discussion”.
Participants were also provided the opportunity to go on to test for their (CIPP/C) designation.
Better Understanding of Privacy from Both a National and International Perspective
Munhall says the IAPP training and certification testing “has been a very positive experience; it is one of many ways we approach development of our staff at the OPC.”
The training that was specific to Canada provided experienced employees with a broader view of what is happening in the privacy industry, and also benefited recent hires “because some of the participants were newer to the organization and it was a bit of a 101 course in privacy,” explains Munhall. “The Foundation training provided them with information they need to know about how privacy is being looked at from an international or global perspective.”
Munhall adds that a member of her Human Resources staff, who is new to the organization, took part in the training and gained a “foundational background on the different aspects of privacy that shape how we do things in the federal government as well as a better perspective of how privacy touches on all aspects of his work here.”
Jennifer Stoddart, Privacy Commissioner of Canada says, “The feedback I have received from employees about the training has been excellent. This training provided staff with an excellent opportunity to further increase their knowledge of privacy practices and principles. The training was particularly helpful in that it was targeted to the specific needs of OPC privacy professionals.”
Continued Education to Help Plan for Future Training
The OPC is committed to ongoing education in the privacy arena. “Commissioner Stoddart is very supportive of staff development and continuous learning and there’s a great emphasis put on participation in various types of learning events,” says Munhall.
In an effort to keep pace with privacy trends, the OPC plans to continue having staff members attend IAPP conferences in Washington, DC and Toronto, in addition to other important conferences and learning opportunities.
There is an ongoing renewal of employees attending conferences so that individuals throughout the organization can benefit from additional education. Munhall says that through participation in training sessions and conferences, “employees continue to gain exposure to privacy issues, which will help to guide them in their training plans for the fiscal year.”