Home
200 Point Fraud Alert
Fraud Prevention
FREE Resources
Asset Protection
Privacy Law Compliance
How We Are Unique
They Never Saw It Coming!
Contact Us
E-Newsletter Subscription
CFSC / OHEP Course Inform
test
Privacy Law Compliance

 

If you are a business owner or manager who believes your organization’s privacy program is functioning just fine, this is for you.  

Minor flaws in your program can result in incidents that lead to a requirement for public apologies, potential lawsuits and possible litigation by victims against you personally.

We are specialists in privacy programs and asset protection.  We do something unique in our industry: we analyze your privacy program, identify errors and omissions and help you rectify them.  Further, to prevent new ones from arising we provide a Contract Privacy Officer (CPO) service for a small monthly fee.  This gives you peace of mind while relieving you and your employees of the burden of managing the program.


The 10 Most Common Problems With Privacy Programs …
 And How Lyndon Conrad Overcomes Them All

1. Inadequate Protection Of Sensitive Private Information: In 2003, over 13,000 people in Canada were victims of identity theft costing businesses, banks, stores and credit card companies over $2.5 billion. A popular source of stolen information was in the possession of organizations that didn’t adequately protect it. The Privacy Act requires that personal information be protected “against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification.” This applies to information in any format. Our unique “DataFlow Mapping System©” traces all personal information items from origin to deletion.  The result is a summary of vulnerabilities. Our security management expertise uniquely qualifies us to reduce your exposure and recommend cost effective ways to protect your information assets.


2. Collection Of Private Information Not Specifically Required: Personal information may enter the organization in ways less obvious than paper documents or electronic files.  For example, images captured on security cameras or anything containing human DNA is considered personal information and must be protected. Collecting unnecessary data increases your exposure. Our “DataFlow Mapping©” system will expose these problems and reduce the risk to your organization.

3. Believing A Policy Statement Is The Same As A Program:  A common misconception business owners and mangers have is that posting a privacy policy on the web site is enough to comply with the Privacy Act. If you copied a generic privacy policy and selected the most expendable person to be your privacy officer, you may be at risk. The privacy program has to be customized to your business.   The Privacy Officer is accountable for violations arising from lack of compliance and for the consequences, regardless of whose job it is to collect or protect the data.  See our “Privacy Law Compliance Checklist©” to see if you’ve overlooked any of the key points that pertain to your organization.

4. Lack Of Testing To Ensure Your Program Is Robust:  Your Lyndon Conrad CPO’s responsibility is to test and monitor your Privacy Program on a regular basis.  We use a variety of methods to attempt to breach the security to test its sturdiness.  See the attached Vulnerabilities And Threats Checklist©.  All test results are submitted to you in a report card with recommendations for change if any are needed.

5. Lack Of Focus:  Dedicated employees who concentrate on their primary tasks simply cannot give your privacy program all the attention it requires to maintain compliance to avoid potential pitfalls. Your Lyndon Conrad CPO’s contractual obligations are to follow through to make sure recommendations are implemented and to monitor the program on an ongoing basis.  Using our “Status Change Form©”, your business is reviewed monthly for changes that may bring about the need for adjustments to your privacy program.  Even if your business never changes, the privacy laws may.  We monitor cases of privacy violations and make appropriate modifications to our client’s privacy programs as required.

6. Using A Lawyer Or Accountant To Implement Your Privacy Program:  They are experts at interpreting law or finances but most have little or no experience in security and fraud prevention.  The law requires that appropriate safeguards are used to prevent unauthorized access to personal information. Our service includes a comprehensive security review and risk analysis to identify and fix weaknesses that may expose your organization’s assets.  Lawyers and accountants without CPP or CFE designations may not be qualified to provide these services.

7. Employees Lack Education about Your Privacy Program:  Once we’ve analyzed your privacy program and rectified problems, your Lyndon Conrad CPO will provide initial training and review sessions for all employees who have access to private information.  See the attached training agenda for details of what they will learn.

8. Privacy Complaints Are Mishandled or Ignored: Your Lyndon Conrad CPO is responsible to ensure any requests or complaints regarding private information are promptly and properly addressed.  To efficiently comply with requests or complaints, we create a privacy program complete with forms and processes customized for your organization.

9. Failure to destroy private information: One overlooked privacy issue in most organizations is unnecessary data storage.  The law requires all personal information be destroyed or rendering anonymous when no longer required for the purpose it was initially collected.  Using our Dataflow Mapping System© your Lyndon Conrad CPO will insure that information is properly and securely disposed of to protect the organization.


10. Believing That Complying With The Law Is Only A Cost With No Benefit Earning a customer's trust and confidence through enhanced privacy practices supports long-term profitable customer relationships.  A recent Ponemon Institute study indicated that consumers are more willing to share personal information with organizations that scored high in areas that measured trust and confidence about collecting and storing personal information.  This resulted in higher conversion rates, lower cost of acquisition and higher margins.  Lyndon Conrad can work with you to include references to your Privacy Program in your marketing messages.


We Have Created What We Consider To Be The Perfect, Outsourced Privacy Program For Any Type Of Business...
Take 60 Seconds To See If You Agree

The Problem:
• If a breach were to occur in your organization, morale drops and employees loose faith in management.  When they fear instability, valued employees seek employment elsewhere.
• If the Privacy Commissioner of Canada imposes a requirement for public apology, revenues from your customers decline as they hear the news and spread the word about the risk of dealing with your organization. The cost of managing these crises can pay for a properly implemented privacy program many times over.
• You could face civil legal action should a privacy breach cause harm to the information owners.  In addition to the cost to defend against the action, your organization’s reputation will take a beating.  If you are accountable to governing bodies, there could be license suspensions or other penalties.

The Solution:
• Because your Privacy Program (instead of just a policy) will be implemented and continually maintained by a focused professional, you will have minimized the risk of an incident and associated consequences by becoming fully compliant with the law.
• When you engage a Lyndon Conrad CPO we take the responsibility of dealing with any and all audits or investigations – just like your accountant handling your tax audit, except we don’t charge you extra for this service.  Again, you and your employees remain free to focus on your priorities.
• At Lyndon Conrad we give you the option of working with us on a month to month basis or receive a discount for annual payments.  
• Typically, the man-hours you’ll save each month by using a Lyndon Conrad CPO, instead of your own employees to manage the program, will easily pay for the monthly fee.  This allows you and your staff more time to focus on the priorities of growing your business instead of managing it.

  
Download our FREE Information and Discover For Yourself How You Too Can Have A Rock Solid Privacy Program And Save A Fortune By Having Us Administer It For You.

Yes, we want your business, but at the same time, we don’t expect you to make any kind of decision based on the merits of this statement.  At Lyndon Conrad, we realize that outsourcing your Privacy Officer may be a big step for you.

That’s why I want to send you our FREE GUIDE “How To Select A Contract Privacy Officer And 10 Items To Demand Of Their Service Agreement” so you can decide for yourself.  It will give you little known information about privacy laws, a means to evaluate your privacy program and how to assess a Privacy Officer.  Get it from our FREE Resources section now,  even if you are just thinking of trying to find a better way to manage your privacy program.  We’re committed to informing you of all the characteristics to insist upon and the pitfalls to watch out for when evaluating a CPO.  Even if we never do business, the information in the guide could save you from going through the turmoil, frustration and embarrassment that many organizations in recent news have experienced.

© Lyndon Conrad 2008