Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Newfoundland and Labrador: OIPC releases guidance on email communications
The Office of the Information and Privacy Commissioner of Newfoundland and Labrador ('OIPC') released, on 26 and 27 February 2018, guidance ('the Guidance') and quick tips ('the Quick Tips') respectively, on the use of email communications by health custodians. The Guidance outlines steps that health custodians should take to protect personal health information under its control from theft, loss, unauthorised access and disclosure and other data breaches, as required by Section 15 of the Personal Health Information Act (SNL., 2008, c-P.7.01).
According to the OIPC, custodians should consider carrying out privacy impact assessments on the use of email communications; develop policies and procedures detailing when and to whom personal health information can be sent by email; and consider employee training. Additionally, the OIPC recommends introducing certain data minimisation and security safeguards, including limiting the information sent to only what is necessary; and details the information to be included in the requisite notice in the event of a data breach.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
