CSA Q830-2003 Model Code for the Protection of Personal Information (Second Edition).pdf

上传人:appealoxygen216 文档编号:621598 上传时间:2018-12-21 格式:PDF 页数:25 大小:922.27KB
下载 相关 举报
CSA Q830-2003 Model Code for the Protection of Personal Information (Second Edition).pdf_第1页
第1页 / 共25页
CSA Q830-2003 Model Code for the Protection of Personal Information (Second Edition).pdf_第2页
第2页 / 共25页
CSA Q830-2003 Model Code for the Protection of Personal Information (Second Edition).pdf_第3页
第3页 / 共25页
CSA Q830-2003 Model Code for the Protection of Personal Information (Second Edition).pdf_第4页
第4页 / 共25页
CSA Q830-2003 Model Code for the Protection of Personal Information (Second Edition).pdf_第5页
第5页 / 共25页
点击查看更多>>
资源描述

1、Q830-03(reaffirmed 2014)Model Code for the Protection of Personal InformationLegal Notice for StandardsCanadian Standards Association (operating as “CSA Group”) develops standards through a consensus standards development process approved by the Standards Council of Canada. This process brings toget

2、her volunteers representing varied viewpoints and interests to achieve consensus and develop a standard. Although CSA Group administers the process and establishes rules to promote fairness in achieving consensus, it does not independently test, evaluate, or verify the content of standards.Disclaime

3、r and exclusion of liabilityThis document is provided without any representations, warranties, or conditions of any kind, express or implied, including, without limitation, implied warranties or conditions concerning this documents fitness for a particular purpose or use, its merchantability, or its

4、 non-infringement of any third partys intellectual property rights. CSA Group does not warrant the accuracy, completeness, or currency of any of the information published in this document. CSA Group makes no representations or warranties regarding this documents compliance with any applicable statut

5、e, rule, or regulation. IN NO EVENT SHALL CSA GROUP, ITS VOLUNTEERS, MEMBERS, SUBSIDIARIES, OR AFFILIATED COMPANIES, OR THEIR EMPLOYEES, DIRECTORS, OR OFFICERS, BE LIABLE FOR ANY DIRECT, INDIRECT, OR INCIDENTAL DAMAGES, INJURY, LOSS, COSTS, OR EXPENSES, HOWSOEVER CAUSED, INCLUDING BUT NOT LIMITED TO

6、 SPECIAL OR CONSEQUENTIAL DAMAGES, LOST REVENUE, BUSINESS INTERRUPTION, LOST OR DAMAGED DATA, OR ANY OTHER COMMERCIAL OR ECONOMIC LOSS, WHETHER BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR ANY OTHER THEORY OF LIABILITY, ARISING OUT OF OR RESULTING FROM ACCESS TO OR POSSESSION OR USE OF THIS DO

7、CUMENT, EVEN IF CSA GROUP HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, INJURY, LOSS, COSTS, OR EXPENSES.In publishing and making this document available, CSA Group is not undertaking to render professional or other services for or on behalf of any person or entity or to perform any duty owed

8、 by any person or entity to another person or entity. The information in this document is directed to those who have the appropriate degree of experience to use and apply its contents, and CSA Group accepts no responsibility whatsoever arising in any way from any and all use of or reliance on the in

9、formation contained in this document. CSA Group is a private not-for-profit company that publishes voluntary standards and related documents. CSA Group has no power, nor does it undertake, to enforce compliance with the contents of the standards or other documents it publishes. Intellectual property

10、 rights and ownershipAs between CSA Group and the users of this document (whether it be in printed or electronic form), CSA Group is the owner, or the authorized licensee, of all works contained herein that are protected by copyright, all trade-marks (except as otherwise noted to the contrary), and

11、all inventions and trade secrets that may be contained in this document, whether or not such inventions and trade secrets are protected by patents and applications for patents. Without limitation, the unauthorized use, modification, copying, or disclosure of this document may violate laws that prote

12、ct CSA Groups and/or others intellectual property and may give rise to a right in CSA Group and/or others to seek legal redress for such use, modification, copying, or disclosure. To the extent permitted by licence or by law, CSA Group reserves all intellectual property rights in this document.Paten

13、t rightsAttention is drawn to the possibility that some of the elements of this standard may be the subject of patent rights. CSA Group shall not be held responsible for identifying any or all such patent rights. Users of this standard are expressly advised that determination of the validity of any

14、such patent rights is entirely their own responsibility.Authorized use of this documentThis document is being provided by CSA Group for informational and non-commercial use only. The user of this document is authorized to do only the following:If this document is in electronic form:sLOADTHISDOCUMENT

15、ONTOACOMPUTERFORTHESOLEPURPOSEOFREVIEWINGITsSEARCHANDBROWSETHISDOCUMENTANDsPRINTTHISDOCUMENTIFITISIN0$ (b) provide an explanation of circumstances surrounding the actual field condition; and (c) be phrased where possible to permit a specific “yes” or “no” answer. Committee interpretations are proces

16、sed in accordance with the CSA Directives and guidelines governing standardization and are published in CSAs periodical Info Update, which is available on the CSA Web site at www.csa.ca. Q830-03 2003 CSA Group viii November 2003 Introduction Canada is part of a global economy based on the creation,

17、processing, and exchange of information. The technology underlying the information economy provides a number of benefits that improve the quality of our lives. This technology also gives rise to concerns about the protection of privacy rights and the individuals right to control the use and exchange

18、 of personal information. By implementing recognized fair-handling practices for personal information, organizations can materially demonstrate their commitment to the protection of personal information. Organizations should balance their need for personal information with an individuals desire for

19、a certain measure of anonymity. This document is a voluntary national standard for the protection of personal information. The Standard addresses two broad issues: the way organizations collect, use, disclose, and protect personal information; and the right of individuals to have access to personal

20、information about themselves, and, if necessary, to have the information corrected. Ten interrelated principles form the basis of the Standard. Each principle is accompanied by a commentary that elaborates on the principle. A workbook on the implementation of the principles is available to organizat

21、ions intending to adopt this Standard. Organizations will be able to tailor specific privacy codes using the workbook as a guide. This Standard will (a) provide principles for the management of personal information; (b) specify the minimum requirements for the adequate protection of personal informa

22、tion held by participating organizations; (c) make the Canadian public aware of how personal information should be protected; and (d) provide standards by which the international community can measure the protection of personal information in Canada. Canada committed itself to privacy protection in

23、1984 by signing the Organization for Economic Co-operation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. The OECD Guidelines (see Appendix A) were used as the basis for the development of this Standard. The protection of personal information i

24、s increasingly important at the international level. 2003 CSA Group Model Code for the Protection of Personal Information November 2003 ix Principles in Summary Ten interrelated principles form the basis of the CSA Model Code for the Protection of Personal Information. Each principle must be read in

25、 conjunction with the accompanying commentary. 1. Accountability An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organizations compliance with the following principles. 2. Identifying Purposes The

26、purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected. 3. Consent The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropri

27、ate. 4. Limiting Collection The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means. 5. Limiting Use, Disclosure, and Retention Personal information shall not be used o

28、r disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes. 6. Accuracy Personal information shall be as accurate, complet

29、e, and up-to-date as is necessary for the purposes for which it is to be used. 7. Safeguards Personal information shall be protected by security safeguards appropriate to the sensitivity of the information. 8. Openness An organization shall make readily available to individuals specific information

30、about its policies and practices relating to the management of personal information. 9. Individual Access Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able

31、to challenge the accuracy and completeness of the information and have it amended as appropriate. 10. Challenging Compliance An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization

32、s compliance. 2003 CSA Group Model Code for the Protection of Personal Information November 2003 1 Q830-03 Model Code for the Protection of Personal Information 1. Scope 1.1 This model code describes the minimum requirements for the protection of personal information. Any applicable legislation is t

33、o be considered in implementing these requirements. 1.2 This Standard may be applied to all personal information. Provided the minimum requirements are met, organizations may tailor this Standard to meet their specific circumstances. For example, policies and practices may vary, depending upon wheth

34、er the personal information relates to members, employees, customers, or other individuals. 1.3 The objective of this Standard is to assist organizations in developing and implementing policies and practices to be used when managing personal information. 2. Definitions 2.1 The following definitions

35、apply in this Standard: Collection the act of gathering, acquiring, or obtaining personal information from any source, including third parties, by any means. Consent voluntary agreement with what is being done or proposed. Note: Consent can be either express or implied. Express consent is given expl

36、icitly, either orally or in writing. Express consent is unequivocal and does not require any inference on the part of the organization seeking consent. Implied consent arises where consent may reasonably be inferred from the action or inaction of the individual. Disclosure making personal informatio

37、n available to others outside the organization. Organization a term used in the model code that includes associations, businesses, charitable organizations, clubs, government bodies, institutions, professional practices, and unions. Personal information information about an identifiable individual t

38、hat is recorded in any form. Use refers to the treatment and handling of personal information within an organization. Q830-03 2003 CSA Group 2 November 2003 3. General Requirements 3.1 The ten principles that make up this Standard are interrelated. Organizations adopting this Standard shall adhere t

39、o the ten principles as a whole. 3.1.1 Organizations may tailor this Standard to meet their particular circumstances by (a) defining how they subscribe to the ten principles; (b) developing an organization-specific code; and (c) modifying the commentary to provide organization-specific examples. 3.1

40、.2 Each of the principles is followed by a commentary on the principle. The commentaries are intended to help individuals and organizations understand the significance and the implications of the principles. Where there is also a note following a principle (see principles 3 and 9), it forms an integ

41、ral part of the principle. 3.1.3 Although the following clauses use prescriptive language (i.e., the word “shall” or “must”), this document is a voluntary standard. Should an organization choose to adopt the principles and general practices contained in this Standard, the clauses containing prescrip

42、tive language become requirements. The use of the word “should” indicates a recommendation. 4. Principles 4.1 Principle 1 Accountability An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization

43、s compliance with the following principles. 4.1.1 Accountability for the organizations compliance with the principles rests with the designated individual(s), even though other individuals within the organization may be responsible for the day-to- day collection and processing of personal informatio

44、n. In addition, other individuals within the organization may be delegated to act on behalf of the designated individual(s). 4.1.2 The identity of the individual(s) designated by the organization to oversee the organizations compliance with the principles shall be made known upon request. 4.1.3 An o

45、rganization is responsible for personal information in its possession or custody, including information that has been transferred to a third party for processing. The organization shall use contractual or other means to provide a comparable level of protection while the information is being processe

46、d by a third party. 2003 CSA Group Model Code for the Protection of Personal Information November 2003 3 4.1.4 Organizations shall implement policies and practices to give effect to the principles, including (a) implementing procedures to protect personal information; (b) establishing procedures to

47、receive and respond to complaints and inquiries; (c) training staff and communicating to staff information about the organizations policies and practices; and (d) developing information to explain the organizations policies and procedures. 4.2 Principle 2 Identifying Purposes The purposes for which

48、personal information is collected shall be identified by the organization at or before the time the information is collected. 4.2.1 The organization shall document the purposes for which personal information is collected in order to comply with the Openness principle (Clause 4.8) and the Individual

49、Access principle (Clause 4.9). 4.2.2 Identifying the purposes for which personal information is collected at or before the time of collection allows organizations to determine the information they need to collect to fulfil these purposes. The Limiting Collection principle (Clause 4.4) requires an organization to collect only that information necessary for the purposes that have

展开阅读全文
相关资源
猜你喜欢
  • ASTM D2392-1996(2011) Standard Test Method for Color Of Dyed Aviation Gasolines《着色航空汽油的颜色标准试验方法》.pdf ASTM D2392-1996(2011) Standard Test Method for Color Of Dyed Aviation Gasolines《着色航空汽油的颜色标准试验方法》.pdf
  • ASTM D2392-2015 Standard Test Method for Color of Dyed Aviation Gasolines《着色航空汽油的颜色的标准试验方法》.pdf ASTM D2392-2015 Standard Test Method for Color of Dyed Aviation Gasolines《着色航空汽油的颜色的标准试验方法》.pdf
  • ASTM D2394-2005 Standard Methods for Simulated Service Testing of Wood and Wood-Base Finish Flooring《木料和木质抛光地板材料模拟应用测试的标准试验方法》.pdf ASTM D2394-2005 Standard Methods for Simulated Service Testing of Wood and Wood-Base Finish Flooring《木料和木质抛光地板材料模拟应用测试的标准试验方法》.pdf
  • ASTM D2394-2005(2011) Standard Test Methods for Simulated Service Testing of Wood and Wood-Base Finish Flooring《木料和木质抛光地板材料的模拟应用试验的标准试验方法》.pdf ASTM D2394-2005(2011) Standard Test Methods for Simulated Service Testing of Wood and Wood-Base Finish Flooring《木料和木质抛光地板材料的模拟应用试验的标准试验方法》.pdf
  • ASTM D2394-2005e1 Standard Test Methods for Simulated Service Testing of Wood and Wood-Base Finish Flooring《木料和木质抛光地板材料的模拟应用试验的标准试验方法》.pdf ASTM D2394-2005e1 Standard Test Methods for Simulated Service Testing of Wood and Wood-Base Finish Flooring《木料和木质抛光地板材料的模拟应用试验的标准试验方法》.pdf
  • ASTM D2394-2017 Standard Test Methods for Simulated Service Testing of Wood and Wood-Based Finish Flooring《木制和木基饰面地板模拟服务试验的标准试验方法》.pdf ASTM D2394-2017 Standard Test Methods for Simulated Service Testing of Wood and Wood-Based Finish Flooring《木制和木基饰面地板模拟服务试验的标准试验方法》.pdf
  • ASTM D2395-2007a Standard Test Methods for Specific Gravity of Wood and Wood-Based Materials《木材和木基材料比重的标准试验方法》.pdf ASTM D2395-2007a Standard Test Methods for Specific Gravity of Wood and Wood-Based Materials《木材和木基材料比重的标准试验方法》.pdf
  • ASTM D2395-2007ae1 Standard Test Methods for Specific Gravity of Wood and Wood-Based Materials《木材和木基材料比重的标准试验方法》.pdf ASTM D2395-2007ae1 Standard Test Methods for Specific Gravity of Wood and Wood-Based Materials《木材和木基材料比重的标准试验方法》.pdf
  • ASTM D2395-2014 Standard Test Methods for Density and Specific Gravity &40 Relative Density&41 of Wood and Wood-Based Materials《木材和木基材料的密度和比重(相对密度)的标准试验方法》.pdf ASTM D2395-2014 Standard Test Methods for Density and Specific Gravity &40 Relative Density&41 of Wood and Wood-Based Materials《木材和木基材料的密度和比重(相对密度)的标准试验方法》.pdf
  • 相关搜索

    当前位置:首页 > 标准规范 > 国际标准 > 其他

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1