Countries with privacy legislation use a variety of enforcement mechanisms that are constantly evolving.\u00a0\u00a0For some, a Privacy Regulator is appointed.\u00a0\u00a0For others, there are civil and \/ or criminal penalties\u00a0(Baker & McKenzie & International Association of Privacy Professionals, 2012).\u00a0\u00a0For example, in Canada the Office of the Privacy Commissioner \/ Ontario was enacted under the provincial privacy legislation.\u00a0\u00a0In Hong Kong, there are criminal penalties for direct marketing.\u00a0\u00a0\u00a0\u00a0<\/p>\n\n\n\n
In order to comply with legislation, named organizations create a variety of policies, standards and procedures.\u00a0\u00a0In some countries, the legislation specifies the need for a Chief Privacy Officer (CPO) role such as Canada\u2019s\u00a0Personal Information Protection and Electronic Documents Act\u00a0<\/em>(PIPEDA) section 4.1.\u00a0\u00a0<\/p>\n\n\n\n In other organizations, privacy is part of another group (security, compliance or legal for example).\u00a0\u00a0Organizational policies are typically managed through traditional program management procedures that are not specific to privacy; for example, accountable person, budget assigned, a program of regular training and awareness (American Institute of Certified Public Accountants, Generally Accepted Privacy Principles).\u00a0\u00a0\u00a0<\/p>\n\n\n\n Together, these activities make up a privacy management program run by the CPO (or equivalent).\u00a0\u00a0Once the program is up and running, there are several mechanisms that may be used to evaluate not only the efficacy of the day-to-day operations but also identify any new potential privacy impacts to data subjects (as required under legislation).\u00a0\u00a0<\/p>\n\n\n\n Typically, a data subject would have no visibility or transparency to organizational privacy practices unless required by legislation. Data subjects face an increasingly complex computational environment that they must negotiate in order to adequately protect themselves.\u00a0 In parallel, both Government and private sector organizations face increased external scrutiny from the press and regulatory bodies around the world. \u00a0<\/p>\n\n\n\n While there are some technical and policy solutions, to date there is no codified and \/ or institutionalized mechanism for representing privacy to a data subject.<\/p>\n","protected":false},"excerpt":{"rendered":" Countries with privacy legislation use a variety of enforcement mechanisms that are constantly evolving.\u00a0\u00a0For some, a Privacy Regulator is appointed.\u00a0\u00a0For others, there are civil and \/ or criminal penalties\u00a0(Baker & McKenzie & International Association of Privacy Professionals, 2012).\u00a0\u00a0For example, in Canada the Office of the Privacy Commissioner \/ Ontario was enacted under the provincial privacy … <\/p>\n