Last week my colleagues Amy Tibble and Frank Cesario and I presented to a group of in-house counsel on a selection of pressing issues related to information management and privacy. Our three take-away messages were:
- You should take control of the “zone of privacy” on sensitive legal matters by issuing a communication protocol. Beware of over reaching.
- You have a leadership role to play in causing your organization to better manage the risks associated with data loss. The messages about internal responsibility recently made by the IPC/Ontario are relevant to most organizations given the increased prevalence of data loss class action claims.
- We need to help arbitrators draw a better distinction between the role of an occupational health department and the role of an employee health care provider. The key risk relates to safety-related accountability for information held by employers and not assessed or acted upon based on perceived privacy restrictions.
Here are our slides. I hope the slides and these notes help generate some ideas.