Privacy Management Program
For a number of years, Vancouver Airport Authority has had comprehensive policies and protocols aimed at complying with the applicable laws relating to private information belonging to our employees, our passengers and our business partners. As a private federal organization, Vancouver Airport Authority is subject to federal privacy legislation, specifically the Personal Information Protection & Electronic Documents Act. We care strongly about upholding privacy laws—this is in keeping with our corporate values of trust and accountability. Privacy matters are overseen by our Vice President Legal, in her capacity as Privacy Officer, as well as a Privacy Committee comprised of the Privacy Officer, Vice President Human Resources and Supply Management, Vice President Operations and Maintenance and Vice President Information Technology and Chief Digital Officer.
Throughout 2017, we continued to build on the strong existing foundation, developing an expanded framework for our Privacy Management Program with the goal of making it even more robust and comprehensive. Some of the elements of the expanded Privacy Management Program are as follows:
- Cyber Security/Privacy Team—recognizing that privacy and cyber security go hand-in-hand, we have put together a cross-departmental team (Legal, IT, Operations/Security, Communications, HR) to respond to privacy breaches, to be supported by external legal counsel.
- Data-Mapping—in order to understand the information life cycle for each type of personal information that we collect, we are applying a data-mapping approach to proactively answer questions about the personal data we are entrusted with safeguarding.
- Incident Response Plan—in the event of a privacy breach, we would immediately engage the Cyber Security/Privacy Team to contain the breach, evaluate the risks of the breach with reference to our applicable data-mapping, notify appropriate individuals and if necessary the Canadian Privacy Commissioner and affected customers or employees and mitigate the immediate breach.
- Training and Testing—we developed mandatory privacy and cyber awareness training computer modules and rolled them out to employees in summer 2017. The training is available to new employees at the beginning of their employment and on an annual basis for all other employees.