BU451 Lecture Notes - Lecture 10: Only Time, Reasonable Person, Phishing
Document Summary
Info generated electronically by either the organization or the individual. What about email sent from work, inbox. There must be an expressly identified work related purpose for its collection. This purpose must be reasonable: necessary to meet a need, effective at meeting need, proportional, least privacy invasive way to meet need, this purpose must be communicated to the owner prior to collection. With meaningful express consent: e(cid:454): ti(cid:272)ket(cid:373)aster, ho(cid:449) the(cid:455) ha(cid:448)e a ti(cid:373)er (cid:271)efore (cid:455)our seats (cid:271)e(cid:272)o(cid:373)e u(cid:374)reser(cid:448)ed . This is not meaningful: they need to give you enough time for privacy. After disclosure of purpose: only time consent is going to work. Some exceptions where non-consensual collection is acceptable s. 7 (p. 775) Only for the purpose it was collected. Internal policies and procedures about the collection, use, storage, access, distribution and destruction of personal information. It must allow for a process to complain, check accuracy, challenge release. It must designate an individual to monitor policy.