You are now in the main content area

Risk Assessments: When and How to Get Privacy Advice

Purpose

  • Explain when and why to contact our office for risk management advice

  • Our services include:
    • Information Access and Privacy
    • Legal Services
    • Records Management

Risk Assessment "Wheel"

  • Project Lead (you) is the “Hub” of the wheel
  • Risk Assessors as well as other stakeholders are “Spokes” of the wheel
Risk Assessment Wheel

Role:

  • PL is the employee or “Hub” of the wheel who is responsible for leading or managing the project

  • PL coordinates communications between all the “Spokes” including:

    • Risk assessors, decision makers, other advisors as well as vendors

  • Manages official project records

  • Ensures compliance with Ryerson policies

Role:

  • Approves the project

  • PL usually reports to the decision maker

  • Decides whether to accept risk assessors’ recommendations regarding identified risks

Role:

  • Provides advice and recommendations related to:

    • Protecting personal information and compliance with privacy legislation

    • Maintaining records including managing the life cycle of records and information from creation to disposition

    • May advise on compliance with University Administrative Policies

Timing:

  • PL contacts the Privacy Office while drafting the business requirements and before going to the market for a vendor solution

Role:

  • Provides advice and assists PL with navigating the procurement process as well as advises on financial risks

  • For Contracts over $25,000, Purchasing coordinates with Legal Services as well as other advisors and potential suppliers during the procurement process

Timing:

  • PL contacts Purchasing while/after completing the business requirements and prior to going to the market for a vendor solution

Role:

  • Provides advice and assists PL with navigating the insurance requirements

Timing:

  • PL contacts Insurance while completing the business requirements and prior to going to the market for a vendor solution

Role:

  • Provides advice and recommendations related to information systems security risks

Timing:

  • PL contacts CISO while drafting the business requirements and before going to the market for a vendor solution

Role:

  • Provides advice for information technology projects and service planning

  • Reviews IT Funding Applications for budget reallocation requests

Timing:

  • PL contacts CCS/IT while drafting the business requirements and before going to the market for a vendor solution