Eduplan Solutions Privacy management program
Welcome to Eduplan Solutions. In an attempt to ensure the best service possible, Eduplan has developed a privacy management program to ensure that its users’ data is safe, and their personal information are protected. Unlike some other services who access and hold on to personal information Eduplan Solution is dedicated to prioritizing its user’s safety. At Eduplan Solutions, protecting user’s privacy guides the way operations are structured.
​
The following document explains the operational structure adopted by Eduplan Solutions to protect its private data and the procedural framework adopted by Eduplan in case of potential data breach.
Confidentiality and protection of private data
Privacy of users’ private information is embedded in Eduplan Solutions company‘s philosophy. The principles of “Privacy by design” inspires the development and implementation of Eduplan Solutions products.
Why is data collected in the first place?
Service users often wonder why private data is collected by service providers. The following points will attempt to determine why the data is collected and how it is used by Eduplan Solutions:
-
Eduplan Solutions collects, stores and uses data for research and development purposes. The collection of data allows for the development of the artificial intelligence structure of Eduplan Solutions and better user experience;
-
Eduplan Solutions does not own user's private data collected, but retains ownership over the intellectual property resulting from the use of Eduplan Solution products. Eduplan users retain at all time possession of their personal information and will be given an opt-out option leading to the erasure or anonymization of private data once they no longer use the services of Eduplan Solutions.
-
Eduplan Solutions does not share, sell or use any private information collected from users for any purposes other than research and development and providing a better service. As such, Eduplan Solutions does not use, share or sell any information collected for advertising or marketing purposes.
Eduplan Solutions’ commitment
To ensure the highest level of privacy for its clients and users, Eduplan Solutions is committed to:
​
-
Prioritizing confidentiality and protection of private data in both the conception and design of the website and software;
-
Creating protocols that will keep users informed about how and where their data is used;
-
Establish and create easily accessible and understandable documents explaining collection and usage of private data. These documents will be crafted to reflect the concerns of clients and users regarding the security of private data;
-
Developing an opt-out solution which ensures the erasure or anonymization of previously collected personal information at the user's request.
How is your data protected?
Eduplan Solutions has developed and implemented safety protocols to ensure the protection of its user's private information. These protocols are explained in the following paragraphs:
​
Step #1 – Appointment of a privacy manager
​
​
The privacy manager is tasked with ensuring the implementation of protocols aimed at protecting the user's private data. The privacy manager plays a central role in upholding Eduplan Solutions' deontological goals and obligations. Some of the duties of the privacy manager include:
-
Providing each department of Eduplan Solutions with training relating to the implementation of privacy measures;
-
Implement an internal security protocol and an external structure to inform clients/users in the event of a data breach;
-
Chair a steering committee steering Eduplan Solution data protection structure and ensuring that "privacy by design" remains central of the company's ethos;
-
Ensuring that all Eduplan Solutions staff and associates sign a non-disclosure agreement, thus ensuring that user's data is protected from human errors;
-
Implement disciplinary measures to ensure a strict commitment to data privacy by the company staff and management.
​
Step #2 – Creating a Privacy Management Program
​
​
As part of its commitment to "Privacy by Design", Eduplan Solutions created a strong internal governance structure that helps foster a culture of privacy for user information. The program is briefly explained in the chapters below.
​
​
​
a. Inventory of personal information:
​
The first step of the program is a constant assessment of the data held by the company, where it is kept and how it is being used. Understanding and documenting the types of personal information collected by Eduplan Solutions is critically important as it allows for the determination of:
​
-
The amount of data held by the company;
-
A regular update of security protocols.
​
This assessment is the first step in an accountable and compliant privacy management program.
​
​
b. Creation of policies:
​
The second stage of the program focuses on the creation and implementation of internal policies. The policies include the following:
-
Policies defining standardized practices around collection, use and disclosure of personal information, including requirements for consent and notification;
-
Policies regarding to the access and correction of personal information by users;
-
Policies around retention and disposal of personal information;
-
Policies defining the responsible use of information, including technological security controls and appropriate access controls;
-
Policies relating to challenging compliance.
​
c. Creation of a risk assessment tool
Eduplan Solutions develops risk assessment tools to keep up with new privacy risks. the conduct of a semi-annual or annual privacy risk assessment has the following goals:
-
Ensure that all new products offered by Eduplan Solutions are aligned and compliant with applicable legislations;
-
Considering and vetting new products and actions from a privacy perspective to ensure the minimization of any negative privacy impacts.
​
​
d. Creation and Implementation of training and education requirements
​
To foster a strong and effective privacy culture, Eduplan Solutions employees follow a privacy protection program. Employees follow department-specific training to ensure that:
-
Privacy issues are flagged and identified in a faster and more effective manner;
-
Appropriate steps are taken faster;
-
Employees are more educated and aware of privacy risks.
These programs aim to encourage the development of products and services compliant with privacy law.
​
​
e. Creation of a violation and incident management protocol.
To ensure privacy protection, Eduplan Solutions has developed a breach and incident management as well as a protocol for response procedures. The breach management protocol is a collaborative effort between all departments of Eduplan Solutions. The plan will be discussed briefly in the following chapters.
​
Definition: A breach of security safeguard occurs when there is loss of or unauthorized access to personal information.
​
Aligned with the demands of the Canadian government as stated in the "Personal Information Protection and Electronic Documents Act (PIPEDA)", Eduplan Solutions will implement the following mandatory steps in case of a breach of security:
​
​
In the event of a breach:
​
When informed of a breach, the following steps are taken:
1. Any breach of security safeguard that poses any risk of significant harms to the users is reported in writing to the OPC. The report includes the following elements:
-
A description of the circumstances of the breach and its cause (if known);
-
Where and when the breach occurred;
-
A description of the personal information that was the subject of the breach;
-
The approximate number of individuals that have been affected by the breach;
-
Steps the organization is taking to reduce any risk of harm;
-
The name and coordinate of the privacy manager.
​
2. Notify the affected individuals and relevant third parties of the breach that might have any risk of significant harm. This notification will contain the following elements:
​
-
The circumstances and time of the breach;
-
What information was leaked or lost in the breach;
-
What steps are Eduplan Solutions taking to reduce the risks of harm;
-
Steps the affected person can take to reduce the risks of harm;
-
The email address to reach out to in case of questions or concerns.
​
3. A detailed record of all breaches will be kept, regardless of the potential harm from the data breach. The record will include the following elements:
​
-
Assessment of the risks of harm;
-
A detailed record for OPC records;
-
The nature and sensitivity of the breach;
-
Information about the probability of personal information being misused.
​
Step #3 - Assessment of third-party provider safety
​
The development of a strong privacy management program requires considering all places where private information are held. Eduplan solutions wants to ensure that proper process are in place in third-party collaborators to protect personal information. Eduplan will be taking in consideration whether the information is leaving the country and what the policy surrounding privacy are in a foreign country.
​
More information can be found in the OPC's directive for the processing of personal data across borders.
​
These considerations are part of assessing risk. Privacy requirements for service providers should include the following:
-
Privacy provisions in contracts. Eduplan Solutions will include contractual conditions which will bind the service providers to Eduplan Solutions’ privacy policies and protocols and will be requiring that these third parties notify the organization in case of a breach;
-
Eduplan will be providing training and education for all service provider employees that may have access to personal information;
-
Audit and agreements with service provider stating that they will comply with the company private policy and protocol.