Home

Privacy & Information Management

Privacy

The increasing risk of privacy breaches can impact the planning, design and implementation of the digital services that support our world, and myriad of local, national and sector-specific privacy laws can be complex and highly nuanced to apply. We help our clients understand, plan for and make informed decisions about the privacy risks they face every day. These decisions determine an organization’s risk posture, regulatory compliance, stakeholder trust and confidence and strategy for the years ahead. We provide expert guidance and leadership to navigate these foundational decisions.

Core Services:

  • Privacy Impact Assessments (PIAs): Using a privacy-by-design approach, completing a PIA can help to identify and mitigate potential privacy risks associated with your new program, project or system before launch, and to ensure compliance with privacy laws and regulations from the onset. Mara consultants are leading experts in completing PIAs for both public and private sector organizations, having led hundreds of PIAs that are completely customized to our clients’ needs.
  • Privacy Gap Analysis & Privacy Maturity Assessments: Trust Mara to review and analyze your current practices for handling personal information to help identify if current practices are unknowingly exposing the organization to privacy/​legal risks, and to assess compliance with provincial and federal privacy legislation. We can complete a health check of your privacy program and an assessment of overall privacy program maturity, with actionable recommendations to bring your organization in line with best practices.
  • Privacy Management Programs: Privacy management programs are a structured approach to managing privacy obligations, encompassing current policies, procedures, risk management tools and training customized to meet your needs. Mara can help you demonstrate accountability for privacy to your stakeholders through development of a comprehensive privacy program.
  • Privacy Officer as a Service: Mara can provide expert guidance and support on demand for your Privacy Officer or outsourcing of privacy compliance obligations without the need for a full-time hire. Let us help with privacy breach response, training for your privacy officer, drafting policies, procedures, and notices, and any other aspects of your privacy management program.


Access to Information

Access to Information (ATI) is a foundational part of the Canadian democratic system. Yet meeting the requirements of ATI laws can be a challenge for public bodies, especially when ATI talent is tough to find, and budgets are tight. The peaks and valleys of incoming requests can feel impossible to plan and manage, especially when large or complex requests arrive unexpectedly. Mara offers a full-service team of experienced ATI professionals available to help you navigate a complex sea of rules and jump in at a moment’s notice at any stage in the process to ensure your requests are completed efficiently, effectively and to legislated standards.

Core services:

  • ATI request processing, coaching and advisory: Mara can provide end to end processing of complex access requests from initial receipt to OIPC review, or we can lend support at any stage of the access request process. Mara’s team of experts will ensure legislated standards and deadlines are met while supporting your ATI team either as behind the scenes coaches or directly communicating with stakeholders and applicants. 
  • ATI program review or development: Our team can review and assess your ATI program, providing recommendations for improvement, or we can work with you to develop a structured ATI program inclusive of the policies and procedures, tools, templates and training you need to tackle compliance obligations head on. 
  • Training: Access-by-design helps ensure that risks are mitigated, consistent approaches are applied, and standards are maintained. We offer fully customizable training options for your ATI team, management, or all staff to help support ATI program development, administration, and leadership.


Records and Information Management

Records and information management (RIM) is an integral component of any organization’s operations. An effective RIM program helps manage information throughout its lifecycle, from creation or receipt through to disposition, and is essential to improving efficiency, reducing organizational risk and ensuring legal compliance.

Core Services:

  • Policies: The development, implementation, and adherence to RIM policies is key for supporting and demonstrating compliance. Mara can help develop policies that ensure the effective and appropriate governance of your records and information, setting expectations and clearly defining roles and responsibilities for its management within your organization. 

  • Inventories and Classification: Understanding what records you maintain, where they are stored and who has access within your organization is key to managing organizational records and information. Records classification schemes (taxonomies) further support this understanding by organizing similar record types together based on the different business areas of your organization. 
  • Retention Schedules: Defining and implementing retention periods for your organization’s records and relevant information holdings (e.g., personal information) is essential for reducing organizational risk. Having a retention schedule in place is also key to ensuring compliance. We help our clients understand the multitude of legal, regulatory, and business requirements that feed the development, implementation, and ongoing maintenance of a retention schedule customized to the needs of your organization. 
  • Training: We offer fully customizable training options for your team to help support RIM program development, administration, and leadership.