Script #1 (8 Minutes)
[Intro]
Hello, Team Brookfield! Welcome to our new training video on Data Privacy. As company
employees, we must understand how to appropriately handle people's personal information.
Over the next few minutes, we will go over what data privacy means, your role in protecting
people's privacy, and the steps we take as a company to safeguard data. So, Let's get started!
[What is Data Privacy?]
To begin, what exactly is data privacy? Data privacy revolves around personal data—how it's
gathered and utilized and individuals' rights over it. It's governed by policies and procedures to
ensure that sensitive information is handled responsibly.
[Why is Privacy Matter?]
There are a few key reasons why data privacy is so critical. First and foremost, it's the law. With
regulations like those in California, Virginia, Utah, Colorado, and Connecticut, compliance is
essential. Regulators at the state and federal levels are actively enforcing these laws, which
means non-compliance can lead to hefty fines and reputational damage.
[Compliance Risk: Fines, Penalties, and More]
Speaking of fines and penalties, non-compliance can result in significant financial consequences
and even class-action lawsuits. More importantly, it can erode the trust of our stakeholders,
both internal and external.
[What is Personal Data?]
When it comes to data privacy, it's important to understand what exactly qualifies as personal
data. Personal data is any information that identifies, relates to, or could reasonably be linked
with an individual or household. This includes apparent identifiers like names and Social
Security numbers. But it also encompasses email addresses, IP addresses, device or advertising
identifiers, and any other data point that could reasonably connect with a specific person.
Personal data also includes inferences from people's usage patterns or behaviors online and in
applications. Even data that has been anonymized, meaning no direct identifiers are attached,
could potentially still be identifiable if combined with other sources of information. Visual or
audio data like photos, videos, and voice recordings also qualify as personal data.
[What is Sensitive Personal Data?]
While all personal data deserves protection, some categories are more private and require even
higher security. We refer to these types of information as sensitive personal data. Sensitive
data warrants extra safeguarding due to the heightened risks individuals may face if improperly
accessed or disclosed.
Some common examples of sensitive personal data include social security numbers, driver's
licenses, passport details, or other government IDs. Financial information like debit and credit
card numbers combined with security codes can also be sensitive. Other types of sensitive data
relate to an individual's biometric information, medical history and health conditions, racial or
ethnic origin, religious beliefs, sexual orientation, union memberships, and more.
Geolocation data and contents of personal communications like emails and text messages
typically delivered to the individual are also considered sensitive when they identify a person.
Even inferences drawn from non-sensitive data could reveal sensitive personal traits about an
individual. Any data relating to known children under 16 also requires sensitive handling.
[What is Not Personal Data?]
While most information about individuals typically qualifies as personal data, some exceptions
exist.
Aggregate or statistical data is considered non-personal when it relates to groups or categories
of consumers rather than a single individual. For example, presenting the average age range of
recreational users on a website would be aggregate data.
De-identified data also falls outside the scope of personal data as long as all identifiers have
been removed and the data cannot be reasonably linked back to a specific person. Companies
using de-identified data must have technical and procedural safeguards to prevent reidentification.
Anonymization is less clearly defined but aims to strip data of personal identifiers irreversibly.
Here at Brookfield, we take a cautious approach and still consider some anonymized data
potentially identifiable until proven otherwise.
[Whose Personal Data?]
Regarding data privacy at our organization, we must consider several categories of individuals
whose information requires protection.
First and foremost are consumers - the customers and clients we interact with each day. This
includes individuals under lease agreements for lands, stakeholders in the communities where
we operate, members of the public who use recreation areas, and users of our online assets.
We also must respect the privacy of our employees, whether they be full-time staff or
contractors working with us. Any data relating to an individual employee, like HR files or
electronic badge access records, is also subject to privacy rules.
And finally, we may process the personal details of business contacts - people at other
companies who communicate with us regarding commercial relationships or service providers.
Partner employee data shared with us must be treated privately as well.
[What Does the Law Require?]
Privacy laws establish clear rights for individuals in handling their personal data. There are
several vital rights the law provides people with control and transparency regarding their
information.
● Firstly, individuals have the right to know what personal data an organization processes
about them. This includes accessing copies of their data upon request.
● People also have the right to correct any inaccurate or incomplete personal information
an entity may store. Additionally, individuals can require companies to delete their
personal data in certain situations.
● The law also mandates providing a portable copy of a person's data in a usable format
to allow them to transfer it to other service providers.
● Consumers can opt out of having their data sold to third parties for targeted advertising
or behavioral profiling across multiple contexts on websites or apps.
● They also can prohibit solely automated decision-making that produces significant
impacts based on personal data analyses.
● Extra restrictions apply to collecting and using sensitive personal data like health
conditions without clear consent.
● Ensuring we uphold these legal individual rights is fundamental to our compliance
responsibilities.
[What States Have Privacy Laws?]
While privacy regulations exist on the federal level, in recent years, many states have enacted
comprehensive consumer data protection laws. Currently, some of the states with the strictest
privacy statutes include:
● California
○ California Consumer Privacy Act (CCPA)
○ Amendments from the California Privacy Rights Act (CPRA)
○ Regulations
● Virginia
○ Virginia Consumer Data Protection Act (VCDPA)
● Colorado
○ Colorado Privacy Act (ColoPA)
○ Regulations
● Connecticut
○ Connecticut Data Privacy Act (CDPA)
● Utah
○ Utah Consumer Privacy Act (UCPA)
Given the momentum of these state laws, we can expect to see even more states like Iowa,
Indiana, Tennessee, Montana, Florida, Texas, Oregon, etc., introduce bills to safeguard citizens.
[How People Can Submit their Requests?]
If individuals want to exercise their rights under these laws, they can do so through various
channels, such as:
● Email: Privacy@BrookfieldRenewable.com
● Online form: Link provided
● Phone: +1 844-749-2387
[What You Can Do to Help]
As members of the Brookfield Renewable team, we play an important role in protecting
personal information. Here are some ways you can help:
●
●
●
●
Keep privacy in mind, and only collect the information you need.
Delete/remove personal information if you no longer need it.
If you see something, say something.
Reach out with questions and ask for help.
[What You Can Do]
When working with personal information, ask yourself:
●
●
●
●
●
●
What personal data do we need to achieve our goals?
Will the project involve sensitive data?
How are we collecting personal data?
How are we using this data, and who are we sharing it with?
How long do we need to keep the personal data?
Do we need to honor privacy rights requests from individuals?
[Closing]
Congratulations on completing this detailed training video on Data Privacy. For any other
privacy-related questions, please contact privacy@brookfieldrenewable.com.
You can also view Brookfield Renewable's internal data protection policies at:
https://brookfieldrenewable.sharepoint.com/sites/USAPolicies#