Personal Information Protection

HR: EMP11 – Personal Information Protection
Originated: Sep. 2007
Review: Sep. 2020
Revised:
Approved: Sep. 2020

Answer

POLICY:

The Library Board will require that all personal information be kept in strict confidence, not to be released without appropriate authorization and in compliance with legislation.

PURPOSE:

The Library Board is committed to protecting the privacy of its employees, library members and confidential business information, ensuring legislative standards are met. This policy applies to all staff and volunteers of the organization.

PROCEDURE - Employees

  1. Employees are obligated to ensure that personal information to which they may have access remains confidential, is only used for the purposes for which it was collected, is not disclosed without authorization, or used for personal gain.

  1. Employees are required to follow all procedures regarding collection, use and disclosure of personal information as set out in this policy.

  1. Employees who disclose personal information, contrary to this policy will be subject to disciplinary measures, up to and including discharge for cause.

  1. The Library Director is accountable for implementation of this policy. Any issues or questions should be directed to the Library Director.

PROCEDURE: Employee Records:

  1. Employee records will contain the following information:

    • Application or resume submitted.
    • Evidence of education or registrations.
    • Employment clearances as required.
    • Signed letter of offer.
    • Information related to payroll.
    • Probationary and annual performance reviews.

    • Correspondence with the employee related to their employment status, performance, or discipline.
    • Letter of resignation.

All employee records will be maintained in a locked and secure location, accessible only to authorized personnel. Electronic records will be maintained on a secure data base accessible only to authorized supervisory personnel.

  1. Any release of information will not occur without the employee’s written consent as required and no information will be shared verbally. Notwithstanding the Board will co-operate with law enforcement agencies and will comply with any court order or law requiring the use or disclosure of personal information without the employee’s consent.

  1. An employee may request access to their file from the Library Director at any time. Employees may obtain a copy of any document in their file which they have signed previously. No material contained in an employee file may be removed from the file. The supervisor will be present when the employee views the file. Notwithstanding the foregoing, an employee is not allowed access to his or her fie if the file contains information which would reveal the identity of an individual who has provided personal information about that individual and the individual providing the personal information does not consent to disclosure of his or her identity. If that information can be severed from the file, the employee may then have access.

The employee may provide a written notice of correction related to any data contained in their file. If the supervisor/employer is satisfied that the request is reasonable, the information will be corrected promptly.

  1. Employee requests for disclosure of their own personal information to Third Parties must be accompanied by an authorization letter signed and dated.

  1. Employees are responsible for:

    • Keeping their employer current on their personal information regarding name, address, phone number, dependents (where required for benefits purposes), emergency contact(s), etc.
    • Being familiar with and following policies and procedures regarding personal information.
    • Obtaining prior consents and authorizations prior to disclosure of personal, privileged and/or confidential information.
    • Immediately reporting any breaches of confidentiality to the Library Director.
    • Keeping private passwords and access to personal, privileged and/or confidential data.
    • Relinquishing any personal, privileged, confidential or client information in their possession before or immediately upon termination of employment.

  1. Library Director is responsible for:

    • Notifying employees of the purposes of the collection, use and disclosure of employee personal information and obtaining consent from employees.
    • Ensuring policies and procedures regarding collection, use and disclosure of personal information are consistently adhered to.
    • Responding to requests for disclosure only after the proper release is obtained.
    • Co-operating with authorities to investigate complaints or breaches of policy.
    • Obtaining from terminating employees prior to their termination any personal, privileged, confidential, or client information in their possession.
    • Ensuring that disclosure of personal information or personal health information to a Third Party is done with the approval of the Board in order to minimize risk of non-compliance with applicable legislative or regulatory regimes.

Member Information:

  1. Personal, privileged and/or confidential information about library members may only be collected, used, disclosed and retained for the purposes identified by the Board as necessary, and only after such purpose has been disclosed to library members, prior to collection and their consent obtained.

  1. Employees must ensure that no personal, privileged and/or confidential library member information is disclosed without the library member's consent and then only if security procedures are satisfied.

  1. Library member information is only to be accessed by employees with appropriate authorization.

  1. Unless retention of personal information is specified by law for certain time periods, personal information that is no longer required to fulfill the identified purpose shall be destroyed, erased, or made anonymous within twelve (12) months after its use.

  1. Notwithstanding the above, personal information that is the subject of a request by an individual or a Privacy Commission shall be retained as long as necessary to allow individuals to exhaust any recourse they may have under FOIP.

  1. Concerns or complaints related to privacy issues must be made, in writing, to the Library Director or the Library Board, setting out the details of the concern or complaint. The Library Director or Board Member or their designate shall investigate the matter forthwith and made a determination related to the resolution of the concern(s) or complaint(s).

  1. No employee shall be disadvantaged or denied any benefit of employment by reason that The Board believes that an employee will do anything referred to in the paragraphs below or by reason that an employee, acting in good faith and on the basis of reasonable belief,

    1. Has disclosed to a Privacy Commissioner that The Board or any other person has contravened or intends to contravene a provision of FOIP related to the protection of personal information.

    1. Has refused or stated the intention of refusing to do anything that is in contravention of a provision of FOIP related to the protection of personal information.

    1. Has done or stated an intention of doing anything that is required to be done in order that a provision of FOIP related to the protection of personal information not be contravened.

Definitions:

Employee Personal Information: means personal information about an individual that is collected, used or disclosed solely for the purposes reasonably required to establish, manage or terminate an employment relationship between the organization and that individual, but does not include personal information that is not about an individual’s employment or their contact information. Employee personal information also includes information that may relate to the work performance of the individual, any allegations, investigations or findings of wrongdoing, misconduct or discipline but does not include contact information or job description(s).

Personal Information: is any information about an identifiable individual and includes employee personal information. Personal information also includes information such as age, marital status, family status, criminal record, medical health issues, employment history, address, telephone number, WCB claims information and any numerical identification, such as Social Insurance Number.

Third Parties: are individuals or organizations other than the subject of the records or representatives of the Board. Note that in certain circumstances, the Board may be entitled to provide personal information to an external party acting as an agent of the Board.

Links & Files

Topics

  • Last Updated Mar 06, 2024
  • Views 28
  • Answered By Terri Hampson

FAQ Actions

Was this helpful? 0 0