Privacy

Number
Approved On
Review By
Revised

  1. Back to top

    Purpose

    The Privacy Policy ensures that members of the public have access to information about the operations of the FFPLTC, and to their own Personal Information held by the FFPLTC, in accordance with the access provisions of MFIPPA.

  2. Back to top

    Responsibilities

    1. FFPL Board

      1. The FFPL Board ensures that the FFPLTC complies with the spirit, principles and intent of MFIPPA.
      2. The FFPL Board is responsible for Personal Information under its control and designates the CEO as the individual accountable for the organization's compliance with legislation.
    2. CEO

      1. The CEO is responsible for the FFPLTC’s privacy obligations under MFIPPA.
      2. The CEO is the contact for the FFPLTC under MFIPPA.
  3. Back to top

    Personal Information

    1. Definition

      Personal information is defined, in part, by MFIPPA as:

      Recorded information about an identifiable individual.

      In the FFPLTC context, this could include information on a user’s borrowing habits, as well as information related to computer use, including sign-up sheets and information on Internet use.

    2. Access

      Upon request, an individual shall be informed of the existence, use, and disclosure of his or her Personal Information, and shall be given access to that information.

    3. Challenges

      1. An individual shall be able to challenge the accuracy and completeness of their Personal Information and have it amended as appropriate.
      2. An individual shall be able to address a challenge concerning compliance with the principles of the Privacy Policy to the CEO.
    4. Confidentiality

      1. The privacy of an individual’s Personal Information is protected in compliance with the privacy provisions of MFIPPA.
      2. The FFPLTC recognizes that the users' choice of materials they borrow and websites they visit is a private matter. The FFPLTC will therefore make every reasonable effort to ensure that Personal Information about its users and their use of FFPLTC materials, services and programs remains confidential.
  4. Back to top

    Collection of Personal Information

    1. Purpose

      The purposes for which Personal Information is collected shall be identified by the FFPLTC at, or before, the time the information is collected.

    2. Limitation

      The collection of Personal Information shall be limited to that which is necessary for the proper administration of the FFPLTC and the provision of FFPLTC services and programs.

    3. Accuracy

      Records shall be as accurate, complete and up-to-date as is necessary for the purpose for which it is used.

    4. Security

      Records shall be protected by security safeguards appropriate to the sensitivity of the information.

    5. Storage Devices

      1. Storage Devices that are not in use should be stored securely in a locked receptacle located in a controlled-access area.
      2. Used Storage Devices should be dated and labeled with a unique, sequential number or other verifiable symbol.
      3. Access to Storage Devices should be limited to authorized personnel.
    6. Retention

      The FFPLTC will not retain any Records related to items borrowed or requested by a user, or pertaining to a user’s on-line activity, longer than is necessary for the provision of FFPLTC services and programs.

      1. Used Records

        The FFPLTC will store and retain Storage Devices required for evidentiary purposes according to standard procedures until law enforcement authorities request them.

        Section 5 of Ontario Regulation 823 under MFIPPA requires that Records used for law enforcement, branch, or public safety purposes be retained for one year from the date of disclosure.

    7. Disposal

      1. Old Storage Devices must be securely disposed of in such a way that Records cannot be reconstructed or retrieved.
      2. Disposal methods could include shredding, burning or magnetically erasing Records.
      3. A record of the disposal of any Storage Device is to be completed and retained.
  5. Back to top

    Release of Personal Information

    1. Audit

      Any release of Personal Information will be subject to Audit.

    2. Review

      In the event of a reported or observed incident, review of Records may be used to assist in the investigation of the incident.

    3. Release to Subjects

      Any patron, FFPLTC Staff member or member of the public has a general right of access to his or her Personal Information under section 36 of MFIPPA.

      Personal Information will not be disclosed if:

      1. The CEO determines that disclosure would constitute an unjustified invasion of another individual’s privacy, consistent with section 38(b) of MFIPPA,which grants the head of an institution the discretionary power to refuse access in these circumstances.

        As such, access to an individual’s own Personal Information in these circumstances may depend upon whether any exempt information can be reasonably severed from the record.

        One way in which this may be achieved is through digitally “blacking out” the images, where technically possible, of other individuals whose images appear in the Record.

      2. The CEO determines that a request is frivolous or vexatious.

        Given reasonable grounds, a request for access to a Record is frivolous or vexatious if:

        • It is part of a pattern of conduct that amounts to an abuse of the right of access
        • It would interfere with the operations of the facility
        • It is made in bad faith
        • It is made for a purpose other than to obtain access to the requested Records
    4. Release to Third Parties

      The FFPLTC will not disclose Personal Information to any third party without obtaining consent to do so, subject to certain exemptions as provided by MFIPPA.

      Information will be disclosed only:

      • To a parent or guardian of a person up to 16 years of age
      • Upon the presentation of a search warrant
      • To police in the absence of a search warrant to aid an investigation (at the CEO’s discretion)
      • In compassionate circumstances to facilitate contact with next of kin, or a friend, of an individual who is injured, ill or deceased
    5. Forms

      1. An Information Request form must be completed before any Record is disclosed to appropriate individuals.

        The Information Request form will indicate:

        • When the request was made
        • Who made the request
        • The Personal Information requested
        • The purpose for the request
      2. An Information Release form must be completed before any Storage Device is delivered to appropriate individuals.

        The Information Release form will indicate:

        • When the Storage Device was taken
        • Who took the Storage Device
        • Under what authority the Storage Device was taken
        • If the Storage Device will be returned or destroyed after use
    6. Inadvertent Disclosure

      1. The CEO will respond to any inadvertent disclosures of Personal Information.
      2. Any breach of MFIPPA shall be reported to the CEO.
  6. Back to top

    Training

    Training programs addressing FFPLTC Staff obligations under the Privacy Policy, the Video Surveillance Policy and MFIPPA shall be conducted as necessary.

Back to top

Terms

  • Chief Executive Officer

  • Fort Frances Public Library Board

  • Fort Frances Public Library Technology Centre

  • The Ontario Municipal Freedom of Information and Protection of Privacy Act

  • Defined in section 2 of MFIPPA as:

    Recorded information about an identifiable individual, which includes, but is not limited to, information relating to an individual's race, colour, national or ethnic origin, sex and age. Therefore, a simple image on a video surveillance system that is clear enough to identify a person, or the activities in which he or she is engaged in, will be classified as "personal information" under the Act.

  • Defined in section 2 of MFIPPA as:

    Any information, however recorded, whether in printed form, on film, by electronic means or otherwise, and includes: a photograph, a film, a microfilm, a microfiche, a videotape, a machine-readable record, and any record that is capable of being produced from a machine-readable record.

  • A tape, optical disc, computer disk, drive or chip, or any other device used to store Records of Personal Information.