-
Back to top
Purpose
The Privacy Policy ensures that members of the public have access to information about the operations of the FFPLTC, and to their own Personal Information held by the FFPLTC, in accordance with the access provisions of MFIPPA.
-
Back to top
Responsibilities
-
FFPL Board
- The FFPL Board ensures that the FFPLTC complies with the spirit, principles and intent of MFIPPA.
- The FFPL Board is responsible for Personal Information under its control and designates the CEO as the individual accountable for the organization's compliance with legislation.
-
CEO
-
-
Back to top
Personal Information
-
Definition
Personal information is defined, in part, by MFIPPA as:
Recorded information about an identifiable individual.
In the FFPLTC context, this could include information on a user’s borrowing habits, as well as information related to computer, program, and internet use.
-
Access
Upon request, an individual shall be informed of the existence, use, and disclosure of his or her Personal Information, and shall be given access to that information.
-
Challenges
- An individual shall be able to challenge the accuracy and completeness of their Personal Information and have it amended as appropriate.
- An individual shall be able to address a challenge concerning compliance with the principles of the Privacy Policy to the CEO.
-
Confidentiality
- The privacy of an individual’s Personal Information is protected in compliance with the privacy provisions of MFIPPA.
- The FFPLTC recognizes that the users' choice of materials they borrow and websites they visit is a private matter. The FFPLTC will therefore make every reasonable effort to ensure that Personal Information about its users and their use of FFPLTC materials, services and programs remains confidential.
-
-
Back to top
Collection of Personal Information
-
Purpose
The purposes for which Personal Information is collected shall be identified by the FFPLTC at, or before, the time the information is collected.
-
Limitation
The collection of Personal Information shall be limited to that which is necessary for the proper administration of the FFPLTC and the provision of FFPLTC services and programs.
-
Accuracy
Records shall be as accurate, complete and up-to-date as is necessary for the purpose for which it is used.
-
Security
Records shall be protected by security safeguards appropriate to the sensitivity of the information.
-
Personal Information Held on Storage Devices
- Storage Devices that are not in use should be stored securely in a locked receptacle located in a controlled-access area.
- Used Storage Devices should be dated and labeled with a unique, sequential number or other verifiable symbol.
- Access to Storage Devices should be limited to authorized personnel.
-
Retention
The FFPLTC will not retain any Records related to items borrowed or requested by a user, or pertaining to a user’s on-line activity, longer than is necessary for the provision of FFPLTC services and programs.
-
Used Records
The FFPLTC will store and retain Storage Devices required for evidentiary purposes according to standard procedures until law enforcement authorities request them.
Section 5 of Ontario Regulation 823 under MFIPPA requires that Records used for law enforcement, branch, or public safety purposes be retained for one year from the date of disclosure.
-
-
Disposal
- Old Storage Devices must be securely disposed of in such a way that Records cannot be reconstructed or retrieved.
- Disposal methods could include shredding, burning or magnetically erasing Records.
- A record of the disposal of any Storage Device is to be completed and retained.
-
-
Back to top
Release of Personal Information
-
Audit
Any release of Personal Information will be subject to Audit.
-
Review
In the event of a reported or observed incident, review of Records may be used to assist in the investigation of the incident.
-
Release to Subjects
Any patron, FFPLTC Staff member or member of the public has a general right of access to his or her Personal Information under section 36 of MFIPPA.
Personal Information will not be disclosed if:
-
The CEO determines that disclosure would constitute an unjustified invasion of another individual’s privacy, consistent with section 38(b) of MFIPPA,which grants the head of an institution the discretionary power to refuse access in these circumstances.
As such, access to an individual’s own Personal Information in these circumstances may depend upon whether any exempt information can be reasonably severed from the record.
One way in which this may be achieved is through digitally “blacking out” the images, where technically possible, of other individuals whose images appear in the Record.
-
The CEO determines that a request is frivolous or vexatious.
Given reasonable grounds, a request for access to a Record is frivolous or vexatious if:
- It is part of a pattern of conduct that amounts to an abuse of the right of access
- It would interfere with the operations of the facility
- It is made in bad faith
- It is made for a purpose other than to obtain access to the requested Records
-
-
Release to Third Parties
The FFPLTC will not disclose Personal Information to any third party without obtaining consent to do so, subject to certain exemptions as provided by MFIPPA.
Information will be disclosed only:
- To a parent or guardian of a person up to 16 years of age
- Upon the presentation of a search warrant
- To police in the absence of a search warrant to aid an investigation (at the CEO’s discretion)
- In compassionate circumstances to facilitate contact with next of kin, or a friend, of an individual who is injured, ill or deceased
-
Forms
-
An Information Request form must be completed before any Record is disclosed to appropriate individuals.
The Information Request form will indicate:
- When the request was made
- Who made the request
- The Personal Information requested
- The purpose for the request
-
An Information Release form must be completed before any Storage Device is delivered to appropriate individuals.
The Information Release form will indicate:
- When the Storage Device was taken
- Who took the Storage Device
- Under what authority the Storage Device was taken
- If the Storage Device will be returned or destroyed after use
-
-
Inadvertent Disclosure
- The CEO will respond to any inadvertent disclosures of Personal Information.
- Any breach of MFIPPA shall be reported to the CEO.
-
-
Back to top
Training
Training programs addressing FFPLTC Staff obligations under the Privacy Policy, the Video Surveillance Policy and MFIPPA shall be conducted as necessary.
Terms
Chief Executive Officer
Fort Frances Public Library Board
Fort Frances Public Library Technology Centre
The Ontario Municipal Freedom of Information and Protection of Privacy Act
Defined in section 2 of MFIPPA as:
Recorded information about an identifiable individual, which includes, but is not limited to, information relating to an individual's race, colour, national or ethnic origin, sex and age. Therefore, a simple image on a video surveillance system that is clear enough to identify a person, or the activities in which he or she is engaged in, will be classified as "personal information" under the Act.
Defined in section 2 of MFIPPA as:
Any information, however recorded, whether in printed form, on film, by electronic means or otherwise, and includes: a photograph, a film, a microfilm, a microfiche, a videotape, a machine-readable record, and any record that is capable of being produced from a machine-readable record.
A tape, optical disc, computer disk, drive or chip, or any other device used to store Records of Personal Information.