1.0 BACKGROUND
The Stouffville Library recognizes that the users’ choice of materials they borrow and websites they visit is a private matter. The library will therefore make every reasonable effort to ensure that personal information about its users and their use of library materials, services and programs remains confidential.
Personal information is defined in Municipal Freedom of Information and Protection of Privacy Act, in part, as “recorded information about an identifiable individual.” This could include, in the library context, information on a user’s borrowing habits, as well as information related to computer use, including sign-up sheets and information on Internet use.
2.1 BOARD RESPONSIBILITY
The Board shall ensure that:
- the library complies with the spirit, principles and intent of provincial privacy regulations;
- members of the public have access to information about the operations of the library and to their own personal information held by the library in accordance with the access provisions of provincial regulations; and
- the privacy of an individual’s personal information is protected in compliance with the privacy provisions of provincial
3.1 CEO ACCOUNTABILITY
The Board is responsible for personal information under its control and designates the CEO as the individual accountable for the library’s compliance with regulations.
The CEO shall ensure that:
- consent of the individual is acquired for the disclosure of collection use or personal information;
- the purposes for which personal information is collected shall be identified by the library at, or before, the time the information is collected;
- the collection of personal information shall be limited to that which is necessary for the proper administration of the library and the provision of library services and programs;
- the library will not retain any personal information related to the items borrowed or requested by a user, or pertaining to a user’s online activity, longer than is necessary for the provision of library services and programs;
- the library will not disclose personal information related to a visitor or a library user to any third party without obtaining consent to do so, subject to certain exemptions as provided by provincial Information will be disclosed:
- to a parent or guardian of a person up to 16 years of age
- upon the presentation of a search warrant
- at the CEO’s discretion, to police in the absence of a search warrant to aid an investigation
- in compassionate circumstances to facilitate contact with next of kin or a friend of an individual who is injured, ill or deceased
- personal information shall be as accurate, complete and up-to-date as is necessary for the purpose for which it is used;
- personal information shall be protected by security safeguards appropriate to the sensitivity of the information;
- upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information, and shall be given access to that An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate; and
- an individual shall be able to address a challenge concerning compliance with the above principles to the
The CEO shall establish staff procedures with respect to confidentiality and privacy. The procedures shall include matters with respect to:
- signing of confidentiality agreements at the start of employment; and
- prohibition on the use of confidential information for personal or private gain or for the gain of friends, relatives or any person or corporation having dealings with the
The CEO shall establish a method of communicating the Board’s policy to users of library’s internet services, in accordance with Privacy and Security guidelines established in the Board’s Internet Services policy.