Access to Information and Protection of Privacy

Policy level: Library Board
Author: Director of Library Services
Date of Formal Board Approval: September 15, 2009
Amended: April 14, 2022
Policy number: 2009-06

[PDF]


Policy Objectives:

To ensure that Stormont, Dundas and Glengarry County Library (SDG Library) complies with the spirit, principles and intent of the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA).

To ensure that members of the public have access to information about the operations of the SDG Library and to their own personal information held by the Library in accordance with the access provisions of MFIPPA.

To ensure that the privacy of individuals’ personal information is protected in  compliance with the privacy provisions of MFIPPA.

Underlying Principles/Background:

 The SDG Library’s mandate is to provide library services and programs to the community. The continuing rise in Internet use has generated increasing public concerns about privacy and the security of personal information that is provided during on-line transactions. It is essential that the Library continue to build trust  and confidence in its users, and continue to encourage their use of its services and programs. The SDG Library recognizes that users’ choices of what materials they borrow and what websites they visit is a private matter. The Library will therefore make every reasonable effort to ensure that information about its users and their use of library materials, services and programs remains confidential.

The Stormont, Dundas and Glengarry County Library Board has also endorsed the Canadian Library Association’s Position Statement on Intellectual Freedom. This statement affirms the fundamental right of all Canadians to have access to all expressions of knowledge, creativity and intellectual activity, and to express their thoughts publicly.

Policy Statement:

 The Stormont, Dundas and Glengarry County Library Board will make information about the SDG Library available to the public, and protect the privacy of all individuals’ personal information in its custody or control in keeping with the access and privacy provisions of MFIPPA and other applicable legislation.

Protection of Privacy: Users

 Collection and Use of Information:

 a.  The SDG Library will not collect any personal information about users without obtaining their consent to do so, subject to the exceptions as contained in Section 29(1) of MFIPPA and Sections 4(1) and (2) of the general regulations made under MFIPPA. Personal information that is collected will be limited to what is necessary for the proper administration of the Library and the provision of library services and programs.

b. Personal information will only be used for the stated purpose for which it was collected or for a consistent purpose.

Disclosure of Information:

c.  The SDG Library will not disclose personal information related to a visitor or library user to any third party without obtaining consent to do so, subject to certain exemptions as provided in section 32 of MFIPPA. Situations where the Library will disclose this information include the following:

      • The Library will disclose personal information to a parent or guardian of a person fifteen (15) years of age or younger who exercises the right of access to the child’s personal information in the user or circulation databases.
      • The Library will disclose personal information when a user who has requested and been assigned supplementary library card privileges and who has signed the accompanying consent form, voluntarily gives a right of access to the personal information in his/her user and circulation database records to the individual documented on the consent form.
      • In accordance with Section 32(g) of MFIPPA, personal information may be released to a law enforcement agency in Canada, upon consultation with legal counsel, to aid in investigations undertaken with a view to a law enforcement proceeding or from which a law enforcement proceeding is likely to result.
      • In accordance with Section 32(i) of MFIPPA, personal information may be released in compassionate circumstances to facilitate contact with the next of kin or a friend of an individual who is injured, ill or deceased.
      • The Library may release relevant personal information to a company acting on its behalf for the collection of Library property or unpaid fees.
      • The Library may allow certain of its service providers access to relevant personal information solely for the purpose of maintaining the Library’s electronic services.

Retention of Information:

 d.  The SDG Library will not retain any personal information related to the items borrowed or requested by a user, or pertaining to a user’s on-line activity, longer than is necessary for the provision of library services and programs. This includes the following situations:

      • Personal information regarding library transactions is retained in the user database as long as the circulation record indicates that an item remains on loan or fees remain unpaid.
      • Records of returned items that have no outstanding fees/charges remain on the user record in the circulation database until the end of the working day. At that time, any link from the user record to the item borrowed is removed.
      • The circulation records of Home Library Services/CELA users are retained with their permission. This is done in order to assist staff in selecting materials for the user.
      • Records of items with outstanding fees/charges are retained until paid. A password protected historical record is kept for a further seven (7) months because a user may be entitled to have a lost item fee refunded if the item is returned within six (6) months.
      • There are some other informational messages, such as a hold that has been cancelled or has expired, that are retained for seven (7) months. 
      • Backup files of users’ borrowing activity are temporarily retained for two (2) weeks for the purpose of restoring data in cases of system failure and file corruption.
      • Personal records of all users who have not used their cards in the previous three (3) years and do not have outstanding fines are purged on a regular basis.
      • Retention periods for Library electronic services vary for the different web services and change with the introduction of new technologies and services. A Privacy Statement is posted on the SDG Library website.

Protection of Privacy: Staff

 Collection and Use of Information:

a.  The SDG Library will not collect any personal information about staff members without obtaining their consent to do so, subject to the exceptions as outlined in Sections 29(1) and 52 of MFIPPA and Sections 4(1) and (2) of the general regulations made under MFIPPA. Personal information that is collected will be limited to what is necessary for the appointment and management of staff and the administration of staff wages, salaries, benefits.

b. Personal information will only be used for the purpose for which it was collected.

Disclosure of Information:

c.  The SDG Library will not disclose personal information related to staff to any third party without obtaining consent to do so, subject to exemptions as provided in MFIPPA Section 32. Other situations where the Library will disclose personal information include:

      • To third party service providers for the purpose of administering employee benefits.
      • With written permission from the staff member concerned, the Library will provide reference checks and confirmation of employment with the Library, including wage and salary rate information, to third parties.

Access to Information: Users and Staff

 Collection and Use of Information:

a.  Access to general records about SDG Library operations will be provided to the public, subject to the exemptions outlined in MFIPPA Sections 6 through 16. The Stormont, Dundas and Glengarry County Library Board agendas and minutes, annual reports, policies and a variety of other information are routinely made a matter of public record through the SDG Library website and through Library publications. 

b.  Access to personal information about a particular individual will be provided to that individual, upon verification of identity and subject to the exemptions outlined in MFIPPA.

c.  The SDG Library will change an individual’s personal information if it is incorrect. The Library may ask for supporting documentation.

d. An administration fee may be charged for access to individual or general records in accordance with MFIPPA regulations.

e.  The SDG Library is committed to addressing all concerns related to providing access to general and/or personal information and to protecting the privacy of personal information in its custody.

f.  SDG Library staff members have the right to access their individual personnel files upon request.

Scope:

 This policy applies to all information held by the SDG Library, including general information related to its operations, to personal information collected from users of its services and programs, and to personal information relating to Library Staff.

Application:

 This policy applies to the Stormont, Dundas and Glengarry County Library Board, SDG Library staff, and Library volunteers.

Specific Directives:

 The SDG Library will ensure that a retention schedule for a directory of general records and a directory of personal information banks is available to the public. This schedule will be updated on a regular basis.

  1. Privacy and Access statements, together with procedures to be followed in making a request for information, will be publically available through the Library’s website and in print.
  2. A notice of collection statement in compliance with MFIPPA will be available at all registration desks and on all Library forms used to collect personal information. The notice statement will include: the Library’s legal authority for the collection; the principal purposes for which the personal information is to be used; the title, business address and business telephone number of a Library officer or employee who can answer questions about the collection.
  3. Third party service providers will be required to ensure, by means of a statement in their contract, that any staff or users’ personal information to which they have access is only to be utilized for the purposes of carrying out the service they provide to the Library and for no other purpose.
  1. Library staff will be provided with training in the access of privacy provisions of MFIPPA and in the contents of this policy.

Accountability:

 The Director of Library Services is responsible and accountable for documenting, implementing, enforcing, monitoring and updating the Library’s privacy and access compliance.

Related Documents:

 SDG Library. 2008-01 – Communications Policy (add link)

SDG Library. GOV 2011-4 – Delegation of Authority to the Director of Library Services (add link)


APPENDICES

 Appendix 1: Definitions

General records is a collection of general information that is organized and capable of being retrieved using the record series as identified in the directory of records. The records contain no personal information.

Personal information means recorded information about an identifiable individual, including:

  1. Information relating to the race, national or ethnic origin, colour, religion, age, sexual orientation or marital or family status of the individual
  2. Information relating to the education or the medical, psychiatric, psychological, criminal or employment history of the individual or information relating to financial transactions in which the individual has been involved.
  3. Any identifying number, symbol, or other particular assigned to the individual.
  4. The address, telephone number, fingerprints or blood type of the individual.
  5. The personal opinions or views of the individual except if they relate to another individual.
  6. Correspondence sent to an institution by the individual that is implicitly or explicitly of a private or confidential nature, and replies to that correspondence that would reveal the contents of the original correspondence.
  7. The views or opinions of another individual about the individual.
  8. The individual’s name if it appears with other personal information relating to the individual or where the disclosure of the name would reveal other personal information about the individual

Personal information bank is a collection of personal information that is organized and capable of being retrieved using an individual’s name or an identifying number or particular assigned to the individual.

Record means any record of information however recorded, whether in printed form, by electronic means, or otherwise, and includes:

  1. Correspondence, a memorandum, a book, a plan, a drawing, a diagram, a pictorial or graphic work, a photograph, a film, a microfilm, a sound recording, a DVD, a machine readable record, any other documentary material, regardless of physical form or characteristics, and any copy thereof, and
  2. Subject to the regulations, any record that is capable of being produced from a machine readable record under the control of an institution by means of computer hardware and software or any other information storage equipment and technical expertise normally used by the institution.

Appendix 2: Contact

Director of Library Services
SD&G County Library

613-936-8777
613-936-2532 (fax)

Back to Top