|
|
Privacy
Guidelines for
British Columbia Public Libraries
12. Security
Libraries must take reasonable steps to ensure that
personal information in their custody or under their control is secure
against unauthorized collection, use, access, disclosure, or disposal
(Act, s. 30).
a) Authorized employees and volunteers
| Only employees or volunteers who need access to personal
information in the course of their work should be authorized to access
personal information. |
b) Confidentiality agreements
| Libraries should have confidentiality agreements with employees and volunteers who are authorized to access personal
information. The confidentiality agreements should stipulate that the
employee/volunteer will comply with the requirements of FOIPPA and
the library’s privacy policies when dealing in any way with personal
information and stipulate what steps may be taken to enforce the policies. |
c) Training
| It is important that employees and volunteers who are
authorized to access personal information are properly trained in the
requirements of FOIPPA and the libraries privacy policies. Each
employee and volunteer should know the contact information for the FOI/Privacy
Officer so that this information can be provided to whoever requests
it. |
d) Technology
|
Appropriate technological safeguards should be taken to
protect personal information. These will depend on the particular system
used by each library.
Box 12.1
|
|
Examples
of technological safeguards :
-
Where
personal information is communicated electronically and could be
intercepted by a third party, the communication should be secure (e.g.
encrypted). If this is not feasible, then notice should be given that
the communication is not protected and may be intercepted by a third
party (see Appendix II: Sample Privacy Clauses).
-
Employees and volunteers should be assigned user access profiles (IDs
& passwords) so that databases containing personal information are
only accessible by those authorized employees or volunteers.
-
Controls
should be in place to prevent those who do not have specific authority to add, change
or delete personal information from doing so.
-
All personal
information exchanges and storage should be protected (e.g. firewalls,
encryption).
-
The
system security should include an audit process that can track use of
the system and identify inappropriate access to the system.
-
Access
profiles and passwords of former employees and volunteers should be
deleted immediately upon leaving.
|
e) Physical security
|
Personal information recorded on any media (including
paper, CPUs, servers, and other electronic media) should be physically
protected.
Areas where personal information is stored should only be accessed by
authorized employees and volunteers. This may require organizing space in
order that personal information is stored separately in an area
non-authorized personnel do not need to enter.
Box 12.2
|
|
More
examples of securing personal information:
-
Sensitive personal information,
such as employee criminal record check reports or Home Service
patron’s medical information, should be stored separately in a secure
area that is only accessible by employees authorized to access that
particular information.
-
Screens of terminals
that are used to access or change personal information should not be
visible to unauthorized persons, including other employees, volunteers
or patrons. A privacy filter screen may help protect personal
information on the screen.
-
When
deleting or disposing of personal information,
a method should be used that is appropriate to the type of media (see
"Records retention & disposal" for more information).
-
Lock
file cabinets and doors to rooms
where personal information is stored during times when the area is not
under the supervision of authorized employees or volunteers.
-
An
appropriate security system should be used to protect personal
information during times when the area is not under the supervision of
authorized employees or volunteers. For example, personal information
should be inaccessible to janitors and night staff who are not
authorized to access personal information.
|
f) Surveillance
|
Close Circuit TV (CCTV) or other audio, visual or
electronic surveillance should only be used as a last resort. Libraries should be prepared to show that other means are
substantially less effective and that the benefits of surveillance
substantially outweigh the lessening of privacy caused by the
surveillance used .
Box 12.3
|
|
Factors
to consider:
-
The
surveillance system must be justified using verifiable information,
such as incident reports.
-
A
Privacy Impact Assessment (PIA)
should be
conducted before implementing a surveillance system.
-
Stakeholders should be consulted when
reviewing whether or not to implement a surveillance system.
-
The
surveillance system should be designed so that it achieves its goals
with the least privacy invasion possible.
-
The
surveillance equipment should only monitor identified public areas.
-
Notices
should be prominently displayed around the area being monitored,
informing individuals that the area is under surveillance so that they
are aware of the surveillance before entering the area.
-
Only
authorized employees should have access to the equipment and storage
devices.
-
Audits
should be conducted at irregular intervals to review the use and
security of the equipment.
-
Comprehensive privacy policies should be created for operating the
system, as well as use and retention of the recorded information.
For more information, see the "Public
Surveillance System Guidelines", written by the Office of the
Information & Privacy Commissioner (January 26, 2001, Ref 00-01). |
|
