|
|
Privacy
Guidelines for
British Columbia Public Libraries
1. Introduction
Public libraries in British Columbia fall under the
definition of "local public bodies (FOIPPA). As such, libraries
are responsible for protecting personal information in accordance with the
provisions of FOIPPA.
a) B.C. Libraries
|
Public libraries are an important resource for
individuals in B.C. They provide open and equitable access to valuable
information and resources. As information technologies continue to emerge,
B.C. public libraries strive to use them to the best advantage of the
public.
Privacy has long been a concern for many individuals,
including librarians. As information technology expands, concerns over
individual privacy also grow, particularly those relating to how
individuals’ personal information is protected.
|
b) Canada & B.C. laws protecting personal
information
| The governments of Canada and B.C. (as well as other
provinces) have written laws to protect personal information in the care
of both public and private organizations. The following is a brief summary
of the federal and B.C. legislation currently in place: |
i) B.C.’s FOIPPA for public sector
organizations
|
B.C.’s Freedom of Information and Protection of
Privacy Act (FOIPPA) protects personal information collected,
used or disclosed by "public bodies" in B.C. Public bodies include
government ministries; Crown corporations; agencies, commissions & boards;
municipalities; municipal police; public hospitals, schools, universities
and colleges; and public libraries.
The privacy protection part of FOIPPA sets out the
minimum requirements for how public bodies must protect personal
information (Act, Part 3). There is also an important "access to
information" aspect of FOIPPA that allows
individuals and organizations access to other non-personal information
held by public bodies (Act, Part 2).
See how to access FOIPPA in
Appendix I.
|
ii) B.C.’s PIPA for private
organizations
|
B.C. is one of the first provinces to provide legislation
protecting personal information collected, used or disclosed by "private
organizations." The
Personal Information Protection Act (PIPA)
applies to all organizations in B.C., such as businesses, associations,
unions, and non-profits.
See how to access PIPA in
Appendix I.
|
iii) Canada’s Privacy Act for
government institutions
|
Canada’s Privacy Act
protects personal
information collected, used or disclosed by federal government
institutions .
Government institutions are listed in the Schedule to the Privacy Act
and include Library and Archives Canada.
See how to access the Privacy Act in
Appendix I.
|
iv) Canada’s PIPEDA for private
organizations
|
Canada’s Personal Information Protection and
Electronic Documents Act (PIPEDA) protects personal information collected, used
or disclosed in the course of commercial activities by federally regulated
organizations (e.g. banks), all private
organizations across Canada (except where a province has substantially
similar legislation, such as B.C. Alberta and Quebec), or where it is
communicated across a provincial or international border.
See how to access PIPEDA in
Appendix I.
|
c) Purpose of Guidelines
| These
Guidelines provide information to
public libraries and do not constitute legal advice. As a public body
under FOIPPA, each public library is responsible for its own
compliance with FOIPPA and should use its own judgment in making
decisions with respect to its compliance. Libraries should consider the
privacy protection requirements in FOIPPA merely as minimum
standards required. Any amendments that may be made to FOIPPA after
May 2006 have not been anticipated nor are they reflected in the
Guidelines. |
d) How to use the Guidelines
i) "She", "her" or "herself"
| Wherever the feminine gender is used, it should be read
as both feminine and masculine (i.e. as "she/he", "her/him", or
"her/himself"). |
ii) References within the Guidelines
|
References are made throughout the Guidelines to
different sections of FOIPPA and its Regulation. References to
FOIPPA will appear as "(Act, s. #)"; references to the Regulation will
be cited as "(Reg., s. #)".
Cross references to other relevant areas in the
Guidelines are provided at the bottom of many sections. Additional
resources are provided in Appendix I. An index is also available at the
back of the Guidelines.
|
iii) Definitions
|
There are some terms that are commonly used in the area
of personal information protection. It may be helpful to read over the
more common ones in Box 1.1 below. The terms below are italicized when
used in the Guidelines, with the exception of "personal information"
because of how often it is used.
Box 1.1
|
|
Definitions for common
terms used in these Guidelines:
·
Personal information à
recorded information about an identifiable individual other than work
contact information (see below), such as name, home address,
identification numbers (including barcodes), birth date, and reading
choices (Act, Schedule 1).
·
Contact information à
information you would often find on a business card that allows a
person to be contacted at a place of business, such as the name,
title, business telephone number, business address, business email, or
business fax number of the individual (Act, Schedule 1).
·
Record à
includes books, documents, maps, drawings, photographs, letters,
vouchers, papers and any other thing on which information is recorded
or stored by graphic, electronic, mechanical or other means, but does
not include a computer program or any other mechanism that produces
records (Act, Schedule 1).
·
FOI/Privacy
Officer à
the
library employee who is responsible for the library’s compliance with
FOIPPA (Act, s. 77). |
|
