Access to Information and Protection of Privacy Policy
- Policy Objectives
- Underlying Principles/Background
- Policy Statement
- Scope
- Application
- Specific Directives
- Accountability
- Appendix 1: References
- Appendix 2: Definitions
- Right to Appeal an Access Decision
- Appendix 3: Contact
Approved: January 16, 2006
Revised: June 21, 2010
Policy Objectives
To ensure that Toronto Public Library (the Library) complies with the spirit, principles and intent of the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA).
To ensure that members of the public have access to information about the operations of the Library and to their own personal information held by the Library in accordance with the access provisions of MFIPPA.
To ensure that the privacy of individuals' personal information is protected in compliance with the privacy provisions of MFIPPA.
Underlying Principles/Background
The Library is guided by the values of accountability and integrity in the provision of public service. These values speak to the need for openness, and responsibility in all operations.
The Library's mandate is to provide library services and programs to the community. The continuing rise in Internet use has generated increasing public concerns about privacy and the security of personal information that is provided during on-line transactions. It is essential that the Library maintain the trust and confidence of its users, and continue to encourage their use of its services and programs. The Library recognizes that users' choices about the materials they borrow and websites they visit is a private matter. The Library will therefore make every reasonable effort to ensure that information about its users and their use of library materials, services and programs remains confidential.
The Toronto Public Library Board has also endorsed the Canadian Library Association's Position Statement on Intellectual Freedom. This statement affirms the fundamental right of all Canadians to have access to all expressions of knowledge, creativity and intellectual activity, and to express their thoughts publicly.
The Toronto Public Library's Security Video Surveillance Policy covers the Library's policy for ensuring that its use of security video surveillance cameras protects the privacy of individual's personal information in compliance with the privacy provisions of MFIPPA.
Policy Statement
The Toronto Public Library Board will make information about the Library available to the public, and protect the privacy of all individuals' personal information in its custody or control in keeping with the access and privacy provisions of MFIPPA and other applicable legislation.
Protection of Privacy: Users
- The Library will not collect any personal information about users without obtaining their consent to do so, subject to the exceptions as contained in Section 29(1) of MFIPPA and Sections 4(1) and (2) of the general regulations made under MFIPPA. Personal information that is collected will be limited to what is necessary for the proper administration of the Library and the provision of library services and programs.
- Personal information will only be used for the stated purpose for which it was collected or for a consistent purpose.
- The Library employs the use of Radio Frequency Identification (RFID) readers for circulation services. No personal information is collected through these readers.
- The Library will not disclose personal information related to a visitor or library user to any third party without obtaining consent to do so, subject to certain exemptions as provided in section 32 of MFIPPA. Disclosure is permitted in some situations, including the following:
- The Library will disclose personal information to a parent or guardian of a person up to sixteen (16) years of age who exercises the right of access to the child's personal information in the user or circulation databases.
- Subsection (g), disclosure to an institution or a law enforcement agency in Canada to aid an investigation undertaken with a view to a law enforcement proceeding or from which a law enforcement proceeding is likely to result;
- Subsection (i), disclosure under compassionate circumstances, to facilitate contact with the spouse, a close relative or a friend of an individual who is injured, ill or deceased;
- The Library will disclose personal information when a user who has requested and been assigned supplementary library card privileges and who has signed the accompanying consent form, voluntarily gives a right of access to the personal information in his/her user and circulation database records to the individual documented on the consent form.
- Personal information may be disclosed to the Toronto Public Library Foundation for fundraising purposes, with the consent of the user. Information provided to the Foundation for fundraising shall be limited to name, address, telephone number, email address, gender, date of birth, and date of last activity. Consent to disclose personal information shall be indicated in one of the following ways: by written signature; electronic means; or orally, to be confirmed in the users' record by TPL staff in the presence of the user. Users have the right to withdraw this consent at any time.
- The Library may release relevant personal information to a company acting on its behalf for the collection of Library property or unpaid fees.
- The Library may allow certain of its service providers access to relevant personal information solely for the purpose of maintaining the Library's electronic services.
- The Library will not retain any personal information related to the items borrowed or requested by a user, or pertaining to a user's on-line activity, longer than is necessary for the provision of library services and programs. However, the Library may retain personal information related to library functions or services as described below, when users voluntarily opt in to do so; for example, in order to enhance or personalize library functions or services.
The retention of personal information includes the following situations:
- Personal information regarding library transactions is retained in the user database as long as the circulation record indicates that an item remains on loan or fees remain unpaid.
- Records of returned items that have no outstanding fees/charges remain on the user record in the circulation database until the end of the working day.
- The personal information and borrowing history of Home Library Services users are retained with their permission. This is done in order to assist staff in selecting and delivering materials for the user.
- Records of items with outstanding fees/charges are retained until paid. A password protected historical record is kept for a further seven (7) months because a user may be entitled to have a lost item fee refunded if the item is returned within six (6) months.
- Personal information for members of the public who are registered in the Integrated Library System to use library services and who have requested a supplementary card are retained until the card is supplied.
- There are some other informational messages, such as a hold that has been cancelled or has expired, that are retained for seven (7) months.
- Records relating to the answering of questions and/or in-depth research for the public in person, by phone, or e-mail, are retained for two years.
- Personal records of all users who have not used their cards in the previous three (3) years and do not have outstanding fines are purged on an annual basis.
- Retention periods for Library electronic services vary for the different web services and change with the introduction of new technologies and services. A Privacy Statement is posted on the TPL website.
Collection and Use of Information:
Disclosure of Information:
The Library may also disclose information in accordance with the exemptions provided in section 32 of MFIPPA, including:
In addition
Retention of Information:
Protection of Privacy: Staff
- The Library will not collect any personal information about staff members without obtaining their consent to do so, subject to the exceptions as outlined in Sections 29(1) and 52 of MFIPPA and Sections 4(1) and (2) of the general regulations made under MFIPPA. Personal information that is collected will be limited to what is necessary for the appointment and management of staff and the administration of staff wages, salaries and benefits.
- Personal information will only be used for the purpose for which it was collected.
- The Library will not disclose personal information related to staff to any third party without obtaining consent to do so, subject to exemptions as provided in MFIPPA Section 32. Other situations where the Library will disclose personal information include:
- To third party service providers for the purpose of administering employee benefits.
- With written permission from the staff member concerned, the Library will provide reference checks and confirmation of employment with the Library, including wage and salary rate information, to third parties.
- Staff personnel files are kept for seven years after retirement or resignation in accordance with City of Toronto By-Law 260-2006. Benefits enrollment administrative records related to the various benefits provided to staff such as dental, medical, group life insurance, retirement (OMERS) are all retained until there is a change to enrollment or the death of the active or terminated employee.
- Third party service providers only keep staff records for as long as they are administering staff benefits on behalf of the Library.
Collection and Use of Information:
Disclosure of Information:
Retention of Information:
The Library will not retain any personal information related to staff longer than is required by law. This includes the following retention practices:
Access to Information: Users and Staff
- Access to general records about Library operations will be provided to the public, subject to the exemptions outlined in MFIPPA Sections 6 through 16. The Toronto Public Library Board agendas and minutes, annual reports, policies and a variety of other information are routinely made a matter of public record through the Toronto Public Library web site and through Library publications.
- Access to personal information about a particular individual will be provided to that individual, upon verification of identity and subject to the exemptions outlined in MFIPPA.
- The Library will change an individual's personal information if it is incorrect. The Library may ask for supporting documentation.
- An administration fee may be charged for access to individual or general records in accordance with MFIPPA regulations.
- The Library is committed to addressing all concerns related to providing access to general and/or personal information and to protecting the privacy of personal information in its custody.
- Staff members have the right to access their individual personnel files upon request. This access is provided in accordance with the provisions of the Collective Agreement between the Toronto Public Library Board and the Toronto Public Library Workers Union Local 4948.
A complete list of all personal information retained by the Library is available in the Directory of Personal Information Banks (PIBs), available upon request.
Scope
This policy applies to all information held by the Library, including general information related to its operations, to personal information collected from users of its services and programs, and to personal information relating to Library staff.
Application
This policy applies to the Toronto Public Library Board, staff, and volunteers.
Specific Directives
- The Library will ensure that a retention schedule for a directory of general records and a directory of personal information banks is available to the public. This schedule will be updated on a regular basis.
- Privacy and Access statements, together with procedures to be followed in making a request for information, will be publicly available through the Toronto Public Library's web site and in hard copy.
- A notice of collection statement in compliance with MFIPPA will be available at all registration desks and on all Library forms used to collect personal information. The notice statement will include: the Library's legal authority for the collection; the principal purpose(s) for which the personal information is to be used; the title, business address and business telephone number of a Library officer or employee who can answer questions about the collection; and that personal information may, with the user's consent, be disclosed to the Toronto Public Library Foundation for fundraising purposes.
- Third party service providers will be required to ensure, by means of a statement in their contract, that any staff or users' personal information to which they have access is only to be utilised for the purposes of carrying out the service they provide to the Library and for no other purpose.
- Library staff will be provided with training in the access and privacy provisions of MFIPPA and in the contents of this policy.
Accountability
The City Librarian is responsible and accountable for documenting, implementing, enforcing, monitoring and updating the Library's privacy and access compliance.
Appendices
The City Librarian is responsible and accountable for documenting, implementing, enforcing, monitoring and updating the Library's privacy and access compliance.
Appendix 1: References
- Canadian Library Association: Position Statement on Intellectual Freedom Statement on Intellectual Freedom Approved by Executive Council - June 27, 1974; Amended November 17, 1983; and November 18, 1985 All persons in Canada have the fundamental right, as embodied in the nation's Bill of Rights and the Canadian Charter of Rights and Freedoms, to have access to all expressions of knowledge, creativity and intellectual activity, and to express their thoughts publicly. This right to intellectual freedom, under the law, is essential to the health and development of Canadian society. Libraries have a basic responsibility for the development and maintenance of intellectual freedom. It is the responsibility of libraries to guarantee and facilitate access to all expressions of knowledge and intellectual activity, including those which some elements of society may consider to be unconventional, unpopular or unacceptable. To this end, libraries shall acquire and make available the widest variety of materials. It is the responsibility of libraries to guarantee the right of free expression by making available all the library's public facilities and services to all individuals and groups who need them. Libraries should resist all efforts to limit the exercise of these responsibilities while recognizing the right of criticism by individuals and groups. Both employees and employers in libraries have a duty, in addition to their institutional responsibilities, to uphold these principles.
- Municipal Freedom of Information and Protection of Privacy Act, R.S.O. 1990, c. M. 56
- Municipal Freedom of Information and Protection of Privacy Act, R.R.O. 1991, Regulation 372/91 as Amended
- Public Libraries Act, R.S.O. 1990, c. P. 44
- City of Toronto Act, 2006, S.O. 2006, c. 11, Sched. A
- Toronto Public Library Circulation and Collection Use Policy
- Toronto Public Library Internet Use Policy
- Toronto Public Library Records Management Policy
- Toronto Public Library Financial Control Policy
- Toronto Public Library Security Video Surveillance Policy
Appendix 2: Definitions
General Records is a collection of general information that is organized and capable of being retrieved using the record series as identified in the directory of records. The records contain no personal information.
Personal Information means recorded information about an identifiable individual, including:
- Information relating to the race, national or ethnic origin, colour, religion, age, sexual orientation or marital or family status of the individual,
- Information relating to the education or the medical, psychiatric, psychological, criminal or employment history of the individual or information relating to financial transactions in which the individual has been involved,
- Any identifying number, symbol, or other particular assigned to the individual,
- The address, telephone number, fingerprints or blood type of the individual,
- The personal opinions or views of the individual except if they relate to another individual,
- Correspondence sent to an institution by the individual that is implicitly or explicitly of a private or confidential nature, and replies to that correspondence that would reveal the contents of the original correspondence,
- The views or opinions of another individual about the individual, and
- The individual's name if it appears with other personal information relating to the individual or where the disclosure of the name would reveal other personal information about the individual
Personal information bank is a collection of personal information that is organized and capable of being retrieved using an individual's name or an identifying number or particular assigned to the individual.
Record means any record of information however recorded, whether in printed form, on film, by electronic means or otherwise, and includes:
- Correspondence, a memorandum, a book, a plan, a drawing, a diagram, a pictorial or graphic work, a photograph, a film, a microfilm, a sound recording, a videotape, a machine readable record, any other documentary material, regardless of physical form or characteristics, and any copy thereof, and
- Subject to the regulations, any record that is capable of being produced from a machine readable record under the control of an institution by means of computer hardware and software or any other information storage equipment and technical expertise normally used by the institution.
Appendix 3: Contact
Director, Policy, Planning & Performance Measurement
Tel: 416-395-5602
Manager, Privacy, Risk & Governance
Tel: 416-395-5604