The Township of Cramahe Public Library recognizes that the users' choice of materials they borrow and websites they visit is a private matter. The library will therefore make every reasonable effort to ensure that personal information about its users and their use of library materials, services and programs remains confidential. In addition the library board upholds the rights of the public to access their personal information held by the library and is committed to making access to information about the governance and operations of the library available to the public.
Section 1: Privacy
- Personal information is defined in Municipal Freedom of Information and Protection of Privacy Act, R.S.O. 1990, c. M56 (MFIPPA), in part, as “recorded information about an identifiable individual.” This could include, in the library context, information on a user’s borrowing habits, as well as information related to computer use.
- The board ensures that:
a. the library complies with the spirit, principles and intent of MFIPPA
b. members of the public have access to information about the operations of the library and to their own personal information held by the library in accordance with the access provisions of MFIPPA
c. the privacy of an individual’s personal information is protected in accordance with the privacy provisions of MFIPPA
- The library collects in electronic records:
a. name, address, telephone number and email address of each registered library user
b. date of birth of registered library users under the age of twelve
c. information about what an individual library user has borrowed or items placed on hold
d. information about fines
e. information about public meeting room space booked by a specific individual
f. information about programs an individual has regsirered to attend
g. informatin about when an individual booked a public computer as well as teh Internet search history. All such information is erased at the end of the day upon which the comptuer is used.
h. infomraiton about individuals request for material through interlibrary loan. As part of a provincial interlibrary loan network, some of this information resides on servers in other places and the library acnnot monitor or control the use of this information.
- The library collects comment forms, requests for material reconsideration and correspondence from individual users. All correspondence received is part of the Board’s public documents except for correspondence related to personnel or property issues which would be treated as confidential and handled in an in camera session. In addition, personal information about users and their use of library materials, services and programs is treated as confidential.
- The board is responsible for personal information under its control and designates the Chief Executive Officer (CEO) as the individual accountable for the library’s compliance with legislation. The CEO ensures that:
a. the collection of personal information is limited to that which is necessary for the proper administration of the library and the provision of library services and programs
b. the purposes for which personal information is collected from an individual is identified by the library at, or before, the time the information is collected and that consent to collect the information is given by the individual at the time of registration.
c. consent is required should the information be used for a purpose other than for which is was originally obtained
d. personal information is not retained longer than is necessary for the provision of library services and that programs procedures for the retention and disposal of personal information are established and followed
e. personal information related to a visitor or a library user is not disclosed to any third party without obtaining consent to do so, subject to certain exemptions as provided by MFIPPA. Information will be disclosed:
i. to a parent or guardian of a person up to sixteen (16) years of age
ii. upon the presentation of a search warrant
iii. to police in the absence of a search warrant to aid an investigation (at the CEO’s discretion)
iv. personal information may be released in compassionate circumstances to facilitate contact with next of kin or a friend of an individual who is injured, ill or deceased
f. personal information shall be as accurate, complete and up-to-date as is necessary for the purpose for which it is used
g. personal information shall be protected by security safeguards appropriate to the sensitivity of the information
h. the Annual Statistics Report to the Privacy Commission of Ontario is submitted
- Any library user who feels their privacy has not been protected may challenge library practices with the CEO. A library user whose challenge, is not satisfied with the result, may appeal to the Library Board, maintaining either the current policy has been violated or that the current policy needs to be changed in order to address a perceived issue.
Section 2: Access to Information
- Responding to requests for information is a statutory obligation
- In accordance with the Public Libraries Act the public can inspect any records that the board’s secretary has on file except where exemptions are allowed under Section 6-16 of the MFIPPA
- Upon request, an individual will be informed of the existence, use, and disclosure of his or her personal information, and be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate
- All requests for information or for records, not publically available, must be made in writing.
- The CEO will give written notice to the person making a request, as to whether or not access to the record or part of it will be given as prescribed in the MFIPPA.
- Fees will be applied according to the Municipal Freedom of Information and Protection of Privacy Act R.R.O. 1990 Regulation 823.
Section 3: Breach of Privacy
- A breach is any unauthorized or illegal collection, use, or disclosure of personal information
- In the event of a breach the CEO or his designate will:
a. Contain the breach and repatriate the information
b. Assess the severity of the breach
c. Notify affected parties and the Information and Privacy Commissioner as required
d. Investigate the cause of the breach
e. Implement corrective actions
Municipal Freedom of Information and Protection of Privacy Act, R.S.O. 1990, c. M56
Municipal Freedom of Information and Protection of Privacy Act R.R.O, 1990, Regulation 823 Information and Privacy Commissioner of Ontario. What are the Privacy Responsibilities of Public Libraries? 2002.