Halifax Regional Municipality (HRM) is committed to respecting the privacy rights of all individuals whose personal information it has collected and to ensuring the confidentiality and security of that personal information and to excellence in the management of that personal information. HRM will ensure adherence to the privacy protection provisions of Part XX (Freedom of Information and Protection of Privacy) of the Municipal Government Act [PDF], the Personal Information International Disclosure Protection Act and other applicable legislation. Violations of this policy whether intentional or inadvertent, may result in disciplinary action up to and including termination of employment. Where appropriate, legal sanctions may be pursued.
Employee includes a person retained under an employment contract to perform services for HRM. For the purpose of this policy, an employee also includes individuals seconded to HRM and volunteers, students and interns who have access to records
FOIPOP: Freedom of Information and Protection of Privacy, Part XX of the Municipal Government Act [PDF].
Personal information is recorded information about an identifiable individual including:
- the individual's name, address or telephone number;
- the individual's age, sex, sexual orientation, marital status or family status;
- the individual's race, national or ethnic origin, colour, or religious or political beliefs or associations
- an identifying number, symbol or other particular assigned to the individual;
- the individual's fingerprints, blood type or inheritable characteristics;
- information about the individual's health-care history, including a physical or mental disability;
- information about the individual's educational, financial, criminal or employment history;
- anyone else's opinions about the individual; and
- the individual's personal views or opinions, except if they are about someone else.
Personal Information Bank (PIB) is a collection of paper records or electronic documents that are sorted by a personal identifier such as name, employee number or a database that is indexed by one or more personal identifiers.
PIIDPA: Personal Information International Disclosure Protection Act
Privacy breach: the event of unauthorized collection, access, use, disclosure, storage or alteration of personal information.
Record, as defined in Part XX of the MGA, includes books, documents, maps, drawings, photographs, letters, vouchers, papers and any other thing on which information is recorded or stored by graphic, electronic, mechanical or other means, but does not include a computer program or any other mechanism that produces records.
The objectives of this policy are:
- To ensure HRM meets it legislated and regulatory responsibilities in the management of personal information;
- To ensure consistency in practices and procedures in administering the legislated and regulatory responsibilities;
- To ensure effective protection and management of personal information by identifying, assessing, monitoring and mitigating privacy risks in HRM programs and activities involving the collection, retention, use, disclosure, storage and disposition of personal information;
- To ensure only the minimum amount of personal information required for a specific purpose is collected, used or retained; and
- To ensure that appropriate consent is obtained and that systems used for storing personal data comply with legal and regulatory requirements.
- HRM will collect, access, store, use, and disclose personal information only where authorized by law or agreement.
- HRM will make reasonable efforts to ensure that the individual understands the purpose for which the personal information is being collected and the need for the collection.
- HRM will limit its collection of personal information to that which is required for its programs and services; reasons for collection of this information will be provided at the time that consent is sought. Where an act, regulation or municipal bylaw requires that information be provided, consent will not be required for the collection of that information.
- HRM will use and disclose an individual’s personal information only for the purpose for which it was collected, for a use consistent with that purpose, for other purposes for which consent has been obtained, or for other purposes required or permitted by law.
- HRM is committed to protecting personal information through appropriate administrative, technical and physical security measures and safeguards, regardless of the format in which the personal information is held.
- HRM will retain personal information in accordance with legislative requirements and will ensure that proper care is taken in the disposal of personal information.
- HRM will make every reasonable effort to ensure its records of an individual’s personal information are accurate and complete and will allow a person access to their own information to verify, update and correct it.
- HRM will ensure that this policy is considered for all new and significantly amended programs or services that collect, use or disclose personal information.
- HRM will establish a privacy breach/complaint protocol as per Appendix A.
- Complaints or questions with respect to this policy may be directed to the applicable Business Unit or to the HRM’s Access and Privacy Officer at 902.490.4390 or firstname.lastname@example.org.
Accountability and security
Roles and responsibilities
All HRM employees are required to know and understand their obligations under this policy. Employees are expected to respect the confidentiality of personal information and report any breaches of privacy to their immediate supervisor. Employees will make reasonable efforts to ensure personal information is protected.
Supervisors and managers
Along with the responsibilities noted above, managers, and supervisors are required to ensure that their staff follow this policy and the applicable acts.
Business unit directors
Along with responsibilities noted above, directors are responsible for making reasonable security arrangements for personal information in the custody of their business unit, ensuring that staff receive privacy awareness training, and ensuring that service providers are compliant with this policy.
Access and Privacy Officer
Will provide advice and guidance to elected officials, executive and senior management, business units and employees with respect to the treatment of personal information within HRM and will monitor and report on HRM’s compliance with this policy.
Chief Administrative Officer
Along with the responsibilities noted above, the Chief Administrative Officer is responsible for the proper application of Part XX of the MGA, PIIDPA and other Acts or policies with respect to an individual’s personal information.
Monitoring and review
The Access and Privacy Officer will be responsible for monitoring compliance with this policy and conducting an annual review of this policy.
Freedom of Information and Protection of Privacy, Part XX , Municipal Government Act [PDF]
Freedom of Information and Protection of Privacy Regulations
Personal Information International Disclosure Protection Act
Administrative Order 2015-001-GOV - Respecting Corporate Information Management [PDF]
Halifax Regional Municipality Routine Access Policy
Halifax Regional Municipality Privacy Breach/Complaint Protocol (Appendix A)
Halifax Regional Municipality Mobility Policy