|
|
|
Corporate Access & Privacy |
Corporate Access & Privacy
Within the DTSSAB, Information Management & Technology (IM/IT) provides centralized management of legislatively mandated
access and privacy services to the general public, Board of Directors, applicable community partners, and employees of the
DTSSAB.
In addition to organizational policies and procedures, The Corporate Access & Privacy Office (CAP) follows two pieces of legislation in managing routine disclosure, active dissemination and information requests for the DTSSAB.
For information on fees associated with Freedom of
Information Requests, select the links below:
Municipal Freedom of Information & Protection of Privacy Act (MFIPPA)
MFIPPA, which came into force on January 1, 1991, establishes a set of statutory obligations that must be considered when responding to formal access to information requests. There is a general right of access to records under MFIPPA however this right is subject to the application of exemptions that may apply to the records.
Personal Health Information Protection Act (PHIPA)
PHIPA came into effect on November 1, 2004 to regulate the collection, use and disclosure of personal health information in the custody of a health information custodian (HIC). HICs must have measures in place to protect personal health information of their clients. The Corporate Access & Privacy Office coordinates access requests under PHIPA.
Services Delivered by CAP Include:
Public Access to Information
The CAP office is located at:
PO Box 6006
290 Armstrong Street
New Liskeard, Ontario P0J 1P0
The office is the official point of contact for those wishing to make a formal request for access to information held by the DTSSAB, or to request a correction to a record(s) containing their own personal information.
Appeals
CAP assists in the representation of the organization in the adjudicative process before the Information and Privacy Commission/Ontario (IPC/O). This includes mediation of appeals and preparation of formal written representations on access decisions which have been appealed to the IPC/O.
Corporate Forms Registry
All electronic and hard copy forms, surveys and questionnaires that collect personal information require the review and approval of the CAP office to ensure they comply with the notification requirements of the various Privacy Acts. All approved forms are registered with the IM/IT program.
Policy & Protocol Development
Access and privacy policy, standards, and procedures are developed for programs/services involving the collection, use or disclosure of personal information.
Privacy protocols also provide standards to staff, by outlining a series of practical measures to be taken to protect personal information the course of our electronic-business processes (email, fax, and cellular phones).
Ongoing training is provided to support routine disclosures of information where possible and to maintain a high level of privacy awareness in the delivery of programs and services
Privacy Reviews & Impact Assessments
Reviews of existing practices are conducted to ensure compliance with the privacy requirements of the various Privacy Acts. Privacy reviews are conducted on manual and electronic systems involving the collection, use, disclosure and retention of personal information. A privacy review ensures that the existing programs/technologies comply with the privacy requirements of the Acts.
Privacy Impact Assessment Checklists (PIA) are also available to assist in the review of proposed applications, involving the collection, use and disclosure of personal information to ensure compliance with the various Privacy Acts.
These checklists are tools to be used by program staff during the business design phase of new systems and processes to ensure that each aspect of business and systems development incorporates the privacy requirements of the Acts prior to implementation.
Privacy Complaints and Investigations
In conjunction with the CAO and Human Resources, the CAP office investigates privacy complaints received from employees or individuals external to the DTSSAB related to the organization’s collection, use, retention and disclosure of personal information. Following a review of program policies and practices, formal representations are prepared in response to any Information and Privacy Commissioner's enquiry processes.
|
|
