Policy Type: Operational Policy Title: Confidentiality and Protection of Privacy Policy Number: OP-03 Policy Approval Date: Nov 6, 2008 Policy Review Date: Jan 20, 2016 Policy Review Date: Mar 27, 2019 Date of Next Review: Jan 2022 The Brighton Public Library recognizes that the users’ choice of materials they borrow and websites they visit is a private matter. The library will therefore make every reasonable effort to ensure that personal information about its patrons and their use of library materials, services and programs remains confidential. 1. Personal information is defined in Municipal Freedom of Information and Protection of Privacy Act, R.S.O. 1990, c. M56 (MFIPPA), in part, as “recorded information about an identifiable individual.” This could include, in the library context, information on a user’s borrowing habits, as well as information related to computer and Internet use. 2. The library Board ensures that: a) the library complies with the spirit, principles and intent of MFIPPA b) members of the public have access to information about the operations of the library and to their own personal information held by the library in accordance with the access provisions of MFIPPA c) the privacy of an individual’s personal information is protected in compliance with the privacy provisions of MFIPPA 3. The library Board is responsible for personal information under its control and designates the Chief Executive Officer (CEO) as the individual accountable for the organization’s compliance with legislation and ensures that: a) the purposes for which personal information is collected shall be identified by the library at, or before, the time the information is collected b) consent of the individual is acquired for the disclosure of collection use or personal information c) the collection of personal information shall be limited to that which is necessary for the proper administration of the library and the provision of library services and programs d) the library will not retain any personal information related to the items borrowed or requested by a user, or pertaining to a user’s on-line activity, longer than is necessary for the provision of library services and programs e) the library will not disclose personal information related to a visitor or a library user to any third party without obtaining consent to do so, subject to certain exemptions as provided by MFIPPA. Information will be disclosed: i. to a parent or guardian of a person up to sixteen (16) years of age ii. upon the presentation of a search warrant iii. to police in the absence of a search warrant to aid an investigation {at the CEO’s discretion) iv. to the Children’s Aid Society, under the authority of the Child and family Services Act, which states that a person who believes, on reasonable grounds, that a child under 16 is at risk of harm, must report this suspicion to the Children’s Aid Society immediately, directly and on an ongoing basis f) personal information shall be as accurate, complete and up-to-date as is necessary for the purpose for which it is used g) personal information shall be protected by security safeguards appropriate to the sensitivity of the information h) upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information, and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate i) an individual shall be able to address a challenge concerning compliance, with the above principles, to the CEO Related Documents: – Municipal Freedom of Information and Protection of Privacy Act, R.S.O. 1990, c. M56 – Information and Privacy Commissioner of Ontario. What are the Privacy Responsibilities of Public Libraries? 2002.