I. POLICY STATEMENT
The Corporation of the County of Elgin is committed to ensuring that its departments, offices, boards, and councilors adhere to the privacy protection provisions of the Municipal Freedom of Information and Protection of Privacy Act (https://www.ontario.ca/laws#BK41) in the operation of their websites.
DATA SUBJECT: The individual about whom information is collected.
PERSONAL INFORMATION: Personal information is defined in the Municipal Freedom of Information and Protection of Privacy Act.
a) information relating to the race, national or ethnic origin, colour, religion, age, sex, sexual orientation or marital or family status of the individual,
b) information relating to the education or the medical, psychiatric, psychological, criminal or employment history of the individual or information relating to financial transactions in which the individual has been involved,
c) any identifying number, symbol or other particular assigned to the individual,
d) the address, telephone number, fingerprints or blood type of the individual,
e) the personal opinions or views of the individual except where they relate to another individual,
f) correspondence sent to an institution by the individual that is implicitly or explicitly of a private or confidential nature, and replies to that correspondence that would reveal the contents of the original correspondence,
g) the views or opinions of another individual about the individual, and
h) the individual’s name where it appears with other personal information relating to the individual or where the disclosure of the name would reveal other personal information about the individual; (“renseignements personnels”)
SERVER LOGS: Web server logs are lists of all requests made to the server, including some identifying information about the requestor such as Internet protocol address.
WEB SERVER: A computer that provides World Wide Web services on the Internet or on an intranet. It will have an Internet protocol address (e.g., 188.8.131.52) and usually a domain name (e.g., www.elgincounty.ca). It includes the hardware, operating system, web server software, communications protocols and the website content (web pages). It will have software that can manage and deliver documents and it may be able to operate additional software that can provide such functions as database searches or commercial transactions.
WEBSITE/PORTAL: A site (location) on the World Wide Web usually operated 24 hours a day and 7 days a week.
III. POLICY OBJECTIVES
The policy is designed to:
- Ensure that the County of Elgin meets its legislated obligations in the collection, use, and disclosure of personal information obtained through County of Elgin websites only as authorized by law; and
- Assure the public that The County of Elgin protects personal information collected through County of Elgin websites, including having adequate security in place.
The Policy applies to all websites operated by the County of Elgin
V. POLICY DIRECTIVES
- A series of pages where access to the series requires a login. In that instance, the connection must be prominently displayed on the login page;
- Pages that are purely graphic. For example, a photo from an archive; and
- Pages in a format primarily intended to be printed out before reading that cannot be used to submit personal information through the website.
- County of Elgin websites will only collect personal information where authorized by law and where notification of such collection and the intended use and disclosure of the information is prominently displayed at the initial point of collection.
- Personal information obtained through County of Elgin websites or other means, including server log information, will only be made publicly or commercially available directly or through service providers with the explicit consent of the data subject or as permitted by law.
- Other use and disclosure of personal information collected under Directives B & C above is prohibited without the explicit consent of the data subject or as permitted by law.
- Unsolicited personal information sent to the County of Elgin through a County of Elgin website will be governed by the provisions of the Freedom of Information and Protection of Privacy Act.
- County of Elgin websites will use a secure connection or other protective measures, where possible, during transmission of personal information to or from the website unless such information is authorized to be publicly available.
- All personal information obtained through County of Elgin websites will be treated in accordance with normal County of Elgin security policies, retention policies, rules, and procedures for dealing with personal information.
- In the event of identified unauthorized access to personal information by a member of the public or inappropriate release of personal information into the public domain involving County of Elgin websites, County of Elgin staff will follow guidelines for dealing with these situations.
- County of Elgin websites may require contact information when collecting personal information, so that if the County of Elgin needs to communicate with the individual, it can.
- All County of Elgin websites will provide information on how visitors can obtain access to their personal information collected at that site.
- Individuals who have submitted personal information to a County of Elgin website are entitled to access that information and request corrections or amendments. The request itself will be recorded even if the changes requested are not accepted.
- Personal information will not knowingly be collected from children without the consent of a parent or guardian except where authorized by law.
- Personal information about children will not be published on County of Elgin websites without the consent of a parent or guardian except where authorized by law. However, even where such requirements are met, developers are advised to err on the side of caution because of the special privacy concerns that surround communications with children and the personal information of children.
- County of Elgin webservers will not be used to store unsecured personal information.
- County of Elgin websites may collect and use information about website visits, including webserver log information, for statistical purposes. This information will be compiled and used in a way such that individuals cannot be identified.
VI. POLICY GUIDELINES
- When personal information is collected through a County of Elgin website, consent for further use or disclosure of that information must be expressly given.
- It is strongly recommended that when personal information is collected through a County of Elgin website, except what is contained in server log information, that personal information should be immediately transferred to a computer that is within the County of Elgin secure periphery (i.e., inside the government firewall or a similar secure location).
- The County of Elgin has an obligation to protect against inappropriate access to and use of the personal information it collects. Therefore, unrestricted anonymous access to databases of publicly available personal information is not recommended. Before undertaking any initiative that will involve anonymous access to such databases the proposal should be discussed fully with the Information Technology department at the County of Elgin.
- County of Elgin website developers should consult with the Director of Information Technology, County of Elgin for direction and advice on the appropriate treatment of County of Elgin records that may be created or accessed through County of Elgin websites.
- The Director of Information Technology at the County of Elgin is responsible for administering the Policy, and for issuing instructions to ensure implementation of the Policy including, but not limited to, the following:
- Informing employees of the requirements of the Policy and ensuring compliance.
- Providing avenues for individuals to communicate concerns about personal privacy related to County of Elgin websites.
The Department of Information Technology, the County of Elgin is responsible for monitoring the policy.