|
![,](/web/20060117055418im_/http://www.tbs-sct.gc.ca/cioscripts/images/Spacer14px.gif) |
CLF for the Internet - Important Notices![,](/web/20060117055418im_/http://www.tbs-sct.gc.ca/cioscripts/images/line450x1.gif)
All GoC Web sites must
adapt the following Privacy Notices
within the Important Notices link at the bottom of all GoC Web pages.
Rationale
The Privacy Notice assures end-users that information automatically acquired
through a visit to any GoC site
will not be used other than for the express purposes of Web maintenance and
security.
Interpretation
Each institution's Web site Privacy Notice should be developed as a
co-operative effort of the areas responsible for information technology,
computer security, privacy and protection of personal information,
communications, legal services and information management.
Every institution's Privacy
Notice must include the following elements:
- Identification of the organization and how it can be contacted, including
the name or position title of the person to contact with any Web site
privacy concerns (normally the Privacy Co-ordinator)
- A clear description of any personal information which is collected
automatically, a statement that such information is protected under
the Privacy Act, the purpose for which it is collected, who will
have access to it, how long it is kept, where it is kept and how an
individual can access and correct their own personal information
- A statement explaining that should the user choose to provide personal
information through e-mail or other means, such information is protected
under the Privacy Act and will only be used for the specific
purposes for which it has been provided (e.g. to respond to a specific
request), or where required by law, how long it is kept, where it is kept
and how to obtain access and request corrections
- A statement that non-identifiable or statistical information may be
collected for audit purposes, for use in maximising effectiveness, or for
another purpose specified here, if this is the case
- An explanation of any security use of information for purposes such as
tracking suspected intrusions or the source of a computer virus, or
controlling access to the system
- A statement concerning whether cookies, or any other
data, are placed on the user's machine, and how they are used
- A description of any privacy-enhancing technologies in use or available
for use such as the Public Key Infrastructure (PKI) or Secure Socket layer
(SSL)
- A statement that individuals may contact the Office of the Privacy
Commissioner if they are dissatisfied with the response they receive from
the institution privacy contact on a privacy concern with the Web site.
The Privacy Notice must provide enough detail to allow users to understand
what information will be collected and when, and to make an informed decision
concerning whether to remain at the site.
Two examples of Privacy Notices have been provided see www.tbs-sct.gc.ca/clf-nsi/5/5ex2_e.asp. Use the appropriate
bullets from the 2 examples to build your own Privacy Notice.
Guidelines for Cookies on Government of Canada Web Sites (August 19, 2002)
An institution's Web site Privacy Notice should include a statement
concerning:
- Links to other sites not covered by this privacy policy
- Any specific institutional policy on collecting information from children
online
Institutions should also remind users that, unless specifically noted
otherwise, neither electronic systems or e-mail are secure information
transmission methods, and that it is not recommended that sensitive personal
information be transmitted electronically.
In some circumstances institutions may use an outside service provider as a
Webmaster, and may provide a link for sending a message to the Webmaster. In
those circumstances, the outside service provider should be under a contractual
obligation to treat any personal information as though it were covered by the
Privacy Act. In addition, the institution must make it clear to users that
they are sending information outside the institution.
|