CLF for the Internet - Important Notices![,](/web/20061026235307im_/http://www.tbs-sct.gc.ca/cioscripts/images/line450x1.gif)
All GoC Web sites must
include a Privacy Notice Statement,
whenever Web pages provide an opportunity for users to input personal
information.
Rationale
From any point at which GoC
Web site users are given the opportunity to voluntarily provide personal
information, they must be informed of the conditions under which their personal
information will be protected.
Every institution which is subject to the Privacy Act must ensure
that each collection of personal information conforms to the requirements of
that Act. The requirements apply equally to electronic collections as they do to
paper-based collections. Any time personal information is collected
electronically, the individual must be properly informed of their rights, in the
same way as if the collection was done via more traditional means.
One of the differences between electronic communications and paper-based
communications is that it may not be obvious to the individuals involved whether
or not personal information is being collected in the course of any specific
interaction. For these reasons, every Web site must include a Privacy Notice,
even if no personal information is collected through that site.
Interpretation
A statement must actually appear next to
the text requiring the personal information, for example an application form or
survey, etc. informing individuals how the personal information will be used, which
parts of the form are discretionary or mandatory, how long the personal information
will be kept, where it will be kept (which Personal Information Bank) and how they
can obtain access to their information.
Notice and Consent Guidelines in an
On-Line Environment (April 23, 2003)
Refer to the following checklist for a complete list of items to be considered:
Indicate:
1. That all personal information provided is protected under the Privacy
Act
2. Under what authority the personal information is being collected
3. Why the personal information is being collected
4. What personal information is collected automatically
5. On input forms, which parts are mandatory and which are discretionary
6. How the personal information is being collected automatically
7. Where the personal information will be kept (i.e. PIB)
8. How the personal information will be protected during transfer and
storage
9. How long the personal information will be kept
10. When the cookie will
expire if cookies are used
11. Who will have access to the personal information
12. How users can gain access to their personal information
13. How users can correct their personal information
14. Contact information
|