About Nova Scotia
Nova Scotia, Canada
Ask Joe Howe or try  How Do I Find...

Nova Scotia Government Website Privacy Policy


Approval Date: May 26, 2004
Approved by: Executive Council
Effective Date: June 1, 2004

I. POLICY STATEMENT

The Government of Nova Scotia is committed to ensuring that its departments, offices, agencies, boards, and commissions adhere to the privacy protection provisions of the Freedom of Information and Protection of Privacy Act and the government's fair information practices in the operation of their websites.

The Government of Nova Scotia will demonstrate this commitment through the publication in clear language of a Website Privacy Policy Statement that will be made available on all government websites.

II. DEFINITIONS

DATA SUBJECT
The individual about whom information is collected.

PERSONAL INFORMATION
Personal information is defined in the Freedom of Information and Protection of Privacy Act.
3 (1) (i) "personal information" means recorded information about an identifiable individual, including
(i) the individual's name, address or telephone number,
(ii) the individual's race, national or ethnic origin, colour, or religious or political beliefs or associations,
(iii) the individual's age, sex, sexual orientation, marital status or family status,
(iv) an identifying number, symbol or other particular assigned to the individual,
(v) the individual's fingerprints, blood type or inheritable characteristics,
(vi) information about the individual's health-care history, including a physical or mental disability,
(vii) information about the individual's educational, financial, criminal or employment history,
(viii) anyone else's opinions about the individual, and
(ix) the individual's personal views or opinions, except if they are about someone else

SERVER LOGS
Web server logs are lists of all requests made to the server, including some identifying information about the requestor such as Internet protocol address.

WEB SERVER
A computer that provides World Wide Web services on the Internet or on an intranet. It will have an Internet protocol address (e.g., 198.34.21.65) and usually a domain name (e.g., www.gov.ns.ca). It includes the hardware, operating system, web server software, communications protocols and the website content (web pages). It will have software that can manage and deliver documents and it may be able to operate additional software that can provide such functions as database searches or commercial transactions.

WEBSITE
A site (location) on the World Wide Web usually operated 24 hours a day and 7 days a week.

III. POLICY OBJECTIVES

The policy is designed to:

  1. Ensure that government meets its legislated obligations in the collection, use, and disclosure of personal information obtained through government websites only as authorized by law; and
  2. Assure the public that government protects personal information collected through government websites, including having adequate security in place.

IV. APPLICATION

The Policy applies to all websites operated by or for entities listed in Categories I and II of the Nova Scotia Government Management Manuals Policy in Management Manual #100.

V. POLICY DIRECTIVES

  1. As of September 1, 2004, pages on government websites will provide a connection to the official government Website Privacy Policy Statement. The connection may be a direct link or it may be through a departmental supplementary privacy policy page, which is subject to the Government of Nova Scotia Website Privacy Policy. Certain pages are exempt:
    1. A series of pages where access to the series requires a login. In that instance, the connection must be prominently displayed on the login page;
    2. Pages that are purely graphic. For example, a photo from an archive; and
    3. Pages in a format primarily intended to be printed out before reading that cannot be used to submit personal information through the website.
  2. Government websites will only collect personal information where authorized by law and where notification of such collection and the intended use and disclosure of the information is prominently displayed at the initial point of collection.
  3. Personal information obtained through government websites or other means, including server log information, will only be made publicly or commercially available directly or through service providers with the explicit consent of the data subject or as permitted by law.
  4. Other use and disclosure of personal information collected under Directives B & C above is prohibited without the explicit consent of the data subject or as permitted by law.
  5. Unsolicited personal information sent to government through a government website will be governed by the provisions of the Freedom of Information and Protection of Privacy Act.
  6. Government websites will use a secure connection or other protective measures, where possible, during transmission of personal information to or from the website unless such information is authorized to be publicly available.
  7. All personal information obtained through government websites will be treated in accordance with normal departmental security policies, rules, and procedures for dealing with personal information.
  8. In the event of identified unauthorized access to personal information by a member of the public or inappropriate release of personal information into the public domain involving government websites, departments will follow guidelines both departmental and government-wide for dealing with these situations.
  9. Government websites may require contact information when collecting personal information, so that if government needs to communicate with the individual, it can.
  10. All government websites will provide information on how visitors can obtain access to their personal information collected at that site.
  11. Individuals who have submitted personal information to a government website are entitled to access that information and request corrections or amendments. The request itself will be recorded even if the changes requested are not accepted.
  12. Personal information will not knowingly be collected from children without the consent of a parent or guardian except where authorized by law.
  13. Personal information about children will not be published on government websites without the consent of a parent or guardian except where authorized by law. However, even where such requirements are met, developers are advised to err on the side of caution because of the special privacy concerns that surround communications with children and the personal information of children.
  14. Government webservers will not be used to store unsecured personal information.
  15. Bulk downloading of personal information from government websites is prohibited except in accordance with the Policy for Distribution and Sale of Information Held in Provincial Databases.
  16. Government websites may collect and use information about website visits, including webserver log information, for statistical purposes. This information will be compiled and used in a way such that individuals cannot be identified.

VI. POLICY GUIDELINES

  1. When personal information is collected through a government website, consent for further use or disclosure of that information must be expressly given.
  2. It is strongly recommended that when personal information is collected through a government website, except what is contained in server log information, that personal information should be immediately transferred to a computer that is within the government secure periphery (i.e., inside the government firewall or a similar secure location).
  3. Government has an obligation to protect against inappropriate access to and use of the personal information it collects. Therefore, unrestricted anonymous access to databases of publicly available personal information is not recommended. Before undertaking any initiative that will involve anonymous access to such databases the proposal should be discussed fully with departmental Freedom of Information and Protection of Privacy administrators and the Freedom of Information and Protection of Privacy Coordinator at the Department of Justice.
  4. Government website developers should consult with their departmental records designate and Freedom of Information and Protection of Privacy administrator for direction and advice on the appropriate treatment of government records that may be created or accessed through government websites.

VII. ACCOUNTABILITY

  1. The Deputy Head of each public body covered by the Policy is responsible for administering the Policy, and for issuing instructions to ensure implementation of the Policy including, but not limited to, the following:
    1. Informing employees of the requirements of the Policy and ensuring compliance.
    2. Providing avenues for individuals to communicate concerns about personal privacy related to government websites.
  2. The Deputy Head may augment the Policy with supplementary procedures and guidance regarding the protection of personal information particular to the unique and special responsibilities of the public body and reflecting any special requirements contained in statutes governing the operations of the public body.
  3. The Treasury and Policy Board is responsible for administering the Policy with respect to Deputy Heads.
  4. Communications Nova Scotia is responsible for the creation and maintenance of the official government Website Privacy Policy Statement page.

VIII. MONITORING

The Office of Economic Development is responsible for monitoring the policy.

IX. REFERENCES

Freedom of Information and Protection of Privacy Act
Business Electronic Filing Act
Electronic Commerce Act

X. INQUIRIES

Inquiries should be addressed to the Office of Economic Development.

XI. APPENDICES

Approved official government Website Privacy Policy Statement as of May 26, 2004.


Back to top of page

This page and all contents Crown copyright © 2004, Province of Nova Scotia, all rights reserved.
Comments / 2004-May-26.

Privacy

Note on accessibility.