The Federal Government as an employer is committed to fair
information practices for its employees, which creates a legitimate and
enforceable expectation of privacy. These are expressed for all government
institutions in the Privacy Act (1983), which has as its broad purpose
"to...protect the privacy of individuals with respect to personal
information about themselves held by a government institution and provide
individuals with a right of access to such information."(Privacy Act,
section 2).
Personally identifiable information exists in employee and job
applicant records. The collection, use, disclosure, retention and disposal of
this information must be managed in a way that takes into account the Privacy
Act's principles of confidentiality, accuracy and relevance. The spirit and
the letter of the Privacy Act, as it pertains to Federal employees, is
expressed in the Employee Privacy Code.
The Code consists of six Principles, as follows:
An access process must be in place to enable an employee to find
out what information about him or her is in a record and how that information is
used.
All personal information holdings must be described as Personal
Information Banks by the government institutions controlling them and must be
published in Info Source.
Employees must, with some exceptions, be given access to the
information pertaining to them. This should normally be done informally without
recourse to the formal procedures of the Privacy Act. However, no
prejudicial actions will be taken against employees who wish to exercise their
legal rights. Personal information will be withheld from access by employees
only in strict compliance with the limited situations for exemption set out in
the Privacy Act.
There must be no classes of information and no personal
information banks whose existence is not known.
A process must be in place to enable an employee to correct a
record containing personal information about him or her.
Employees are entitled to ask that information pertaining to
them be corrected. They also have the right to have a notation attached to any
information for which a correction was requested but not made.
The legal provisions limiting the collection of personal
information must be followed.
The collection of personal information must be directly relevant
to an authorized program or activity. Whenever possible, personal information
shall be collected directly from the individual to whom it pertains. There are
limited exceptions to this general rule, for example, law enforcement activities.
An employee must also be informed why the information is being collected and the
intended uses to be made of it, except when doing so would result in the
collection of inaccurate or misleading information. Employees must also be told
whether the information is required by law, and, if not, that giving it is
purely voluntary.
Controls that conform to legal requirements must be in place to
regulate the use and disclosure of employee information. Uses beyond the
original purposes for which information was collected and disclosures to third
parties, in particular, are circumscribed.
Without the consent of the employee to whom it relates, personal
information shall only be used for a purpose for which it was collected, or for
a purpose consistent with the original purpose, or for a purpose permitted under
the disclosure part of the Privacy Act, subsection 8(2).
Personal information shall not, without the consent of the
employee, be disclosed to third parties except in the limited number of
situations set out in subsection 8(2) of the Privacy Act. Some of
these situations include the requirements of other Acts and Regulations,
compliance with a subpoena or warrant, internal audits, and archival purposes.
In many instances these provisions are permissive and the onus is on personnel
administrators to determine that a particular instance of permissible disclosure
of personal information is fair to the employee concerned.
Certain very sensitive personal information, such as Employee
Assistance Program (EAP) data, medical files and conflict of interest
declarations, should be disclosed to persons other than the official responsible
(e.g. EAP Counsellor) only when compelled to do so by law or regulation that
requires its disclosure.
Uses of personal information that are not listed in the personal
information bank descriptions in Info Source shall be recorded, and the record
attached to the personal information. The Privacy Commissioner must be advised,
and the new use must subsequently be published in Info Source.
Data matching and linkage involve comparing, for administrative
purposes, personal information obtained from various sources. They are used
widely in personnel administration, and generally involve the use of computers
to generate more extensive profiles of individuals. Data matching is regulated
by Treasury Board policy to ensure compliance with the Privacy Act,
particularly as it relates to the Act's provisions dealing with the collection,
use and disclosure of the personal information to be matched. Government
institutions are required to give 60 days' advance notice of matching
programs to the Privacy Commissioner and to describe them in Info Source.
Government institutions should ensure that personal information
is accurate and that appropriate precautions are taken to protect it.
Personal information has a life cycle; that is, it exists from
the time it is originally collected or compiled to the date it is finally
disposed of. Throughout its life cycle, personal information should be current
and accurate for its intended use. Adequate safeguards and protection should be
provided to prevent its misuse.
The government Security Policy specifies that personal
information be given enhanced protection. It is designated PROTECTED - PERSONAL
INFORMATION, and the government-wide security standards set out appropriate
protection. This includes lockable storage containers, controlled access to the
areas in which personal information is located, and security measures related to
its transmission.
Additional protection is provided for particularly sensitive
personal information in EAP and medical files. For example, information that can
be linked to a client in an EAP file is accessible only to the client and the
EAP Co-ordinator. Particularly sensitive personal information is designated
PROTECTED, followed by words that describe the category of information (e.g.
PROTECTED - EMPLOYEE ASSISTANCE PROGRAM), and particular storage and transmittal
standards support the additional protection.
Employees should be able to find out how their personal
information will be finally disposed of.
Personal information must be retained and disposed of in
accordance with approved and published records retention and disposal schedules.
Except as otherwise provided in law, or when the employee consents to earlier
disposal, personal information must be kept for a minimum of two years after the
last time it was used for an administrative purpose. Employees thus have an
opportunity to request access to the information and ask for a correction if
necessary.
|