Privacy and Information Management ICT Guidelines

Privacy and Information ManagementICT Guidelines

Every one of us has a responsibility to safeguard the personal information we deal with on a daily basis.

2Access to Personal InformationUnder the Education Act, Board employees are granted the right to access an individuals personal information, when that access is directly tied to the needs of the role.

What is Personal Information?Under the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), personal information is any recorded information that can identify an individual, such as:demographic information such as name, address, phoneethnic background medical and/or health recordsstudent achievementemployment historycriminal history

What is Consent?

Under the Education Act, school boards have the authority to collect personal information about students when they register.

Consent is explicit as parents fill in the information and provide it to the school personally at the time of registrationInformed consent is when it is defined for parents why youre collecting, what youre collecting, what you will do with it and who you will share it with

Its when the information has to be shared with others that problems can arise. There are some good basic rules to follow, however.

Seven Virtues of Privacy Protection The Information and Privacy Commissioner of Ontario and the Access and Privacy Office of the Ontario government offer advice for safeguarding personal information:

1.Collect only as much personal information as you need to do your job.

2.Collect information directly from individuals, or for students under 18, directly from their parents or guardians not from third parties.

3.Explain why you need to collect the information and exactly how it will be used.

Seven Virtues of Privacy ProtectionGet consent from students, or for students under 18, from parents, for the collection, storage and use of personal information.

Store personal information securely. Keep hard copies under lock and key, such as in a locked filing cabinet; keep electronic documents on a password-protected computer. A clean desk will help prevent sensitive information being misplaced or stolen.

7Seven Virtues of Privacy Protection

6.When in doubt, ask for advice from the school principal or the board staff member in charge of privacy. (Ontario law requires every board to have one such contact person.)

7.When you no longer need the personal information to do your job, destroy it by shredding paper documents or securely erasing electronic ones.

Sensitive information is at your fingertips throughout your work dayIn many formats electronic, hard copy, verbal

How Does it Affect Me??Common Daily PracticesAlways lock your laptop or workstation when away from your desk ( Windows-L)Make sure your screen is not visible to others if displaying personal information (Windows-D will minimize all open windows)Put papers or files away securely when not working with them

Common Daily Practices - continuedDouble-check which printer youre sending to before you hit ok and immediately collect sensitive documentsDispose of sensitive information in designated shredding bins

Laptops & Other Mobile DevicesAlways encrypt or password protect your USB keys, external drives, etc.Never keep your only copy on a USB or other device make sure to have another copy on a board file share.Do not save board information on a personal device. Use a protected USB key and work from that.Never auto-forward your FirstClass email to a personal device or account.

Laptops & Other Mobile Devices continuedNever leave your laptop in a car. Lock it in the trunk before leaving for your destination, if youre not going straight home or to work.Physically lock your laptop up when not in use (cable lock, locked cabinet, etc.)Never keep the only copy of a file on the laptop make sure to have another copy on a board file share or home drive

Laptop and Other Mobile Devices - continuedIf your laptop is lost or stolen, you need to report it immediately to your PrincipalKNOW what is on itDont load unauthorized or unsupported applications. They can pose a huge risk to privacy of information. (i.e. - shareware such as LimeWire)

Good Password ManagementPasswords are now being synchronized to help you remember. Where you used to have a password for each system, you now have one password to MANY systems, including your HR system.

While this is easier for you, it raises the risk of disclosure if you dont follow the rules

Good Password ManagementNever write your passwords down where they can be viewed by others (sticky notes, labels, etc.)Never share your password with anyone else Dont log anyone else onto a computer with your passwordFollow the Administrative Regulations for password management

A Quick Re-capThe protection of an individuals personal information is mandated by law Electronic access to significant quantities of personal information has never been so highWhere we are the stewards, we are all accountableCommon sense and good practice will go a long way to protect the information in our care

17