BEST PRACTICES
The OPS must adhere to the following best practices for managing personal information:
|
Collection
|
Collect only personal information you need to perform your assigned duties and responsibilities.
|
Use
|
Personal information must be used only for the purpose(s) for which it was collected.
|
Disclosure
|
Disclose personal information:
- only when the disclosure is consistent with the purpose(s) for which it was collected;
- to others only on a “need to know” basis where they require the information to perform their assigned duties and responsibilities;
- to a contractor only when a contract is in place requiring the contractor to meet personal information-handling and security standards.
|
 |
Security
|
Personal information must be kept secure at all times.
When not in use, personal information (both hard copy and electronic) must be maintained under “lock and key”. Hard copy personal information must be stored in lockable file cabinets — even in secure areas — and all electronic information must be password-protected.
All employees must maintain a “clean” desk.
|
Privacy Breach
|
A privacy breach occurs when personal information is inappropriately disclosed (for example, when a letter containing an individual’s personal information is sent in error to another individual).
A privacy breach must be brought to the attention of your manager
immediately.
|
Retention and Destruction
|
Personal information must be retained and destroyed in accordance with records retention schedules established by the Archives of Ontario. Personal information that is no longer required must be destroyed in a secure manner.
|
Questions
about Best Practices for Managing Personal Information?
web.foi@mgs.gov.on.ca
If you have questions about the collection, use and especially the disclosure of personal information in carrying out your job duties, consult with your manager prior to making any decisions.
|
OCIPO 
