The purpose of this policy is to ensure:
- The Kingston Frontenac Public Library complies with the Municipal Freedom of Information and Protection of Privacy Act, R.S.O., c. M.56. (MFIPPA) and its regulations, notwithstanding the specific applications outlined in this policy;
- Members of the public have access to information about the operations of the Library and to their own personal information held by the Library in accordance with the access provisions of MFIPPA; and
- The privacy of individuals' personal information is protected in compliance with the privacy provisions of MFIPPA.
This policy applies to all services and operations of the Kingston Frontenac Public Library Board, its staff, Board members and volunteers.
Disclosure means revealing a piece of information that was intended to remain confidential.
General records means general information that is organized and capable of being retrieved. The records contain no personal information.
Individuals means members of the public, about whom the Library retains “personal information”.
Personal information as defined by MFIPPA, means recorded or unrecorded information about an identifiable individual, including, but not limited to
- information relating to the race, national or ethnic origin, colour, religion, age, sex, sexual orientation or marital or family status of the individual,
- information relating to the education or the medical, psychiatric, psychological, criminal or employment history of the individual or information relating to financial transactions in which the individual has been involved,
- any identifying number, symbol or other particular assigned to the individual,
- the address, telephone number, fingerprints or blood type of the individual,
- the personal opinions or views of the individual except if they relate to another individual,
- correspondence sent to an institution by the individual that is implicitly or explicitly of a private or confidential nature, and replies to that correspondence that would reveal the contents of the original correspondence,
- the views or opinions of another individual about the individual, and
- the individual’s name if it appears with other personal information relating to the individual or where the disclosure of the name would reveal other personal information about the individual.
Personal information bank means a collection of personal information that is organized and capable of being retrieved using an individual's name or an identifying number or particular assigned to the individual;
Record means any record of information however recorded, whether in printed form, on film, by electronic means or otherwise, and includes:
- correspondence, a memorandum, a book, a plan, a map, a drawing, a diagram, a pictorial or graphic work, a photograph, a film, a microfilm, a sound recording, a videotape, a machine readable record, any other documentary material, regardless of physical form or characteristics, and any copy thereof, and
- subject to the regulations, any record that is capable of being produced from a machine readable record under the control of an institution by means of computer hardware and software or any other information storage equipment and technical expertise normally used by the institution.
4. Guiding Principles
It is the policy of the Kingston Frontenac Public Library that the Library will make information about the Library available to the public and protect the privacy of all individuals’ personal information in its custody or control in keeping with the access and privacy provisions of MFIPPA and other applicable legislation
5.1 Access to Information
- Library Board agendas and minutes, annual reports, policies and a variety of other information will routinely be made a matter of public record through the Kingston Frontenac Public Library website and through Library publications.
- Access to general records about Library operations will be provided to the public, subject to the provisions of MFIPPA.
- Access to recorded personal information about a particular individual will be provided to that individual, upon verification of identity and subject to the exemptions outlined in MFIPPA.
- Payment of a fee may be required and will be assessed and collected in accordance with MFIPPA regulations.
- Requests for access to general records and recorded personal information should be directed to the Office of the Chief Librarian/CEO.
5.2 Protection of Privacy: Patrons
Collection and Use of Information:
- The Library will not collect any personal information about individuals without obtaining their consent to do so, subject to the exceptions as contained in MFIPPA. Personal information that is collected will be limited to what is necessary for the proper administration of the library and the provision of services and programs.
- Personal information will only be used for the stated purpose for which it was collected or for a consistent purpose.
- The Library will provide the following information to the individual when personal information is being collected on behalf of the Library:
- legal authority
- principle purpose or purposes for use
- title, business address and telephone number of an official from the Library who can answer questions.
- Individuals are informed of the reasons for collecting personal information at or before the time of collection.
Examples of reasons are:
- Access to library materials and services
- Room rentals
- Library fund development
- Electronic communications including, but not limited to, hold alerts and overdue notices
- Non-identifying statistical purposes
- Protection of Library property and the safety of the public.
- Personal information may only be obtained from the individual to whom the record relates, as required in MFIPPA, unless the individual authorizes another manner of collection.
- A parent or guardian may supply information about a child under 16 years of age, in his or her custody.
- The Library will take reasonable steps to ensure that the personal information on the records held by the Library is accurate and up to date. The Library will change an individual's personal information if it is incorrect. The Library may ask for supporting documentation.
- Employee access to personal information is limited to those employees who need access in order to perform their assigned duties.
- The Library will maintain a personal information bank index of all personal information banks in the custody or under the control of the Library, as set forth in MFIPPA.
5.3 Disclosure of Information:
Notwithstanding the specific applications of MFIPPA cited in this policy, the Kingston Frontenac Public Library Board is subject to all requirements of disclosure in the MFIPPA.
- The Library will not disclose personal information, under its custody or control, related to an individual to any third party without obtaining consent to do so, subject to certain exemptions as provided in MFIPPA.
Situations where the Library will disclose this information include the following:
- The Library will disclose personal information to a parent or guardian of a child, under 16 years of age, whose names are recorded on the child’s patron record.
- The Library will disclose relevant personal information about the individual enrolled in the Extension Services, to an authorized support person/family member, or staff of long term care facilities, for the purposes of service delivery, authorized by the individual.
- The Library will disclose personal information concerning an individual to a third party who has been assigned supplementary card privileges (pick up material on hold) provided that the individual and the third party have indicated their agreement and the agreement has been recorded in the patron record. Use of the card does not allow access to other services and programs or access to information in the individual’s record.
- The Library may release relevant personal information to a company acting on its behalf for the collection of Library property or unpaid fines or fees.
- The Library will release information to the Family and Children’s Services, under the authority of the Child and Family Services Act, R.S.O. 1990, c. C.11, which states that a person who believes, on reasonable grounds, that a child under 16 is at risk of harm, must report this suspicion to the Family and Children’s Services immediately, directly and on an ongoing basis.
- The Library requires any contracted service provider that may have access to personal information (e, g. integrated library system provider) to sign a confidentiality agreement.
5.4 Retention of Records:
The Library will not retain any personal information, such as information related to items borrowed or requested by an individual, or pertaining to an individual’s on-line activity, longer than is necessary for the provision of library services and programs. Examples include:
- Personal information regarding library transactions is retained as long as the circulation record indicates that an item remains on loan or fees remain unpaid.
- As part of the Library's commitment to offering personalized service, patrons may register for an online service which will allow them to view their ongoing record of items borrowed. Use of this service will be entirely voluntary.
- The circulation records of Extension Library Services individuals are retained with their permission in order to assist the staff in selecting materials for the individual.
- Personal records of individuals who have not used their cards in the previous three (3) years and do not have a balance owing are purged on an annual basis.
The Chief Librarian/CEO is responsible and accountable for documenting, implementing, enforcing, monitoring and updating the Library’s privacy and access compliance.
Any Library employee who becomes aware of any unauthorized disclosure of a record in contravention of this policy has a responsibility to ensure that the Chief Librarian and appropriate staff are immediately informed of the breach.
Once a privacy breach has occurred (loss, theft, or inadvertent disclosure of personal information) immediate action must be taken to control the situation.
The Chief Librarian/CEO will identify the scope of the breach and take steps to contain the damage (e.g., determine if unauthorized access to the system has occurred, retrieve copies of recorded information, etc.).
The Chief Librarian/CEO will inform the Information and Privacy Commission and, if applicable, notify affected parties whose personal information was disclosed.
The Chief Librarian/CEO will conduct an internal investigation into the matter to review the circumstances surrounding the event as well as the adequacy of existing policies and procedures in protecting personal information.
All Library staff will be made aware of their obligations under MFIPPA and this policy. Training will be provided to the appropriate staff responsible for the administration and application of this policy.
Failure by staff to comply with this policy may result in disciplinary action up to and including termination of employment
6. Related Policies
Video Surveillance Policy
Records Management Policy
Municipal Freedom of Information and Protection of Privacy Act R.S.O.1990, c. M.56. Child and Family Services Act, R.S.O. 1990, c. C.11 Public Libraries Act, R.S.O. 1990, c. P.44
9. Document Control
Original Policy Date:
Last Reviewed: February 2014 (previously entitled Patron Privacy)
Changes made: October 2016 board motion # 2016-63)
Next Review: 2020