Protecting Personal Privacy
Reviewing the Ministry’s Notice of Collection Document with Clients
You will find the Notice of Collection document in the client applications. You are required to understand the ministry’s Notice of Collection document to ensure that you can explain the details with your clients.
The four key points to cover are:
- why their personal information is being collected and how it will be used.
- from whom the ministry may collect information and with whom the ministry may share information.
- what laws and regulations allow the ministry to collect the information.
- who to contact with questions and concerns.
Explaining Consent to the Ministry’s Collection, Use and Disclosure of Personal Information Policy to Clients
When your clients sign the document, they are giving the ministry permission to use their information, and to:
- collect information about them from third parties
(e.g., data that we the service provider enter into the Employment Ontario Information System (EOIS) about you the client).
- share information about them with third parties
(e.g., reporting to Canada, placement with employers, etc.).
Explaining the Acknowledgement of Your Organization’s Collection, Use and Disclosure of Personal Information Policy to Clients
When your clients sign the document, they are acknowledging that you have explained how your organization will use and/or disclose their personal information to deliver [insert program name].
Summary of Your Organization’s Privacy Obligations
Your organization must:
- develop and implement a privacy policy that is made publicly available. For example, it should be posted in your office where clients can read it, and it should be available on your website (where applicable).
- designate an experienced official in your office to be responsible for ensuring compliance with your organization’s privacy policy and the privacy provisions outlined in the agreement with the ministry.
- continuously update staff and subcontractors who have access to clients’ personal information with the appropriate training and resources.
- rigorously follow the procedures set in your privacy policy and the ministry agreement for the collection, storage, use, and disclosure of personal information, as well the destruction of records when no longer needed for program delivery, or to comply with agreement provisions.
- provide clients with access to their personal information upon their request.
- immediately notify the ministry of a potential or actual privacy breach and fully cooperate in any audit or investigation of any privacy breach.
- be aware, and make your staff and clients aware, that when a client signs an Employment Ontario (EO) contract, they are agreeing to:
- the ministry’s collection, use, and disclosure of their personal information.
- ensure that only authorized users access the ministry’s case management system.
The ministry is bound by Freedom of Information and Protection of Privacy Act (FIPPA). Your obligation under the agreement is to support the ministry in fulfilling its obligations under FIPPA, such as by assisting in providing the notice of collection on behalf of the ministry to your clients.
You Will Find Your Organization’s Privacy Obligations in:
- the agreement signed by your organization and the ministry, and your organization’s privacy policy.
- Personal Information Protection and Electronic Documents Act (PIPEDA) – a law that governs private-sector organizations involved in commercial activities.
- Canadian Standards Association’s (CSA) Model Code for the Protection of Personal Information – general privacy standards.
Tips to Safeguard Clients' Personal Information
- Hardcopy documents containing clients’ personal information must be stored in locked filing cabinets.
- Follow a clean-desk policy.
- Lock your computer every time you leave your workstation. On a PC, you can lock your desktop by using Ctrl-Alt-Del and pressing Enter. For a Mac you can lock it by using Ctrl-Shift-Eject.
- Update clients’ personal information through a face-to-face meeting or a signed mail-in request.
- Do not send or leave personal information in an email or voicemail.
- Do not store clients’ personal information on portable memory sticks (USBs), laptops, your computer desktop or mobile devices.
- If you must take client paper files off-site (e.g., resumes for potential employers), be vigilant in protecting them.
- Be aware of your surroundings when discussing clients’ personal information. Limit what you say (talk softly!).
Questions and Answers (Asked by Clients)
Question: What is your organization doing to ensure my personal information is protected?
Answer: Our organization is serious about protecting our client's personal information.
- You can view our organization's privacy policy at [insert locations where you have posted your organization’s privacy policy, for example online or onsite).
- We have a designated privacy officer [insert name] who is responsible for ensuring compliance with our organization’s privacy policy and the privacy provisions outlined in our agreement with the Ministry of Advanced Education and Skills Development (MAESD).
- All staff and sub-contractors have acknowledged prior to gaining access to the system that they are responsible for protecting clients’ personal information.
- All staff and sub-contractors have received privacy training.
Question: Why do you need to collect my Social Insurance Number (SIN)? (Please note, this question may not be applicable to your organization, as SIN is not asked for all programs.)
Answer: The services you are going to receive are funded in part by federal funding, and as such, MAESD is required to collect your SIN to report back to them.
Question: How do I go about reviewing the personal information that your organization has on file about me?
Answer: You may contact our privacy officer at [insert phone #] to make an appointment to review your personal information.
Question: I am not satisfied with how my personal information is being handled. Whom do I contact about this?
Answer: You can start by contacting our organization’s privacy officer [insert name and contact information]. If the privacy officer is unable to resolve the issue to your satisfaction, you can call, the manager of the Employment Ontario Hotline at 1-800-387-5656 to discuss the matter.
Question: What is your organization going to do with my personal information? How will it be used?
Answer: [respond as required]
Question: Why do I have to sign the Notice of Collection and Consent twice?
Answer: In the first signature, you are consenting to the ministry’s use and disclosure of your information. In the second signature, you are acknowledging that we have explained how we are going to use and/or disclose your information to deliver [insert program name].
Privacy Resources
Important to keep in mind: you can only access clients' personal information for the purpose of delivering EO services. If you look up a client for any other reason, you may be committing a privacy breach!