Privacy

Definition

The ability of individuals to control the extent to which personal information about them is collected, used, disclosed, retained, and disposed.

What Employees Need to Know

• Accountability: ESDC is responsible for all personal information under its custody and control.
• Identifying Purposes: We explain to individuals why we are collecting their personal information.
• Consent: Where appropriate or required by law, the express consent of the individual for the collection, use, or disclosure of personal information is obtained.
• Limiting Collection: Only the minimum necessary of personal information that is directly relevant is collected.
• Limiting Use, Disclosure and Retention: ESDC does not use or disclose personal information other than for its original purpose unless there is legal authority or it is required by statute to do so. Personal information is retained for at least two years after it was last used.
• Accuracy: Personal information should be accurate and as current as possible.
• Safeguards: All personal information is protected by security measures appropriate to the sensitivity of the information.
• Openness: ESDC makes public the descriptions and uses of the personal information in its custody and control.
• Individual Access: Upon request, individuals are informed of, and can access their personal information in the custody and control of the Department. Individuals can request changes to inaccurate information about themselves.
• Challenging Compliance: Individuals can question ESDC about its compliance with these principles, policies, and practices for the management and protection of their personal information. ESDC responds to all inquiries, and takes any necessary corrective action.

Employee Roles and Responsibilities

All employees are responsible for understanding and complying with policies, procedures and practices for the collection, retention, use, disclosure and disposal of personal information under their custody and control:

• We must protect and carefully keep in strict confidence all of the personal information under our custody and control.
• Access to personal information must be restricted on a “need-to-know” basis.
• Personal information, in all forms and formats, must be protected against loss, theft and unauthorized disclosure, copying, use and modification.
• Procurement documents and grant and contribution agreements must contain clauses for the confidentiality and the physical and technical security of personal information.
• We all have a duty to immediately report any incidents of improper or accidental use, disclosure or loss of personal information to our immediate supervisor.
• Be proactive in identifying privacy risks to supervisors and seek advice to improve the secure handling of personal information.

Frequently Asked Questions

Tools

• Departmental Policy on Privacy Management (PDF, 439 KB) 
• Privacy Code (Department of Employment and Social Development Act, Part 4)
• Privacy Notice – Suggested Statements (DOC, 30 KB)
• Canada Pension Plan/Old Age Security – Protection and Disclosure of Personal Information
• Model Privacy Clauses for Use in Contracts with Third Parties (DOC, 56 KB)
• Consent to Disclose Personal Information to an Individual Inquiring on Behalf on another Individual 
• Policy on Privacy Protection (TBS)
• Directive on Privacy Practices (TBS)
• Guidelines for Privacy Breaches (TBS)
• Disclosure of Personal Information to Members of Parliament (TBS)

Training

Canada School of Public Service

• Access to Information and Privacy in the Government of Canada (I703)

Departmental training

• Privacy and Access to Information: It’s Everybody’s Business

Contacts and Links

• E-mail