Use/Disseminate
What You Need to Know
- Sharing complete and accurate information, in a timely manner, among employees and with the public is a critical aspect of a more modern and efficient organization.
- To protect the privacy of Canadians, access to sensitive information must only be given to those who need it to perform their duties.
- The Privacy Code restricts the type of personal information and circumstances under which it can be released:
- Personal information is privileged information, and can only be disclosed in accordance with applicable legislation.
- Without the consent of the individual, or as authorized by law, the Department may use personal information only for the purpose(s) for which the information was obtained or compiled.
- Protecting security-classified IRBV is an ongoing responsibility of all employees.
- You must ensure that proper security protocols are followed when transmitting and receiving information of a sensitive nature:
- Allowable methods of transmission are based on the security level of the information.
- If you must transport information, only use department-issued and approved devices.
- Using encryption is a simple and very effective way to protect your files:
- Protected B documents can be sent via e-mail within the departmental firewall only. If sending outside of the departmental firewall, the documents must be encrypted.
- Use encryption to secure sensitive information for your own safekeeping.
- If you signed up for access to Compensation Web Applications then you already have everything you need to use encryption.
- Never send any sensitive material to unidentified recipients.
- Only transmit information of low sensitivity (Protected A) by standard FAX:
- Confidentiality of FAX traffic can be intercepted at originating or receiving locations, deliberate monitoring, or through misdirection.
- FAX services can be compromised by hardware and software failures.
- Consult your Regional Security Office (RSO) when there is a requirement for FAX transmission of information classified Protected B and above.
- Do NOT transmit “SECRET” information by fax, unless it is a secure fax connected to a Secure Communications Interoperability Protocol device and you have consulted your RSO.
- Don’t process, transmit, or store sensitive, protected or personal data on a smartphone device.
- Pin-to-Pin messaging on a BlackBerry should only be used in an emergency (e.g. when a Business Continuity Plan is invoked)
- You are expected to acquire, preserve and share knowledge and information as appropriate
- Respect your Duty of Loyalty when posting anything online:
- Limit personal information you post (e.g. where you work or your schedule) online.
Remember: you can’t take back anything you post online.
- Don’t identify yourself as a public servant or use your departmental e-mail address when using social media for personal use.
- Limit personal information you post (e.g. where you work or your schedule) online.
- When sending an e-mail, use links whenever possible instead of attachments.
Tools and Resources
- Compensation Web Application
- MyKey
- The Public Sector Value of Stewardship and expected behaviours
- Approved Portable Devices
- To ensure protection of information – preparation, storage, handling, transmission and destruction, see:
Frequently Asked Questions
Are knowledge and information considered a public resource?
Yes. Public resources include knowledge and information.
What do I do if I lose my Blackberry?
If your device is lost or stolen you must immediately report it to your manager and the National Service Desk. Even if there is a possibility that the device may be recovered, immediately reporting the loss will ensure that the device can be rendered unusable for a period of time thereby protecting it against misuse.
What is social networking?
Online social networking is an extension of traditional social networking but is conducted over the Internet. Social networking sites encourage you to provide a lot of information about yourself and they offer some type of communication mechanisms (e.g. chat rooms or instant messaging) that enable you to connect with others.
Am I allowed to visit social media sites, for private purposes, while at work?
Yes, the TBS Policy on Acceptable Network and Device Use (PANDU) allows employees to use departmental computer networks for limited personal purposes provided that this activity:
- is on personal time( e.g. breaks, lunch, the time before and after work);
- is not for financial gain;
- does not add to costs; and
- does not interfere with the conduct of business.
What should I do if I believe there is unauthorized collection, use and disclosure of personal and/or departmental information?
Employees must report incidents, or alleged incidents and complaints to their immediate supervisor/manager for action.
What is MyKey?
MyKey is the new GoC standard for the purposes of encrypting files, decrypting files, e-mails, and for accessing your pay information via the Compensation Web Access (CWA) website.
Can other people open my encrypted files?
Yes, but only if they were included in your distribution list when you encrypted the material AND only if they have a valid encryption key.
What should I do if secure FAX equipment is not available?
When secure FAX equipment is not available, secure alternative means must be used to transmit/transport this information, such as Priority Post, registered mail, or authorized messenger with follow-signing.
Is sending protected B info via e-mail from one federal department to another (i.e. from SC to RCMP, SC to CRA) considered a risk?
Yes. Any e-mail containing Protected B information sent outside our Firewall is considered a risk without applying the appropriate safeguards. Consult your Regional Security Officer for more information.
Who should I contact if I’m unsure about adhering to the Privacy Code?
When in doubt, raise concerns and seek operational guidance from supervisor/managers.