Privacy Policy

Preamble

Human Resources and Skills Development Canada (HRSDC) has developed an internal privacy policy to assist employees in ensuring that the measures for the protection of personal information under their control are incorporated into all departmental programs and activities. This policy is based on privacy principles common to internationally recognized protection codes and is in accordance with the:

• Canadian Charter of Rights and Freedoms
• Privacy Act
• Department of Human Resources and Skills Development Act (DHRSD Act)
• Department of Social Development Act (DSD Act)
• Employment Insurance Act (EI Act)
• Canada Pension Plan (CPP)
• Old Age Security Act (OAS Act); and
• Treasury Board Secretariat (TBS) policies.

This policy is designed to be read in conjunction with the TBS policy entitled Policy on Privacy Protection and will assist in promoting a privacy sensitive culture across the organization, in demonstrating leadership in protecting personal information and in maintaining the trust of Canadians by outlining the commitment of HRSDC to protect personal information effectively.

Policy Objective

The objectives of this policy are to ensure that HRSDC effectively manages personal information under its control, is responsive to the information needs of the public, and builds a climate of trust, credibility and understanding by:

• re-affirming its commitment to protect personal information under its control;
• outlining the privacy requirements of the Privacy Act, DHRSD Act, Department of Social Development Act, Employment Insurance Act, and the Canadian Pension Plan and Old Age Security Act;
• supporting the adoption of privacy principles and guidelines that will guide HRSDC in the protection of personal information;
• implementing a harmonized approach to privacy management across HRSDC; and
• demonstrating openness and transparency about the privacy practices of HRSDC.

Policy Statement

It is the policy of HRSDC to:

• carry out the collection, use, disclosure, retention and disposition of personal information in a way that respects the privacy principles outlined in the Privacy Act and other applicable laws, regulations and TBS policies;
• ensure that privacy is a core consideration in all its programs and activities;
• protect the personal information under its control while enabling departmental officials to access and use the information, as required, to maintain and deliver programs and activities;
• communicate its privacy practices to the public;
• ensure that effective and up-to-date personal information protection measures are in place;
• ensure that appropriate levels of protection of personal information are in place when dealing with stakeholders and partners including provinces/territories, foreign governments and international organizations.

Application

This policy applies to all HRSDC programs and activities, including the Service Canada Initiative and the Labour Program, that require the collection, use, and/or disclosure of personal information by HRSDC.

This policy covers all personal information, including but not limited to both client and employee personal information, under the control of HRSDC, including the Service Canada Initiative and the Labour Program.

Responsibilities

Every employee has a responsibility to comply with the corporate privacy policy as follows:

• the responsibility of all staff to apply the policy in the execution of their duties;
• the responsibility of all managers for ensuring that privacy measures are integrated into their operational activities;
• the responsibility of the Chief Privacy Officer (CPO) for promoting departmental compliance with policy requirements; and
• the accountability of senior executives for promoting and implementing this policy.

The Access to Information and Privacy (ATIP) Directorate of HRSDC provides advice and support as well as practical guidance for the adoption of effective and consistent privacy practices.

Roles and responsibilities for the management and safeguarding of personal information are defined in more detail in the departmental document entitled "Enterprise-Wide Accountabilities for Privacy and Security," which can be found on the ATIP website.

Requirements

HRSDC must take the necessary steps to protect personal information by:

• establishing procedures to anticipate and mitigate privacy risks;
• incorporating privacy requirements into programs and activities in accordance with this policy and updating privacy measures as required;
• promoting staff awareness and sound practices regarding the protection of personal information;
• ensuring that accountability for privacy is clearly incorporated into the duties of program managers and other employees involved in personal information holdings;
• communicating privacy measures which have been adopted and implemented;
• reviewing and reporting activities and progress under this policy; and
• ensuring that third parties who collect, use and/or disclose personal information on behalf of HRSDC have adequate privacy protection measures.

The attached guidelines serve to assist departmental employees to comply with this policy.

Policy Review

This policy will be reviewed every five years, or as required, to determine its effectiveness in providing direction to HRSDC. The Privacy Management Framework Steering Committee (PMFSC) will lead the policy review.

References

This policy should be read in conjunction with the following primary references: