Privacy and Information Management FAQ
Q. What protections (policies and procedures) does the Board have in place to protect personal information.
A. The Halton District School Board is subject to the Municipal Freedom of Information and Protection of Personal Privacy legislation. In addition, the Board has a Privacy and Information Management Policy, and related procedures dealing with protection practices for mobile devices (laptops, PDAs, etc.) and how to handle a breach of information.
Q. What does the Privacy and Information Management Policy entail?
A. The Halton District School Board’s Privacy and Information Management Policy outlines the Board’s commitment to the protection of personal information under its control and to the individuals’ right of privacy regarding personal information that is collected, used, disclosed, and retained in the school system.
The policy is based on the “Privacy Standard” developed by the provincial Privacy Information Management (PIM) Taskforce for use by Ontario school boards/authorities. It is based on globally recognized fair information principles and is grounded in Ontario privacy legislation, specifically the Municipal Freedom of Information and Protection of Personal Privacy Act (MFIPPA) the Personal Health Information Protection Act (PHIPA), the Education Act (including the Ontario Student Record Guidelines), and the Personal Information and Protection of Electronic Documents Act (PIPEDA).
Other procedures relating to the protection of information fall under this policy.
Q. What practices does the Board implement for protection of privacy on portable devices?
A. The Halton District School Board recognizes that mobile technologies are regularly used by Halton District School Board employees. These devices enhance the quality of work and life for employees but dramatically increase the risk for data loss and personal information disclosure. The “Protection of Board-owned Mobile Devices” procedure is intended to reduce this risk.
Mobile devices include, but are not limited to all portable electronic devices that contain or access data including cell phones, personal digital assistants (PDAs), portable computers, memory storage, USB sticks/drives.
This procedure sets a standard for all Board laptops and PDAs to be password protected, and to time-out after 20 minutes of inactivity (after which time, a password is required to reactivate the computer). Additionally, all administrators and central staff must utilize encrypted hard drive storage on their computers.
Q. What steps does the Board take if there’s an information breach?
A. The Halton District School Board has a procedure it implements in a situation where a breach has occurred. These steps are outlined in the Halton District School Board’s Breach of Privacy Notification.
When it has been determined who may be potentially affected by the breach, notification will be provided to those affected. If the potential breach affects a larger group, a system message will be sent out from the Board’s Home Notification email system, notifying all who may be impacted.
Any notification message will contain the following:
* the scope of the recipients who are receiving the message (ie: all parents/guardians, or
* parents/guardians of a particular school or grade)
a reference to this FAQ for further information on the Board’s policies, procedures and practices.
Any questions relating to the potential breach should be directed through the Director’s Office (firstname.lastname@example.org) to the Board’s Manager of Freedom of Information and Protection of Personal Privacy, and/or the Board’s Communications Manager.
Q. What kind of training is provided to staff regarding the storage of private information?
A. The Halton District School Board’s Privacy and Information Management (PIM) Committee meets monthly to review policies, procedures and investigate new strategies related to privacy. Part of the team’s responsibility is to implement an ongoing awareness campaign designed to keep the issue of security and privacy in the forefront for all staff. This includes education and awareness - posters, email notices, newsletters and other documentation from the provincial Privacy Information Management (PIM) Taskforce, as well as tips, techniques and strategies for individual use.
Q. How often are the Board’s privacy standards reviewed?
A. The Halton District School Board’s policies and procedures regarding privacy and information management, encryption of mobile devices, and related issues are reviewed regularly. Procedures are reviewed by the Board’s Privacy and Information Management (PIM) Committee and senior administration, and policies are reviewed by the Board of trustees before being submitted for public input on our website.