Privacy, Access to Information and Electronic messages under CASL Policy-1A

The Meaford Public Library recognizes that all visitors have the right to privacy and confidentially regarding their use of the library’s services, collections and online spaces, and the collection of personal information. In matters related to privacy and access to information, the Meaford Public Library is guided by the Ontario Municipal Freedom of Information and Protection of Privacy Act, R.S.O. 1990, c. M.56, known commonly as (MFIPPA).

See also the Municipality of Meaford's Website Privacy Policy.

Section 1: The Library and Privacy

The Meaford Public Library Board will protect the privacy of all individuals’ personal information in its custody or control, in keeping with the privacy provisions of MFIPPA and other applicable legislation.

1. Collection of information

a) Personal information is defined in Municipal Freedom of Information and Protection of Privacy Act, R.S.O. 1990, c. M.56 (MFIPPA), in part, as “recorded information about an identifiable individual.” This could include, in the library context, information on a user’s borrowing habits, as well as information related to computer use.

b) The Meaford Public Library collects the following identifiable pieces of information:

  • name, address, telephone number and e-mail address of each registered library user
  • information about what an individual library user has borrowed or items placed on hold
  • information about fines o information about a public meeting room space booked by a specific individual o information about programs an individual has registered to attend
  • information about an individual’s log-in to a public computer as well as the Internet search history
  • information about individuals requests for material through interlibrary loan. As part of a provincial interlibrary loan network, some of this information resides on servers in other places and the library cannot definitely guarantee the use of this information

c) The library collects comment forms, requests for material reconsideration and correspondence from individual users. All correspondence received is part of the Board’s public documents except for correspondence related to personnel or property issues which would be treated as confidential and handled in an in-camera library board session.

d) The library system collects images and video clips through security cameras. Images are only used to ensure the security and safety of staff and individuals using the library.

e) The personal information may be given in any of three formats – in person, in writing, electronically – and this privacy policy covers all three circumstances.

2. Use of information

a) The collection of personal information is limited to that which is necessary for the administration of the library and the provision of library services and programs.

b) The purposes for which personal information is collected from an individual is identified by the library at, or before, the time the information is collected and that consent is given by the individual at that time.

c) As using personal information for other purposes than originally intended is not permitted by MFIPPA, if the library wishes to use a patron’s personal information for a purpose that is not consistent with the one for which it was originally obtained or compiled, it must first acquire the patron’s written consent to use the personal information for that new purpose.

3. Disclosure of information

a) The Library will not disclose personal information related to a visitor or library user to any third party without obtaining consent to do so, subject to certain exemptions as provided in section 32 of MFIPPA. Disclosure is permitted in some situations, including the following:

i. To a parent or guardian of a person up to sixteen (16) years of age.

ii. Upon the presentation of a search warrant.

iii. To police in the absence of a search warrant to aid an investigation (at the CEO’s discretion).

4. Retention of information

a) The Library will not retain any personal information related to the items borrowed or requested by a user, longer than is necessary for the provision of library services and programs. The retention of personal information includes the following situations:

  • Personal information regarding library transactions is retained in the user database as long as the circulation record indicates that an item remains on loan or fees remain unpaid.
  • Records of returned items that have no outstanding fees/charges remain on the user record in the circulation database until files exceed the library system storage.
  • Personal records of all users who have not used their cards in the previous five (5) years and do not have outstanding fines are purged on an annual basis.

b) The Library may retain personal information related to library functions or services as described below, when users voluntarily opt in to do so; for example, in order to enhance or personalize library functions or services.

  • The personal information and borrowing history of Home Library Services users are retained with their permission. This is done in order to assist staff in selecting and delivering materials for the user.
  • Records relating to the answering of questions and/or in-depth research for the public in person, by phone, or e-mail, are retained for two years.

5. Responsibility for privacy

a) The board is responsible for personal information under its control and designates the Library CEO as the individual accountable for the library’s compliance with legislation. The CEO ensures that the policy with respect to collection, use and disclosure of information is followed.

b) All Meaford Public Library employees will be made aware of the importance of maintaining the confidentiality of personal information.

c) Any library user who feels their privacy has not been protected may challenge library practices with the CEO. A library user whose challenge, is not satisfied with the result, may appeal to the Library Board, maintaining either the current policy has been violated or that the current policy needs to be changed in order to address a perceived issue.

d) A breach is any unauthorized or illegal collection, use, or disclosure of personal information. In the event of a breach the CEO or her/his designate will:

i. Contain the breach and repatriate the information

ii. Assess the severity of the breach

iii. Notify affected parties and the Information and Privacy Commissioner as required

iv. Investigate the cause of the breach

v. Implement corrective actions

Section 2: The Library and Access to Information

1. The Meaford Public Library is committed to making access to information about the operations of the library available to the public. Board agendas and minutes, annual reports, policies and a variety of other information are made a matter of public record through the Library website and through Library publications. In accordance with the Public Libraries Act the public can inspect any records that the board’s secretary has on file except where exemptions are allowed under Section 6-16 of MFIPPA.

2. Responding to requests for other library information is a statutory obligation and will be completed promptly.

3. Upon request, an individual will be informed of the existence, use, and disclosure of his or her personal information, and be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

4. All requests for information or for records, not publically available, must be made in writing. The CEO will give written notice to the person making a request, as to whether or not access to the record or part of it will be given as prescribed in MFIPPA. Fees will be applied according to the Municipal Freedom of Information and Protection of Privacy Act R.R.O. 1990 Regulation 823.

Section 3: The Library and Electronic Messages under Canada’s Anti-Spam Legislation

1. All electronic messaging sent by the library is consistent with Canada’s Anti-Spam Legislation (CASL).

2. The library will ensure that all electronic messages clearly identify the:

i. subject of the communication

ii. sender (Meaford Public Library)

iii. the library’s mail address and contact information.

iv. way that an individual may “unsubscribe’ from receiving further messages

3. At the time of registration for a library card, specific pieces of information are collected (see Section 1 above). Obtaining a library card implies the individual’s consent to authorize the library to send electronic notifications regarding personal borrowing and transaction activities if an e-mail address was provided at the time of registration. Individuals may request not to receive electronic notifications although such an action may affect their ability to use the affected library services.

4. The library may, at times, use electronic means to promote services, share information, or announce special events. The library will provide an opportunity for individuals to sign up to receive such specific notifications, and will seek the individual’s consent before sending promotional electronic messages and notifications. The library will provide options to individuals to easily unsubscribe from these services or to change their preferences at any time.

Related Documents:

  • Meaford Public Library, Policy 3, Circulation
  • Municipal Freedom of Information and Protection of Privacy Act, R.S.O. 1990, c. M56
  • Municipal Freedom of Information and Protection of Privacy Act, R.S.O. 1990, Regulation 823
  • Information and Privacy Commissioner of Ontario. What are the Privacy Responsibilities of Public Libraries? 2002.

Approved: August 2013 Revised: July 2017 Policy-1A Privacy, Access to Information and Electronic

Download the Privacy Policy

phone iconContact Us