Protection of Privacy Policy
About the policy
The Protection of Privacy Administration Policy was created to guide The City of Calgary’s (“The City’s") entire approach to privacy management.
Purpose
Its purpose is to establish roles, responsibilities, and principles that govern how The City should handle personal information.
The policy comprehensively covers the:
- collection,
- use,
- disclosure,
- accuracy,
- retention,
- and protection of personal information at The City.
The City is a public body under the Freedom of Information and Protection of Privacy Act (“FOIP Act”). This Protection of Privacy policy allows The City to demonstrate a commitment to access and privacy compliance under the FOIP Act and communicate those efforts to City administration and the members of the public, generating increased trust and confidence.
The City is committed to safeguarding personal information and making reasonable security arrangements against such risks as: unauthorized access, collection, use, disclosure, or destruction.
There are times when The City’s reasonable security safeguards may be compromised, inadequate, missing, or subject to malice, and a privacy breach occurs.
Part of The City’s commitment to privacy is to be transparent about The City’s internal privacy practices for addressing and responding to privacy complaints.
The policy also includes a Privacy Breach Response Protocol (Appendix 1). This identifies roles, responsibilities, and specific steps that need to be taken when a suspected or actual privacy breach occurs.
Legal foundation
Rooted in the FOIP Act, the policy ensures a solid legal foundation for our privacy practices and sets clear expectations for compliance with legislative requirements.
Frequently asked questions
What is the purpose of the Protection of Privacy Administration Policy?
When Calgarians share personal information with The City, it is our legal responsibility to keep it safe and secure. This policy is designed to ensure that we do this in compliance with the Freedom of Information and Protection of Privacy Act (FOIP Act). The policy outlines principles, responsibilities, and our protocol in the event of a privacy breach.
What kind of information does the policy cover?
The policy covers any recorded information about an identifiable individual, including but not limited to:
- name
- address
- telephone number
- race
- age
- health information
It addresses how this kind of information is collected, used, and protected.
How will I be informed if my personal information is collected?
When your personal information is collected directly from you, we will provide notice regarding the purpose for collection, legal authority, and a City contact for any questions.
How does the policy ensure the accuracy of personal information?
The City commits to making reasonable efforts to ensure the accuracy of personal information is used to make decisions affecting individuals. People also have the right to access and request corrections to their personal information, subject to FOIP Act limitations.
What is a Privacy Impact Assessment (PIA)?
A PIA is a process conducted for new or modified projects, programs, or information systems involving personal information. It helps us assess technical compliance with the FOIP Act, privacy implications and risks early in the project cycle. A completed PIA is required before implementation of a project, initiative, program, administrative practice or process, or information system that involves the collection, use, or disclosure of personal information.
What happens in the event of a privacy breach?
There may be times when The City’s reasonable security safeguards (administrative, technical and/or physical) may be compromised, inadequate, missing or subject to malice and a privacy breach occurs. The Privacy Breach Response Protocol (Appendix 1- page 9) of the Protection of Privacy Policy outlines the process for managing suspected or actual privacy breaches. The City will investigate, respond and take necessary actions to mitigate the impact.
How can I report a privacy breach or express concerns?
If you suspect a privacy breach or have concerns, use the Privacy Breach Form (available on the employee portal). You can also contact Access to Information and Investigations at FOIP@calgary.ca or follow the reporting process outlined in the Privacy Breach Response Protocol.