Confidentiality Policy Development Tool
Protecting your privacy is top priority for the City of Toronto. You are seeing this alert because your web browser needs to be updated to access content on toronto.ca. You will need to download and install a more recent version of your web browser to use our website.
Developed by the City of Toronto
- Reviewing the corporation’s policies and practices regarding the collection and storage of personal information.
- Implementing the necessary changes to guarantee that collecting and retrieving personal information follows the corporation’s policy.
- Telling tenants/members and public how the corporation treats personal information.
- Handling complaints. The Privacy Officer should respond to all requests for access to and correction of personal information within 30 days of the request being made. The Privacy Officer should advise the complainant what action was taken.
Making recommendations to the Board of Directors in connection with the resolution of the complaint when necessary.
The agreement will help ensure the protection of information used by your corporation.
It should be signed and dated.
Here is a sample template:
Consider the following:
In your building, how are applicant, tenant/member and employee files (including information on databases) safeguarded against unauthorizedaccess?
How are your databases containing files with personal information, and other confidential electronic files protected against unauthorized access?
How do you dispose of personal information?
When do you release personal information?
Who has access to and is responsible for correcting personal information?
Breach of Confidentiality
A breach of confidentiality may be grounds for staff to be disciplined or terminated and a board member to be removed as a director of the corporation. The Board must determine the penalty for breach of confidentiality and include this in the policy. The penalty must be communicated to all persons affected by the Confidentiality Policy.
The Board should review monthly status reports from the Privacy Officer to ensure the Confidentiality Policy is being followed.