POLICY NO. AP003
The purpose of this policy is to ensure that personal information of members and staff of the Alberta Municipal Services Corporation (“the Corporation”) is protected and dispositioned in accordance with Section 33(c) of the Freedom of Information and Protection of Privacy (FOIP) Act and the 10 Principles of the Personal Information Protection Act (PIPA)
This policy applies to any personal information gathered and administered by the Corporation. All members of AMSC Boards and Committees, as well as employees of the Corporation, are required to comply with this policy and any associated procedures.
Personal Information: personal information is any information that can be used to identify an individual, including, but not limited to, names, social insurance numbers, birth dates, income figures, addresses or other descriptive statements.
Retention: a record can be retained for a period of time after it is no longer in use by the Corporation and before its final disposition action is applied.
Disposition: the final action for a record – either destruction or permanent archiving.
Privacy Officer: the Privacy Officer is a person designated as the first point of contact when privacy issues arise. They are responsible for responding to FOIP requests and providing recommendations to ensure that AMSC is compliant with all applicable privacy legislation.
The Privacy Officer will recommend a set of associated business procedures to the CEO for final approval in order to ensure compliance with the FOIP Act and PIPA.
Collection of personal information shall be limited to only what is necessary to achieve business objectives, and will require consent on behalf of the person whose information is being gathered.
Access to gathered information is restricted only to staff who need the information to perform tasks within the intended purpose of the information use. A person whose information has been gathered by the Corporation may submit a request to the Privacy Officer to view or amend their personal information in the Corporation’s possession.
This policy will be reviewed every 3 years by the AMSC Governance Committee in anticipation of changes to legislated policy and generally-accepted corporate best practices regarding personal information retention, protection and use.