Home | Databases | WorldLII | Search | Feedback Privacy Law and Policy Reporter

Greenleaf, Graham --- "Contact: Advice on the confidentiality of personal information" [1995] PrivLawPRpr 49; (1995) 2(4) Privacy Law & Policy Reporter 75

CONTACT: ADVICE ON THE CONFIDENTIALITY OF PERSONAL INFORMATION

Commission d'acces a l'information du Quebec - January

Act respecting the protection of personal information in the private sector 1993 - Act respecting access to documents held by public bodies and the protection of personal information

The Quebec Commissioner has issued a set of guidelines relating to the use of fax machines, the destruction of documents that contain personal information, the cost of access to information in the private sector, direct marketing, the management of personal information in tertiary education institutions, the rights of elected officials and members of boards of directors and access to medical diagnosis. The guidelines seek to explain the application of Quebec information access and privacy legislation, particularly following the implementation of private sector privacy legislation from the beginning of 1994. They provide useful practical guidelines for the implementation of privacy safeguards in any organisation.

Fax machines

Fax machines should be located in a supervised area, not accessible to the public. When transmitting personal information, users should check whether it is appropriate to send such information by fax, check carefully that it is being sent to the right destination, and verify with that the document has arrived with its receiver. Personal information should only be sent by fax when it is urgent and the fax should indicate clearly that the information is confidential. Organisations should keep daily reports of faxes they send.

Guide to the destruction of documents that contain personal information

The Commission's guidelines have been laid down following serious incidents involving the disclosure of personal information. The guidelines state that employees should feel responsible for protecting the personal information which they handle. An employee should not throw out documents, diskettes or magnetic cartridges containing personal information without first making efforts to erase or extract the personal information.

The commission advises that organisations should designate an individual to set up a policy on the destruction of documents and to ensure that this policy is enforced. Paper documents should be shredded within the office. If the volume of paper needing to be shredded makes this unrealistic, such records should be secured in a locked area until they are taken by a paper disposal company. A formal contract should be established with such a company, and should include:

1. An explanation of the process used to destroy documents.
2. Provisions requiring that agreement must be reached between the contracting parties.

Graham Greenleaf