General                     In fulfilling its legislative obligations, the Workers’ Compensation Board of Nova Scotia must obtain and create information to support its business objectives.  The Workers’ Compensation Board of Nova Scotia recognizes that information is a corporate resource and that the public has a right to certain information it holds and to know personal information is protected. As a public body, the Workers’ Compensation Board of Nova Scotia must endorse its accountability to the public to adhere to applicable legislation. 

Definitions                Definitions as contained in the Freedom of Information and Protection of Privacy Act of Nova Scotia: 

(a)             “background information” means

(i)               any factual material,

(ii)              a public opinion poll,

(iii)            a statistical survey,

(iv)            an appraisal,

(v)             an economic forecast,

(vi)            an environmental-impact statement,

(vii)          a final report or final audit on performance or efficiency of a public body or on any of its programs or policies,

(viii)         a feasibility or technical study, including a cost estimate, relating to a policy or project of a public body,

(ix)            a report on the results of field research undertaken before a policy is formulated,

(x)             a report of an external task force, advisory board or similar body that has been established to consider any matter and make reports or recommendations to a public body, or

(xi)            a plan or proposal to establish a new program or to change a program, if the plan or proposal has been approved or rejected by the head of the public body. 

           

(b)               “personal information” means recorded information about an identifiable individual, including

(i)                  the individual’s name, address and telephone number,

(ii)                the individual’s race, national or ethnic origin, colour, or religious or political beliefs or associations,

(iii)               the individual’s age, sex, sexual orientation, marital status or family status,

(iv)              an identifying number, symbol or other particular assigned to the individual,

(v)                the individual’s fingerprints, blood type or inheritable characteristics,

(vi)              information about the individual’s health care history, including a physical or mental disability,

(vii)             information about the individual’s education, financial, criminal or employment history,

(viii)           anyone else’s opinions about the individual, and

(ix)              the individual’s personal views or opinions, except if they are about someone else.

 

(c)                “public body” means

(i)                  a Government department or a board, commission, foundation, agency, tribunal, association or other body of person, whether incorporated or unincorporated, all the members of which or all the members of the board of management of board of directors of which

(a)      are appointed by order of the Governor in Council, or

(b)      if not so appointed, in the discharge of their duties are public officers or servants of the Crown.

(d)               “record” includes books, documents, maps, drawings, photographs, letters, vouchers, papers and any other thing on which information is recorded or stored by graphic, electronic, mechanical or other means, but does not include a computer program or any other mechanism that produces records. 

(e)                “third party”, in relation to a request for access to a record or for correction of personal information, means any person, group of persons or organization other than

(i)                  the person who made the request, or

(ii)                a public body.

 

Policy Statement          

1.                  The Board will adopt the following principles to ensure the protection of personal information, as contained in the Model Code for the Protection of Personal Information (attached). 

1.1                     Accountability

1.2                     Identifying Purposes

1.3                     Consent

1.4                     Limiting Collection

1.5                     Limiting Use, Disclosure and Retention

1.6                     Accuracy

1.7                     Safeguards

1.8                     Openness

1.9                     Individual Access

1.10                 Challenging Compliance

 

2.             The Workers’ Compensation Board of Nova Scotia will ensure the protection of personal information and background information by ensuring appropriate: 

2.1                     Confidentiality of the information;

2.2                     Availability of the information; and

2.3                      Integrity of the information.
  

 References             Worker’s Compensation Act (Chapter 10, Acts of 1994 – 95) Sections 192 -195.       

                                    Freedom of Information and Protection of Privacy (Chapter 5, Acts of 1993).

                                    Model Code for the Protection of Personal Information (Approved as a National Standard of Canada by the Standards Council of Canada).

                                                           

 ___________________________________________

Executive Corporate Secretary

 

---

Principles set out in the National Standard of Canada entitled "Model Code for the Protection of Personal Information." 

 

Principle 1 - Accountability

An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance with the following principles.  

Principle 2 - Identifying Purposes

The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected. 

Principle 3 - Consent

The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.  

Note: In certain circumstances personal information can be collected, used, or disclosed without the knowledge and consent of the individual. For example, legal, medical, or security reasons may make it impossible or impractical to seek consent. When information is being collected for the detection and prevention of fraud or for law enforcement, seeking the consent of the individual might defeat the purpose of collecting the information. Seeking consent may be impossible or inappropriate when the individual is a minor, seriously ill, or mentally incapacitated. In addition, organizations that do not have a direct relationship with the individual may not always be able to seek consent. For example, seeking consent may be impractical for a charity or a direct-marketing firm that wishes to acquire a mailing list from another organization. In such cases, the organization providing the list would be expected to obtain consent before disclosing personal information.  

Principle 4 - Limiting Collection

The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.  

Principle 5 - Limiting Use, Disclosure, and Retention

Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes.  

Principle 6 - Accuracy

Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.  

Principle 7 - Safeguards

Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.  

Principle 8 - Openness

An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.   

Principle 9 - Individual Access

Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

Note: In certain situations, an organization may not be able to provide access to all the personal information it holds about an individual. Exceptions to the access requirement should be limited and specific. The reasons for denying access should be provided to the individual upon request. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security, or commercial proprietary reasons, and information that is subject to solicitor-client or litigation privilege.  

Principle 10 - Challenging Compliance

An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization's compliance.