Archived - Privacy and Data Protection Guidelines - Employee Privacy Code

This document contains the 6 principles of the Employee Privacy Code.
Date modified: 1993-12-01

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Print-friendly XML


The Federal Government as an employer is committed to fair information practices for its employees, which creates a legitimate and enforceable expectation of privacy. These are expressed for all government institutions in the Privacy Act (1983), which has as its broad purpose "to...protect the privacy of individuals with respect to personal information about themselves held by a government institution and provide individuals with a right of access to such information."(Privacy Act, section 2).

Personally identifiable information exists in employee and job applicant records. The collection, use, disclosure, retention and disposal of this information must be managed in a way that takes into account the Privacy Act's principles of confidentiality, accuracy and relevance. The spirit and the letter of the Privacy Act, as it pertains to Federal employees, is expressed in the Employee Privacy Code.

The Code consists of six Principles, as follows:

Principle 1

An access process must be in place to enable an employee to find out what information about him or her is in a record and how that information is used.

All personal information holdings must be described as Personal Information Banks by the government institutions controlling them and must be published in Info Source.

Employees must, with some exceptions, be given access to the information pertaining to them. This should normally be done informally without recourse to the formal procedures of the Privacy Act. However, no prejudicial actions will be taken against employees who wish to exercise their legal rights. Personal information will be withheld from access by employees only in strict compliance with the limited situations for exemption set out in the Privacy Act.

There must be no classes of information and no personal information banks whose existence is not known.

Principle 2

A process must be in place to enable an employee to correct a record containing personal information about him or her.

Employees are entitled to ask that information pertaining to them be corrected. They also have the right to have a notation attached to any information for which a correction was requested but not made.

Principle 3

The legal provisions limiting the collection of personal information must be followed.

The collection of personal information must be directly relevant to an authorized program or activity. Whenever possible, personal information shall be collected directly from the individual to whom it pertains. There are limited exceptions to this general rule, for example, law enforcement activities. An employee must also be informed why the information is being collected and the intended uses to be made of it, except when doing so would result in the collection of inaccurate or misleading information. Employees must also be told whether the information is required by law, and, if not, that giving it is purely voluntary.

Principle 4

Controls that conform to legal requirements must be in place to regulate the use and disclosure of employee information. Uses beyond the original purposes for which information was collected and disclosures to third parties, in particular, are circumscribed.

Without the consent of the employee to whom it relates, personal information shall only be used for a purpose for which it was collected, or for a purpose consistent with the original purpose, or for a purpose permitted under the disclosure part of the Privacy Act, subsection 8(2).

Personal information shall not, without the consent of the employee, be disclosed to third parties except in the limited number of situations set out in subsection 8(2) of the Privacy Act. Some of these situations include the requirements of other Acts and Regulations, compliance with a subpoena or warrant, internal audits, and archival purposes. In many instances these provisions are permissive and the onus is on personnel administrators to determine that a particular instance of permissible disclosure of personal information is fair to the employee concerned.

Certain very sensitive personal information, such as Employee Assistance Program (EAP) data, medical files and conflict of interest declarations, should be disclosed to persons other than the official responsible (e.g. EAP Counsellor) only when compelled to do so by law or regulation that requires its disclosure.

Uses of personal information that are not listed in the personal information bank descriptions in Info Source shall be recorded, and the record attached to the personal information. The Privacy Commissioner must be advised, and the new use must subsequently be published in Info Source.

Data matching and linkage involve comparing, for administrative purposes, personal information obtained from various sources. They are used widely in personnel administration, and generally involve the use of computers to generate more extensive profiles of individuals. Data matching is regulated by Treasury Board policy to ensure compliance with the Privacy Act, particularly as it relates to the Act's provisions dealing with the collection, use and disclosure of the personal information to be matched. Government institutions are required to give 60 days' advance notice of matching programs to the Privacy Commissioner and to describe them in Info Source.

Principle 5

Government institutions should ensure that personal information is accurate and that appropriate precautions are taken to protect it.

Personal information has a life cycle; that is, it exists from the time it is originally collected or compiled to the date it is finally disposed of. Throughout its life cycle, personal information should be current and accurate for its intended use. Adequate safeguards and protection should be provided to prevent its misuse.

The government Security Policy specifies that personal information be given enhanced protection. It is designated PROTECTED - PERSONAL INFORMATION, and the government-wide security standards set out appropriate protection. This includes lockable storage containers, controlled access to the areas in which personal information is located, and security measures related to its transmission.

Additional protection is provided for particularly sensitive personal information in EAP and medical files. For example, information that can be linked to a client in an EAP file is accessible only to the client and the EAP Co-ordinator. Particularly sensitive personal information is designated PROTECTED, followed by words that describe the category of information (e.g. PROTECTED - EMPLOYEE ASSISTANCE PROGRAM), and particular storage and transmittal standards support the additional protection.

Principle 6

Employees should be able to find out how their personal information will be finally disposed of.

Personal information must be retained and disposed of in accordance with approved and published records retention and disposal schedules. Except as otherwise provided in law, or when the employee consents to earlier disposal, personal information must be kept for a minimum of two years after the last time it was used for an administrative purpose. Employees thus have an opportunity to request access to the information and ask for a correction if necessary.

Date modified: