Privacy Policy - Randy Hillier, MPP
At the time of the drafting of this policy, neither Randy Hillier, nor his staff, agents, or volunteers are in possession of any list products from Elections Ontario.
Scope of Policy
This policy applies to Randy Hillier, MPP, his office, staff, agents, and volunteers; and during the writ period, his campaign and campaign team, including volunteers. This policy applies to any and all list products received from Elections Ontario.
Restrictions on Use
List products received from Elections Ontario shall only be used in compliance with Section 17.4 of the Election Act. Information is not used for commercial purposes, and solely for electoral purposes during the writ period, such as communicating with voters, soliciting campaign support, soliciting campaign volunteers and donors, and administering the distribution of literature, advertising and election campaign signs.
All such list products provided by Elections Ontario will remain in the secure possession of the Chief Privacy Officer (CPO), and distribution and use of said materials will require a written acknowledgement of the obligations under Section 17.4 of the Act and this Privacy Policy. Distribution tracking will be done by way of written acknowledgement using the templates provided by Elections Ontario for both regular tracking and the annual update.
Privacy Requirements
IMPLEMENTATION AND ENFORCEMENT OF THIS POLICY
Removing records from the office
List products shall only be removed from the office when it is absolutely necessary to do so.
Employees, volunteers or agents of Randy Hillier must obtain approval from the CPO, and original documents shall remain in the office with only copies to be removed.
A record of the information being removed shall be tracked using a tracking compliance form which shall be stored in a secured filing cabinet in the possession of the CPO.
Paper records
While in transit, paper records shall be securely packaged and shall remain in the possession of the employees, volunteers or agents of Randy Hillier.
If being used at home, records shall be accessible only to the employees, volunteers or agents of Randy Hillier and must be kept locked away when not in use.
Public Transit
Electors' personal information, whether in printed or electronic format, shall never be accessed by employees, volunteers or agents of the Political Entity while travelling on public transportation.
Electronic records
Electronic records containing electors' personal information shall be stored on password-protected data storage devices and applications, or removable drives rather than on the hard drive of a laptop or home computer.
Removable drives shall always remain within the possession of the employees, volunteers or agents of Randy Hillier or be kept in a secure location that is not accessible to others.
Laptops and home computers
Access to laptops and home computers shall be password-controlled, and any data on the hard drive shall be encrypted. Other reasonable safeguards, such as anti-virus software and personal firewalls, shall also be installed.
List products containing electors' personal information shall not be stored on shared computers and laptops.
Laptops shall be stored in a secure location.
Wireless technology
Randy Hillier, the CPO, and assigned agents, volunteers and employees shall protect the privacy and confidentiality of personal information stored on wireless devices such as cell phones. Access to such devices must be password-controlled, and any stored data should be encrypted. When working at locations outside the office, employees, volunteers or agents of Randy Hillier shall maintain constant control of wireless devices and care shall be taken to prevent loss or theft.
Email, fax and photocopy
When working at home or at other locations outside the office, employees shall not send electors' personal information by e-mail or fax.
If photocopies of list products are required, employees of Randy Hillier shall conduct the task and photocopy machines shall not be left unattended.
DISPOSITION PROTOCOL FOR LIST PRODUCTS
Return or Secure Destruction of list products received by Randy Hillier shall be done in compliance with Section 6 of Elections Ontario's Guidelines for the use of Electoral Products, and it shall be the responsibility of the CPO to ensure that such compliance is strictly adhered to.
TRAINING ON PRIVACY CONTROLS
Any employees, agents, volunteers representing Randy Hillier, including Randy Hillier, shall be provided with a copy of this Privacy Policy, and sign a written acknowledgement stating they have read and understand their obligations regarding List Products as covered by this Privacy Policy, and these written acknowledgements shall be preserved in a secure location by the CPO.
BREACH MANAGEMENT
The CPO shall be responsible for safeguarding electoral products, training employees, agents and volunteers on the Guidelines for the Use of Electoral Products and this Privacy Policy.
Electoral products shall only be made available to those who need access under the permitted uses of these list products through the CPO.
The CPO shall be responsible for ensuring the security of electronic and printed list materials in their possession as outlined in the Guidelines for the Use of Electoral Products and this Privacy Policy.
The CPO shall be responsible for securing a written acknowledgement by any individual who has been provided access to list products that said individual will abide by the restrictions outlined in the Guidelines for the Use of Electoral Products and this Privacy Policy.
If a suspected unauthorized access should occur, or should there be a loss or theft of the electoral products, this shall constitute a privacy breach and the CPO shall:
- immediately notify Elections Ontario of the breach, and the steps being taken to mitigate damages;
- contain the breach and identify the source and/or cause of the breach;
- mitigate any harm resulting from the breach
- make every reasonable effort within the law to retrieve electoral products that were lost or stolen;
- document the circumstances that led to the incident and where necessary contact law enforcement; and
- review and update internal policies, processes and procedures to prevent future incident
Roles and Responsibilities
The CPO shall be responsible for the enforcement of this Privacy Policy in compliance with the Election Act and in conjunction with the Guidelines for the Use of Electoral Products.
The CPO shall be responsible for safeguarding electoral products, training employees, agents and volunteers on the Guidelines for the Use of Electoral Products and this Privacy Policy.
The CPO shall be responsible for ensuring compliance with all filing requirements provided by Elections Ontario under the Guidelines for the Use of Electoral Products.
Randy Hillier and his employees, agents, and volunteers shall be aware of their responsibilities for the secure preservation and legal use of any list products or electoral products that come into their possession through the CPO as defined in this Privacy Policy, the Election Act, and the Guidelines for the Use of Electoral Products.
The CPO shall notify Elections Ontario of their removal or resignation as CPO, and Randy Hillier shall be responsible for the appointment of a new CPO.
In the event of any conflict between this Privacy Policy and the Election Act, and/or the Guidelines for the Use of Electoral Products, the Election Act shall take precedent, followed by Elections Ontario's Guidelines for the Use of Electoral Products, and finally, this Privacy Policy.