Privacy policy

Agriculture and Agri-Food Canada (AAFC) has developed an internal privacy policy to assist employees in ensuring that the measures for the protection of personal information under their control are incorporated into all departmental programs and activities.

Preamble

AAFC has developed an internal privacy policy to assist employees in ensuring that the measures for the protection of personal information under their control are incorporated into all departmental programs and activities. This policy is based on privacy principles common to internationally recognized protection codes and is in accordance with the:

• Canadian Charter of Rights and Freedoms
• Privacy Act
• Department of Agriculture and Agri-Food Act (DAAFA)
• Farm Income Protection Act (FIPA)
• AAFC’s acts and regulations, and
• Treasury Board Secretariat (TBS) policies

This policy is designed to be read in conjunction with the TBS policy entitled Policy on Privacy Protection, and will assist in promoting a privacy sensitive culture across the organization, in demonstrating leadership in protecting personal information and in maintaining the trust of Canadians by outlining the commitment of AAFC to protect personal information effectively.

Policy objective

The objectives of this policy are to ensure that AAFC effectively manages personal information under its control, is responsive to the information needs of the public, and builds a climate of trust, credibility and understanding by

• re-affirming its commitment to protect personal information under its control
• outlining the privacy requirements of the Privacy Act, DAAFA, and FIPA
• supporting the adoption of privacy principles and guidelines that will guide AAFC in the protection of personal information
• implementing a harmonized approach to privacy management across AAFC
• demonstrating openness and transparency about the privacy practices of AAFC

Policy statement

It is the policy of AAFC to

• carry out the collection, use, disclosure, retention and disposition of personal information in a way that respects the privacy principles outlined in the Privacy Act and other applicable laws, regulations and TBS policies
• ensure that privacy is a core consideration in all its programs and activities
• protect the personal information under its control while enabling departmental officials to access and use the information, as required, to maintain and deliver programs and activities
• communicate its privacy practices to the public
• ensure that effective and up-to-date personal information protection measures are in place
• ensure that appropriate levels of protection of personal information are in place when dealing with stakeholders and partners including provinces/territories, foreign governments and international organizations

Application

This policy applies to all AAFC programs and activities, including the grants and contribution programming that require the collection, use, and/or disclosure of personal information by AAFC.

This policy covers all personal information, including but not limited to both client and employee personal information, under the control of AAFC.

Responsibilities

Every employee has a responsibility to comply with the corporate privacy policy as follows:

• the responsibility of all staff to apply the policy in the execution of their duties
• the responsibility of all managers for ensuring that privacy measures are integrated into their operational activities
• the responsibility of the Chief Privacy Officer for promoting departmental compliance with policy requirements
• the accountability of senior executives for promoting and implementing this policy

The Access to Information and Privacy Directorate of AAFC provides advice and support as well as practical guidance for the adoption of effective and consistent privacy practices.

Roles and responsibilities for the management and safeguarding of personal information are defined in more detail in the departmental document entitled "Privacy Management Framework.”

Requirements

AAFC must take the necessary steps to protect personal information by

• establishing procedures to anticipate and mitigate privacy risks
• incorporating privacy requirements into programs and activities in accordance with this policy and updating privacy measures as required
• promoting staff awareness and sound practices regarding the protection of personal information
• ensuring that accountability for privacy is clearly incorporated into the duties of program managers and other employees involved in personal information holdings
• communicating privacy measures which have been adopted and implemented
• reviewing and reporting activities and progress under this policy
• ensuring that third parties who collect, use and/or disclose personal information on behalf of AAFC have adequate privacy protection measures

The attached guidelines serve to assist departmental employees to comply with this policy.

Policy review

This policy will be reviewed every 5 years, or as required, to determine its effectiveness in providing direction to AAFC. The Privacy Compliance Unit will lead the policy review.

References

This policy should be read in conjunction with the following primary references:

Legislation

• Privacy Act
• Department of Agriculture and Agri-Food Act (DAAFA)
• Farm Income Protection Act (FIPA)
• Access to Information Act (ATIA)
• Library and Archives of Canada Act (LACA)
• Canadian Charter of Rights and Freedoms (the Charter)
• Personal Information and Protection of Electronic Documents Act (PIPEDA)
• AAFC’s acts and regulations 

Policies and related instruments

• Policy on Privacy Protection
• Directive on Privacy Practices
• Policy on Access to Information
• Policy on Service and Digital
• Directive on Service and Digital
• Policy on Government Security
• Policy on People Management
• Policy on Communications and Federal Identity
• Directive on the Social Insurance Number