Date issued: 01/03/1999
Purpose
The Government's personnel information systems contain personal and non-personal information about employees and their jobs.
This policy:
- Sets out guidelines to ensure that the information is accessed only when appropriate, and
- Answers the question: "Who has access to what and why?"
Policy
Access to personal information, as defined by the Freedom of Information and Protection of Privacy Act, will be granted to authorized persons requiring this information to perform management, audit or human resource administration and related record-keeping functions.
Appropriate access to non-personal information, as defined by the Freedom of Information and Protection of Privacy Act (classification, salary, benefits and employment responsibilities), can be provided to internal government staff as required to carry out the performance of their duties. Access to aggregate data summarizing personal information on a departmental or government-wide basis may also be provided when required for performance of duties provided that no identification of any individual is possible.
Other requests for non-personal information must be done through the application process provided for by the Freedom of Information and Protection of Privacy Act.
Guidelines for Access to Personal Information
Access to personal information will only be provided to individuals with responsibility for personnel administration and related record-keeping functions.
The following guidelines apply:
- The Commission has access to all information on the systems.
- The Department of Finance will only have access to records required for payroll and financial administration.
- The Public Employees Benefits Agency (and authorized insurance carriers) will only have access to records required for the administration of benefits.
- The human resource function and Deputy Ministers will have access to all information within their own departments.
- Payroll units will have access to their own department's records required to provide payroll services.
- Senior Executives and Managers will only have access to selected records for the employees who report to them.
- The Provincial Auditor and internal audit staff will have access to all records required to perform an audit.
Employees who have access to the human resources information systems but have no responsibility for audit, management or human resource administration will only have access to their own records.
Security Profiles
Definition
A security profile is a network specific, systems administrator-defined set of limits on what a user may or may not access when he or she logs on to a network. In the case of the Government's human resources information systems, these limits are specific to the system being used and define:
- Which records individual users may or may not access and,
- Who is allowed to create changes to them.
Security profiles based on job-specific information needs as determined by the employee and his/her supervisor are defined as part of the information systems documentation.
Security access to the information systems at the department level will be approved by the Permanent Head or designate.
When an employee who has access to the information system terminates employment or leaves his or her position, security access will be revoked immediately.
Any unauthorized release of personal information is a violation of the Freedom of Information and Protection of Privacy Act and the Oath of Office.
Authority
Freedom of Information and Protection of Privacy Act, 24(1); 24(2); 29(2)(I); 29(2)(q).
Inquiries
For inquiries, please contact the Human Resource Service Centre.