This is the exact embedded text of the captured official document.
Snapshot 89876417da6c · verified 2026-06-05 ·
original document ·
archived snapshot ·
unofficial consolidation, the official version is held by the municipal clerk.
1
Policy No. 87 Data Protection Policy
POLICY NO. 87
DATA PROTECTION POLICY
1.0
PURPOSE
1.1
The purpose of the policy is to provide guidelines and provisions to ensure the
municipality gathers, stores and handles data fairly, transparently and with
respect towards individual rights.
2.0
SCOPE
2.1
This policy refers to all parties (employees, elected officials, volunteers, etc.) who
provide information to us.
3.0
DATA COLLECTION
3.1
The Municipality collects offline and online data information in a transparent
way. Once this information is available to us, the following rules apply.
3.2
Our data will be:
3.2.1 Accurate and kept up-to-date.
3.2.2 Collected fairly and for lawful purposes only.
3.2.3 Processed by the Municipality within its legal and moral boundaries.
3.2.4 Protected against any unauthorized or illegal access by internal or
external parties.
3.3
Our data will not be:
3.3.1 Communicated informally.
3.3.2 Transferred to organizations or other levels of government unless it is
deemed necessary by the Chief Administrative Officer.
3.4
In addition to ways of handling the data the Municipality will:
3.4.1 Have provisions in cases of lost, corrupted, or compromised data.
3.4.2 Allow people to request that we modify, erase, reduce or correct data
contained in our databases.
2
Policy No. 87 Data Protection Policy
4.0
CLASSIFICATION TIERS
4.1
Classification tires for stored data shall be:
4.1.1 Tier 1 (highest classification): if compromised, may cause exceptional
damage to individual or municipal interests, or public trust.
4.1.2 Tier 2: if compromised, may cause serious damage to individual or
municipal interests, or public trust.
4.1.3 Tier 3 (lowest classification): if compromised, may damage individual or
municipal interests, or public trust.
4.1.4 All other information that, if compromised, is not likely to cause damage
to individual or municipal interests or the public trust.
5.0
ACTIONS
5.1
To exercise data protection, we are committed to:
5.1.1 Restrict and monitor access to sensitive data.
5.1.2 Develop transparent data collection procedures.
5.1.3 Train employees in online privacy and security measures.
5.1.4 Build secure networks to protect online data from cyberattacks.
5.1.5 Establish clear procedures for reporting privacy breaches or data misuse.
5.1.6 Include contract clauses or communicate statements on how we handle
data.
5.1.7 Establish data protection practices (document shredding, secure locks,
data encryption, frequent backups, access authorization etc.).
6.0
DISCIPLINARY ACTION
6.1
All principles described in this policy must be strictly followed. A breach of data
protection guidelines could result in disciplinary and possibly legal action.
3
Policy No. 87 Data Protection Policy
Clerk's Annotation for Official Policy Book
Date of Notice to Council members of Intent to Consider
January 9, 2024
Date of Passage of current Policy
January 23, 2024
I certify that this Policy No. 87 "Data Protection Policy" was amended
by Council as indicated above.
____________________________________ _________________________
Lesa Rossetti Date
Municipal Clerk
VERSION LOG
Version
Number
Amendment Description
Amendment/Policy Owner
Approved By
Approval Date
1
Approved Policy of Council
CAO
Council
August 23, 2021
2
Amendments to Section 2.1 and
added new Section 4.0.
Remaining sections renumbered
CAO
Council
January 23, 2024