Policy
WorkSafeNB adopts the following ten principles, as contained in the Model Code for the protection of personal information, to protect personal information collected and used for the administration of the WHSCC & WCAT Act, the WC Act, the Firefighters’ Compensation Act, the Occupational Health and Safety Act, and the Government Employees Compensation Act:
Principles
The following principles ensure compliance with the RTIPP Act and the PHIPA Act in protecting personal information while recognizing the public’s right to access records.
I. Accountability
WorkSafeNB’s president and CEO has delegated authority to the legal counsel, privacy and human rights for WorkSafeNB’s compliance with these privacy and information security principles.
WorkSafeNB takes a robust approach to ensure all employees are acting in accordance with privacy legislation. Education and awareness are addressed through activities such as employee orientation, signing a Pledge of Confidentiality, and providing resources through its internal and external websites.
If WorkSafeNB intends to disclose personal information to any information technology service provider or to any other provider of services outside of WorkSafeNB, it will enter into a written agreement with the third party that addresses the protection of personal information against risks including unauthorized access, use, disclosure or destruction.
Privacy Risk Assessment and Privacy Impact Assessment
When WorkSafeNB undertakes a new project, or modifies an existing program, service, contract, data system, procedure, etc., a privacy risk assessment is completed and submitted to WorkSafeNB’s general counsel’s office to determine the level of risk with the project. Depending on the level of risk identified, the general counsel’s office may determine that WorkSafeNB must then undertake a privacy impact assessment in accordance with section 56(1) of the PHIPA Act.
II. Identifying Purpose
WorkSafeNB identifies and documents the purpose for which personal information is collected.
WorkSafeNB informs the individual from whom the information is collected about why it is needed. If at any time there is a new purpose for the information collected, WorkSafeNB obtains the individual’s consent before using it.
III. Consent
WorkSafeNB obtains the knowledgeable consent from the individual for the collection, use or disclosure of their personal information. Knowledgeable consent can be either:
Express consent exists when an individual:
If the express consent is provided orally, WorkSafeNB makes a written record of the consent.
Implied consent exists when it is reasonable to assume the individual knows the purpose for the collection, use or disclosure of their personal information. If it cannot be reasonably assured that implied consent exists, WorkSafeNB must obtain express consent.
By completing and signing the Application for Workers’ Compensation Benefits form, injured workers are providing express consent for WorkSafeNB to collect, use, release or disclose relevant claim information as per the legislation. However, given that the claims process can continue for several years, WorkSafeNB regularly communicates with clients regarding the collection, use and disclosure of their personal information to confirm ongoing, knowledgeable consent.
Consent can also be given by an authorized representative (such as a legal guardian or a person having power of attorney or by a worker’s express designation of the authorized representative).
Injured workers may, at any time and for any specific or general purpose, withdraw consent for personal information to be collected, used or disclosed.
If consent is refused or withdrawn for the use or disclosure of personal information, WorkSafeNB will:
IV. Limiting Collection
WorkSafeNB limits collection of personal information to that which is necessary for the purpose of carrying out its administrative responsibilities under the WHSCC & WCAT Act, the WC Act, the FC Act, the OHS Act, and the Government Employees Compensation Act. WorkSafeNB limits the amount and type of information collected, and retains only that information required by law and to fulfil its legislated obligations.
V. Limiting Use, Disclosure and Retention
Information collected by WorkSafeNB is only used and disclosed for the purpose it was collected and retained only as long as necessary for the fulfilment of those purposes, unless the individual otherwise consents, or it is used for a purpose required by law. WorkSafeNB makes a record of any new use of personal information and corresponding consent.
VI. Accuracy
WorkSafeNB takes reasonable steps to ensure personal information is accurate, complete and up-to-date.
VII. Safeguards
WorkSafeNB uses the appropriate combination of physical, technological, and administrative security measures to protect personal information.
WorkSafeNB ensures that personal health information in its control is stored and accessed only in Canada, unless otherwise provided for in Section 55(2) of the PHIPA Act and its Regulation.
VIII. Openness
WorkSafeNB maintains this policy and information on privacy policies and practices. Information related to personal information security is readily available and maintained on WorkSafeNB’s website.
Individuals may also contact WorkSafeNB’s legal counsel, privacy and human rights, or the province’s ombud established under the Ombud Act for further information at any time.
IX. Individual Access
WorkSafeNB informs individuals about the use of their information, and/or gives access to their information upon request.
WorkSafeNB will disclose information, subject to mandatory and discretionary exceptions as outlined in Divisions B and C of the RTIPP Act, section 14 of the PHIPA Act and for the purpose of section 21(1) of the WHSCC and WCAT Act.
Individuals may request a correction of any personal health information. WorkSafeNB will verify the identity of the individual making the request and takes reasonable steps to ensure that the personal information is received only by that individual.
X. Challenging Compliance
WorkSafeNB’s legal counsel, privacy and human rights will address compliance concerns from individuals.
WorkSafeNB has established a complaint procedure and reporting system for any privacy breaches and investigates all complaints and reports. Any individual with questions or concerns regarding privacy and/or personal information security within WorkSafeNB may contact WorkSafeNB’s legal counsel, privacy and human rights whose contact information is on WorkSafeNB’s website.
Any individual who feels their privacy has been breached may also contact the province’s ombud whose contact information is also on WorkSafeNB’s website.
Previous policies
16(1) and 21(1) (WHSCC & WCAT Act)
Workers’ Compensation Act (RSNB 1973, c W-13) -
sections 83.1(2), 83.2(2) (WC Act)
Right to Information and Protection of Privacy Act (RTIPP Act)
Personal Health Information Privacy and Access Act (PHIPA Act)
Model Code for the protection of personal information, approved as a National Standard of Canada by the Standards Council of Canada.
Custodian – Individual or organization that collects, maintains or uses personal health information for the purpose of providing or assisting in the provision of health care or treatment or the planning and management of the health care system or delivering a government program or service (PHIPA Act).
Personal Information – information about an identifiable individual, recorded in any form, including personal health information, as defined under the RTIPP Act.
Personal Health Information - identifying information about an individual in oral or recorded form as defined under the PHIPA Act.