Privacy and Personal Information Security Policy 41-007 | Effective Date: November 29, 2018

Statements

WorkSafeNB adopts the following ten principles, as contained in the Model Code for the protection of personal information, to protect personal information collected and used for the administration of the WHSCC & WCAT Act, the WC Act, the Firefighters’ Compensation Act, the Occupational Health and Safety Act, and the Government Employees Compensation Act:

  1. Accountability;
  2. Identifying Purpose;
  3. Consent;
  4. Limiting Collection;
  5. Limiting Use, Disclosure and Retention;
  6. Accuracy;
  7. Safeguards;
  8. Openness;
  9. Individual Access; and
  10. Challenging Compliance

Application

The following principles ensure compliance with the RTIPP Act and the PHIPA Act in protecting personal information while recognizing the public’s right to access records.

1. Accountability

WorkSafeNB’s President and CEO has delegated authority to the Access Information Privacy Coordinator for WorkSafeNB’s compliance with these privacy and information security principles.

WorkSafeNB takes a robust approach to ensure all employees are acting in accordance with privacy legislation. Education and awareness is addressed through activities such as employee orientation, signing a Pledge of Confidentiality, and providing resources through its internal and external websites. Employee compliance is monitored on a regular basis.

If WorkSafeNB intends to disclose personal information to any information technology service provider or to any other provider of services outside of WorkSafeNB, it will enter into a written agreement with the third party that addresses the protection of personal information against risks including unauthorized access, use, disclosure or destruction.

1.1 Privacy Risk Assessment and Privacy Impact Assessment

When WorkSafeNB undertakes a new project, or modifies an existing program, service, contract, data system, procedure, etc., a privacy risk assessment is completed and submitted to WorkSafeNB’s General Counsel’s Office to determine the level of risk with the project. Depending on the level of risk identified, the General Counsel’s Office may determine that WorkSafeNB must then undertake a privacy impact assessment in accordance with section 56(1) of the PHIPA Act.

2. Identifying Purpose 

WorkSafeNB identifies and documents the purpose for which personal information is collected.

WorkSafeNB informs the individual from whom the information is collected about why it is needed. If at any time there is a new purpose for the information collected, WorkSafeNB obtains the individual’s consent before using it.

3. Consent

WorkSafeNB obtains the knowledgeable consent from the individual for the collection, use or disclosure of their personal information. Knowledgeable consent can be either:

  • Express; or
  • Implied.

Express consent exists when an individual:

  • Provides personal information at WorkSafeNB’s request;
  • Knows the purpose for the collection, use and disclosure of the information; and
  • Grants WorkSafeNB permission to use or disclose the information.

If the express consent is provided orally, WorkSafeNB makes a written record of the consent.

Implied consent exists when it is reasonable to assume the individual knows the purpose for the collection, use or disclosure of their personal information. If it cannot be reasonably assured that implied consent exists, WorkSafeNB must obtain express consent.

By completing and signing the Form 67, Report of Accident or Occupational Disease, injured workers are providing express consent for WorkSafeNB to collect, use, release or disclose relevant claim information as per the legislation. However, given that the claims process can continue for several years, WorkSafeNB regularly communicates with clients regarding the collection, use and disclosure of their personal information to confirm ongoing, knowledgeable consent.

Injured workers may, at any time and for any specific or general purpose, withdraw consent for personal information to be collected, used or disclosed.

If consent is refused or withdrawn for the use or disclosure of personal information, WorkSafeNB will:

  • Take reasonable steps to act in accordance with the decision;
  • Inform the individual of the implications of the refusal or withdrawal; and
  • Inform other custodians, if any, holding the individual’s personal information of the decision.

4. Limiting Collection

WorkSafeNB limits collection of personal information to that which is necessary for the purpose of carrying out its administrative responsibilties under the the WHSCC & WCAT Act, the WC Act, the FC Act, the OHS Act, and the Government Employees Compensation Act. WorkSafeNB limits the amount and type of information collected, and retains only that information required by law and to fulfil its legislated obligations.

5. Limiting Use, Disclosure and Retention  

Information collected by WorkSafeNB is only used and disclosed for the purpose it was collected and retained only as long as necessary for the fulfilment of those purposes, unless the individual otherwise consents or it is used for a purpose required by law. WorkSafeNB makes a record of any new use of personal information and corresponding consent.

6. Accuracy

WorkSafeNB takes reasonable steps to ensure personal information is accurate, complete and up-to-date. WorkSafeNB conducts regular reviews of claim files to ensure information on which decisions are made is accurate.

7. Safeguards

WorkSafeNB uses the appropriate combination of physical, technological, and administrative security measures to protect personal information.

WorkSafeNB ensures that personal health information in its control is stored and accessed only in Canada, unless otherwise provided for in Section 55(2) of the PHIPA Act and its Regulation.

8. Openness

WorkSafeNB maintains this policy and information on privacy policies and practices. Information related to personal information security is readily available and maintained on WorkSafeNB’s website.

Individuals may also contact WorkSafeNB’s Access Information Privacy Officer, or the province’s Integrity Commissioner established under the Integrity Commissioner Act for further information at any time.

9. Individual Access

WorkSafeNB informs individuals about the use of their information, and/or gives access to their information upon request.

WorkSafeNB will disclose information, subject to mandatory and discretionary exceptions as outlined in Divisions B and C of the RTIPP Act, section 14 of the PHIPA Act and for the purpose of section 21(1) of the WHSCC and WCAT Act.

Individuals may request a correction of any personal health information. WorkSafeNB will verify the identity of the individual making the request and takes reasonable steps to ensure that the personal information is received only by that individual.

10. Challenging Compliance

WorkSafeNB’s Access Information Privacy Officer will address compliance concerns from individuals.

WorkSafeNB has established a complaint procedure and reporting system for any privacy breaches and investigates all complaints and reports. Any individual with questions or concerns regarding privacy and/or personal information security within WorkSafeNB may contact WorkSafeNB’s Access Information Privacy Officer whose contact information is on WorkSafeNB’s website.

Any individual who feels their privacy has been breached may also contact the province’s Integrity Commissioner whose contact information is also on WorkSafeNB’s website.

Model Code for the protection of personal information, approved as a National Standard of Canada by the Standards Council of Canada

 

 

Custodian – Individual or organization that collects, maintains or uses personal health information for the purpose of providing or assisting in the provision of health care or treatment or the planning and management of the health care system or delivering a government program or service (PHIPA Act).

Personal Information – information about an identifiable individual, recorded in any form, including personal health information, as defined under the RTIPP Act.

Personal Health Information - identifying information about an individual in oral or recorded form as defined under the PHIPA Act.

E-News Sign-up