Security guards regularly deal with information gathering, storage, distribution, protection, and destruction.
The Privacy & Personal Information Protection and Electronic Documents Act (PIPEDA)
Various laws in Canada have been enacted to safeguard the personal privacy of those they come into contact with. As a result, various privacy rules have been enacted to guarantee that all individuals and organisations in a position to gather such information do so in a legally compliant way.
The following concepts have been applied to the general tasks of the Security Guard:
- Accountability – Individuals are held liable for the safeguarding of personal information. The Guard is accountable for the security of personal information under their control. Guards should never disclose private or secret information to anybody without first obtaining permission from a Supervisor or Manager, and should address any questions about confidential information to the relevant manager.
- Identifying Purposes – Personal information collected as part of an investigation or incident may include information pertaining to individuals involved in criminal activity, individuals suspected of being involved in criminal activity, individuals with knowledge of criminal activity, and individuals who may have information relating to the identity of those involved with or suspected of being involved in criminal activity.
- Consent – Guards must get adequate authorization from an individual whenever personal information is collected, used, or disclosed, unless PIPEDA provides an exemption.
- Limiting Collection – Personal information collected by a Security Guard will be restricted to that which is required for the legitimate performance of their responsibilities.
- Limiting Use, Disclosure, and Retention – Except with the individual’s approval or as required by law, information acquired by the Guard may not be used or shared for reasons other than those for which it was gathered. Personal information should be kept only for as long as required to accomplish those goals, after which it should be discarded in a legally acceptable way.
- Accuracy – A Security Guard’s information should be as accurate, full, and up to date as is required for the reasons for which it is to be utilized.
- Safeguards – Personal information must be preserved in secure electronic and physical copy files, according to guards. Hard copies must be kept in secured file cabinets with limited access.
- Openness – Guards must make detailed information about their employers’ and clients’ policies and procedures regarding the management of personal information clearly available to individuals.
- Individual Access – Upon request, an individual must be notified of the existence, use, and disclosure of his or her personal information, and access to that information must be granted. If such disclosure does not jeopardize the reasons for which the information was obtained, the Guard shall, upon request, notify the individual whether we have personal information about him or her, what that information is, what it is being used for, and who has access to it. Among the legal exclusions are:
- Personal information about another individual might be revealed or commercially confidential information might be revealed
- The information is protected under the Solicitor/Client privilege
- Challenging Compliance – A person must be able to address a challenge about compliance with privacy legislation to the designated individual or persons responsible for the organization’s privacy compliance. Guards must be informed of who these individuals are and how to deliver the most effective contact information to the person issuing the challenge.
