(found on page 11 of report)
Title: | ||
Owner(s) (Unit and Sub-Unit or Position): | Original Date of Approval: | Revision Date(s): |
Approved by: | Review Cycle: |
BACKGROUND/PURPOSE:
Address the following:
- Why does the policy exist?
- What are the driving and/or extenuating circumstances that require this particular policy in addition or exception to general Library policy?
- Is the context provided, such as legal requirement versus professional ethics?
POLICY STATEMENT:
The following should be addressed as applicable:
a. Notice/Awareness
- How are users and patrons informed of and directed to this policy?
- How are Library Faculty and staff informed of and directed to this policy?
- How are changes to the policy vetted and communicated?
- Are the following points addressed and to what extent?
- identification of the entity collecting the data; identification of the uses to which the data will be put;
- identification of any potential recipients of the data;
- the nature of the data collected and the means by which it is collected;
- whether the provision of the requested data is voluntary or required;
- steps taken by the data collector to ensure the confidentiality, integrity and quality of the data.
b. Choice/Consent
- Are options for opting in and/or opting out clearly explained?
- If options for opting in and/or opting out do not exist, is this clearly indicated?
- If choice/consent is limited (e.g., does not extend to third-party services) is this clearly explained?
c. Access/Redress
- Can an individual access data on himself or herself
- Can an individual contest the data’s accuracy and completeness?
- If users have the ability to examine and/or revise their personal data, is the procedure clearly explained?
- If users do not have the ability to examine and/or revise their personal data, is this clearly indicated?
- What are the problems or limits to the user in accessing their personal data?
d. Integrity/Security
- Does the policy specify:
o how data is protected
o who has access to the data
o how long the data is kept
o whether it is anonymized
- If data collected is to be used for research purposes, is that stated?
e. Other Aspects of Content
- Is the content of the policy accurate?
- Is the policy up-to-date (note last reviewed date)?
- Is it clear whether it is a policy or a procedure?
- Is it specific enough? Is it too specific?
- Do links to documents or other information sources referenced within the policy still work?
DISCLAIMERS/SCOPE (AS NEEDED)
To be addressed as needed:
- Does the policy cover all relevant situations? If not, are exceptions clearly explained?
- Does the policy make clear when a third-party data provider is involved, and provide a link to the third-party entity’s relevant policies?
- Does the policy indicate how the involvement of third parties constrains the Library’s ability to control data content and use?
SUMMARY OF CHANGES
A brief summary of significant changes to existing documents. Please include the last revision date and title of the document being replaced.
DOCUMENT APPROVAL & TRACKING
Item |
Contact |
Date |
|
Departmental or Committee Ownership | |||
Responsible Position | [Administrator, Unit Head or Chair] | ||
Departmental or Committee Approval | |||
AC or EC Approval | |||
University Librarian Approval |
Appendix 3a: Style Guidelines and Other Considerations for Privacy Policy Development
Style Guides:
- Use the clearest and simplest language.
- Include links to related policy and procedures, rather than repeating content from other sources, which may go out of date.
- State each item in the future (e.g. “the staff member will report such incidents to…”) or imperative (e.g. “Report such incidents to…”) tense. Use the same tense throughout.
- Avoid over-use of jargon.
- Spell out acronyms the first time.
- Refer to people by position or role, not name.
- Is it in the right location on the website?
- Is it in the right category in the policy index?
- Is it linked from other appropriate web pages?
- Is it easily discoverable?
- Is the “official” version available as a downloadable PDF?
Other factors to consider:
- Is it in the right location on the website?
- Is it in the right category in the policy index?
- Is it linked from other appropriate web pages?
- Is it easily discoverable?
- Is the “official” version available as a downloadable PDF?