To tell customers how and why OPL collects, uses, protects, and/or shares personal information.
OPL collects personal information about customers under the authority of section 23(2) of the Public Libraries Act, R.S.O. 1990, c.P.44. Staff protect the privacy of all customers’ personal information in keeping with the Municipal Freedom of Information and Protection of Privacy Act, R.S.O. 1990, c. M.56 (MFIPPA) and other applicable legislation. Personal information is only used to deliver library services and programs.
What is personal information?
In this policy, "personal information" means any information that identifies an individual person, who is the subject of the information.
What personal information does OPL collect?
OPL collects some personal information (such as: name, address, telephone number, email address, and preferred language) when a customer gets a library card, and when managing their customer account (such as items a customer has borrowed). OPL also collects personal information from customers online. For more information, see “Personal information and the Library’s website” below.
OPL does not share information about customers with any other organizations or companies without permission from customers, except when MFIPPA allows sharing or when other applicable law says that OPL must share the personal information.
OPL does not keep a record of which items (for example: books or movies) a specific customer has borrowed once the items are returned, unless the customer asks for this service (such as when a customer signs up for homebound services). Items are otherwise deleted from the customer’s record as soon as they are returned. For statistics, and to improve our services, OPL keeps a record of items checked out; OPL is not able to identify any specific customers from this data.
Customers can manage their privacy settings on the Library’s website on both of the following web pages:
Personal information and the Library’s website
OPL collects IP addresses (a number that can uniquely identify a specific computer or other network device on the internet) from visitors to the OPL website. No other personal information is collected when a customer visits the OPL website, unless the customer chooses to use services that need other personal information. Customers’ personal information will then only be used for this service.
The Library's web servers keep a log of pages visited on the OPL website, as well as the type of searches done on these pages. OPL also keeps statistics in order to learn more about how people use the Library's website, such as: which pages are popular, what times of day people visit the site, what types of computers or web browsers visitors are using, etc. This information helps us improve online library services. The data OPL obtains is collected from many different people and web addresses, and it is kept anonymous; OPL is not able to identify any specific customer from this data..
When a customer visits the OPL website, the pages they see, along with a cookie, are saved on their computer, tablet, or phone. A cookie is a small amount of information, which sometimes includes a unique identifier, that is saved on the hard drive. Cookies help websites understand more about visitors and their habits (for example, if the visitor has been to this website before). Customers can tell their computer what kinds of cookies they would like to receive, or block, in their web browser settings. If customers block cookies from the Library website, some parts of the website may not be available to them.
OPL’s website may link to other (third-party) websites; for example, to download e-books, answer surveys, read articles, watch videos, or share information on social media. When visiting these websites, customers should check the privacy statements on those sites and be careful when providing personal information if they do not clearly understand how that information will be used.
Library webpages with information or links to another website (for example, YouTube) may contain separate cookies from these websites. OPL does not control these cookies. Customers should check the other website for more information about their cookies.
Using the Internet at the Library
There are a number of ways in which customers may share personal information with the Library when using the Library’s website: when logging to the website, filling out a form such as Contact Us, booking a meeting room, computer, or other equipment, or sending a document for printing and photocopying. All information is managed according to our data retention policies.
Electronic messages from the Library
Electronic messages sent by OPL are sent using various tools to people who have given the Library permission to do so, including customers or people who have a relationship with the library. All tools used by OPL store their data in Canada. Each electronic message has a link that customers can click on to unsubscribe from future messages
Taking photos or videos in the Library
Visitors who wish to take photos or videos in the Library, on Library property, and at Library events must comply with the Taking Photos and Videos in the Library Policy. For example, photos and videos may be permitted as long as Library activities are not disrupted, and visitors cannot take photos or videos in bathrooms or children’s areas. Please see the Policy for more information.
Giving your Library card to someone else
When you give someone else your library card, you are responsible for anything they do, or any items they borrow. If they also have your PIN or password, the other person may be able to see information about your customer account (for example, any fees you owe, or the titles of other items you have checked out). Library staff will not share more information about your Library account with someone who is using your card.
Customers of OPL should:
- Set their privacy settings in library software or hardware tools that offer this ability for customers;
- Know that they can see their personal information by following OPL's MFIPPA process; and,
- Ask the Library to correct any personal information that is wrong. Staff in any branch can help a customer correct their personal information.
A privacy breach happens when personal information is stolen, lost, or shared without permission. If OPL finds out that there has been a privacy breach, staff will:
- Let colleagues know, as applicable;
- Investigate the situation, including how big the breach was;
- Protect or contain any information possible, make sure no copies of information have been made, and take steps to prevent a further breach;
- Contact all affected customers;
- Review the situation to recommend any changes to policies or library operations necessary to prevent a future similar breach;
- Keep a record of the breach; and,
- Notify the Information and Privacy Commissioner of Ontario, and any other organizations, as applicable.