5.4.1 SECURITY OF INFORMATION

All Edmonton Police Commissioners and staff are responsible for the security and protection of Edmonton Police Commission (Commission) information against unauthorized access and use.

The safeguarding of information is paramount as required by the Freedom of Information and Protection of Privacy Act (Act). All Commission members and staff will strictly adhere to the guidelines and procedures outlined as they relate to the security of sensitive and other information.

Definitions:

Disclosure – Disclosure means to release, transmit, reveal, expose, show, provide copies of, tell the contents of, or give personal information by any means, to someone. It includes oral transmission of information by telephone, or in person; provision of personal information on paper, by facsimile or in another format; and electronic transmission through electronic mail, data transfer, or the Internet.

Information – Information may mean, but is not limited to, operational or administrative records, knowledge, or data, regardless of how it is stored or kept. It can include electronic data, written or printed information, and verbal conversation.

Information Technology Resources (IT Resources) – IT resources refer to all hardware, software, and supporting infrastructure owned by, or under the custodianship of, EPS that is used to create, retrieve, manipulate, transfer, and store electronic information. This includes, but is not limited to, EPS computers, file systems attached to these computers, operating systems running on these computers, software packages supported by these operating systems, wired and wireless networks, telecommunication and mobile devices, EPS radios, data stored on or in transit on the above, as well as electronic identities used to identify and authenticate the users of the aforementioned resources.

Personal Information – Is defined in s.1(n) of FOIP and is recorded information about an identifiable individual, including the individual’s name, home or business address or home or business telephone number, the individual’s race, national or ethnic origin, colour, religious or political beliefs or associations, the individual’s age, sex, marital or family status, information about the individual’s educational, financial, employment or criminal history, anyone else’s opinions about the individual, etc.

Record – Is defined in s.1(q) of FOIP and means a record of information in any form and includes notes, images, audio-visual recordings, x-rays, books, documents, maps, drawings, photographs, letters, vouchers and papers and any other information that is written, photographed, recorded, or stored in any manner, but does not include software programs or packages or any mechanism that produces records.

Guidelines:

  1. All Commission members and staff will comply with all City of Edmonton (City) and Edmonton Police Service (Service) Information Technology (IT) policies and procedures when using or accessing City, Service, and Commission information, systems, and resources
  2. All Commission members and staff are required to sign a confidentiality agreement binding them to their responsibility to protect the privacy and confidentiality they hold during their term in office or employment with the Commission.
  3. All Commission members and staff will be issued a secure email address and all Commission business and communications shall be conducted through this issued email only.
  4. The Commission Chair and Vice Chair may be issued a cell phone at the beginning of their term if required.
  5. IT resources are made available to Commission members and staff who are then responsible for using those resources in an effective and efficient manner. The Service reserves the absolute right to restrict or control access to the Service’s IT resources and owns all information generated through their use and may revoke the use at any time if improper or prohibited use is suspected.
  6. Commission members and staff will not provide access to Commission, City, or Service information to any non-Commission members or staff.
  7. Any sensitive or non-public information sharing or disclosure that is required beyond the Commission, City, or Service for business purposes must be security cleared by the Service.
  8. All personal information of both Commissioners and staff will be protected in accordance with the FOIPP Act and will not be distributed unless lawfully permitted.
  9. Commission members and staff will not allow unauthorized access to a Commission computer, IPad, or laptop or any of their accounts nor share any of their passwords.
  10. All Commission computers and other devices must be logged off when not in use.
  11. All information storage media and hard copy documents, including but not limited to, computer hard drives, laptops, smartphones, USB sticks, paper files, and reports, containing non-public information must be physically secured when not in use.
  12.  When using portable storage devices, the information it contains should be encrypted and the device must be secured in a manner to prevent loss or theft.
  13. Electronic copies of Commission materials shall not be forwarded or copied to personal devices.
  14. Commission members and staff should not access or send non-public information on an insecure wireless network.
  15. The use of printed materials is to be avoided as much as possible outside of the Commission office and Commission information should not be photocopied or faxed using equipment outside of the Commission office.
  16. In the event of a lost or stolen Commission issued device, Commission members and staff must immediately notify the Service’s IT Help Desk and report this loss to the Commission’s Executive Director.
  17. All Commission, City, and Service information records (electronic and hardcopy), materials and equipment must be returned to the Commission office upon expiry of a Commissioner’s term or staff employment with the Commission.

Procedures:

  1. The Commission’s Executive Director will ensure that all Commissioners and staff receive appropriate privacy training with respect to their responsibilities under this policy.
  2. Commission members and staff will immediately report any breaches of privacy to the Executive Director.

References:

  1. Freedom of Information and Protection of Privacy Act, RSA 2000, c F 25.
  2. City of Edmonton Administrative Directive A1433A – Privacy
  3. Edmonton Police Service Policy IS9PO – Information Security Policy
  4. Edmonton Police Service Policy IS10PO – Information Technology Use and Management
  5. Edmonton Police Service Procedure IS9-2PR – Network Security Procedure
  6. Edmonton Police Service Procedure IS10-2PR – Recording and Reporting on the Use of EPS Information Technology Resources Procedure
  7. Edmonton Police Service Procedure IS2-1PR – FOIPP Procedure