Manitoba Ombudsman releases ‘Ten Tips for Addressing Employee Snooping’

    Apr 11, 2017

    The office of the Manitoba Ombudsman has published “Ten Tips for Addressing Employee Snooping,” a guidance document for trustees and public bodies that are subject to the Freedom of Information and Protection of Privacy Act (FIPPA) and the Personal Health Information Act (PHIA).

    The document reminds its readers that organizations have obligations under FIPPA and PHIA to protect sensitive information from unauthorized use or disclosure. Accessing or viewing such information should only occur for legitimate work-related purposes. Access for personal reasons is considered to be employee snooping.

    The guidance document provides the following tips to prevent, detect, and respond to such snooping:

    1. Foster a culture of privacy
    2. Have periodic training and reminders of policies around snooping
    3. Make sure the employees know the consequences will be enforced
    4. Make sure access is restricted to information required to perform the job
    5. Develop measures to block employee access to a specific individual’s information
    6. Use access logs and other oversight tools
    7. Monitor and audit access logs and other oversight tools
    8. Understand “normal” access so you can better detect inappropriate access
    9. Investigate all reports of snooping
    10. Where proactive measures fail, respond appropriately

    Additional details about the tips are available in the guidance document.



     This monthly advisory contains brief summaries of recent legislative and regulatory issues that may affect the management of records and information in Canada.

     Want to sign up to receive an e-mail version of the Canadian Policy Brief? It's free! Just tell us a little about yourself and you'll receive a monthly dose of the latest in legislation, regulation, and more.



    © 2017, ARMA International