Follow Us

Find us on Facebook!Watch us on YouTube!

News

Manitoba Ombudsman releases “Ten Tips for Addressing Employee Snooping”

Return to listing

Feb 14, 2017

Manitoba Ombudsman has released Ten Tips for Addressing Employee Snooping, a guidance document for public bodies and trustees subject to the Freedom of Information and Protection of Privacy Act (FIPPA) and the Personal Health Information Act (PHIA).

Organizations have obligations under FIPPA and PHIA to protect personal and personal health information from unauthorized use or disclosure. Access to, or viewing of, such information is considered a “use” of the information, and should only occur when employees need to access the information for legitimate work-related purposes. Access for personal reasons is generally referred to as employee snooping.

The guidance document provides the following tips to prevent, detect and respond to snooping:

  1. Foster a culture of privacy
  2. Have periodic and/or “just-in-time” training and reminders of policies around snooping
  3. Ensure employees know that consequences will be enforced
  4. Ensure access is restricted to information required to perform the job
  5. Develop measures to enable blocking of employee access to a specific individual’s information
  6. Have access logs and/or other oversight tools in place
  7. Proactively monitor and/or audit access logs and other oversight tools
  8. Understand “normal” access, to better detect inappropriate access
  9. Investigate all reports of employee snooping
  10. Where proactive measures fail, respond appropriately

More details about the 10 tips are available in the guidance document:

Ten Tips for Addressing Employee Snooping cover

The guidance document is also available in French.