Type: cyfsa faq

When an employee purposefully views personal information for reasons unrelated to their job duties — such as out of curiosity about a client they know personally — this is sometimes referred to as snooping.

Service providers are required to take reasonable steps to protect personal information against privacy breaches, including snooping.  These steps may include:

  • Privacy policies that address snooping
  • Staff training and awareness
  • Privacy notices and warning flags
  • Confidentiality agreements signed by staff
  • Role-based access to electronic records
  • Logging and auditing of staff access to records

You can learn more in the IPC’s guide to Detecting and Deterring snooping in the health sector

This post is also available in: French