Privacy Policy — full text

This is the exact embedded text of the captured official document. Snapshot 2029d83903c3 · verified 2026-06-10 · original document · archived snapshot · unofficial consolidation, the official version is held by the municipal clerk.

# Privacy Policy The Town of Newmarket is committed to providing our residents with information and services in a manner that respects and protects their privacy. This page summarizes the privacy statement and practices applicable to the interactions with the Town of Newmarket website. We do not automatically gather any personal information from you unless it is supplied voluntarily. Any personal information you do provide is managed according to the Municipal Freedom of Information and Protection of Privacy Act (Ontario). The Town of Newmarket website collects visitor data using Google Analytics. This allows the Town of Newmarket to access user reports such as the Demographics and Interest Report. This feature is a web analysis service provided by Google. Google collects data about your visits to, from, and within our website through cookies, usage data and anonymous identifiers. Google utilizes the data collected about your visits to, from, and within our website in order to prepare reports on the performance of our website and marketing/communication efforts. Google also shares the collected data with other Google services and may use it to contextualize and personalize the ads of its own advertising network. For more information, refer to Google's privacy policy. We use Google Analytics "first-party" cookies to help us understand how visitors are using our website. We use "third-party" cookies to understand age, gender, interest categories, and user flows. This analysis will assist us in understanding the characteristics and interests of our users so we can refine our ad campaign strategies. Anonymous information collected via Google Analytics will not be combined with any personally-identifiable information collected by the Town (such as information collected during program registration, ticket payments etc). You can opt out of Google Analytics, including "third-party" cookies, by downloading and installing the Google Analytics opt-out browser add-on on your computer (visit the add-on site for browser compatibility). Vendors of products and/or services may choose to register with the Town online which requires provision of personal information. The Town of Newmarket does not and will not sell, rent, disclose, distribute or otherwise disseminate any information collected. The Town of Newmarket takes every precaution to protect your personal information on our website. We protect your account information by requiring you to enter a unique Login ID and password each time you want to access your account information. Your password should never be shared with anyone. The Town of Newmarket uses SSL encryption technology to protect personal information (eg. credit card numbers, etc.) during transmission. A security icon will appear in your browser window to indicate that you are using a secure site. If you have any questions or concerns about the security at our website, you can send an email to [email protected] The Town's website contains links to other sites. Please be aware that the Town of Newmarket is not responsible for the privacy practices of other sites. When you leave our site, we encourage you to read the privacy statement of each and every website that you visit before you provide any personal information. The Town's privacy statement applies solely to information collected on the Town's website. If you have any questions or comments regarding this statement, please contact the Town Clerk, Town of Newmarket, 395 Mulock Dr., P.O. Box 328, Station Main, Newmarket, ON L3Y 4X7, telephone 905-895-5193, or by email at [email protected]. ## Internet of Things Below are guidelines for the Internet of Things (IoT) for the Town of Newmarket. These guidelines provide a framework to help the Town deploy connected devices and IoT technologies in a coordinated and consistent manner. ### Town of Newmarket Internet of Things (IoT) deployments must protect and respect the privacy of residents, businesses and visitors. The Town is committed to being open and transparent about the "who, what, where, when, why and how" of data collection, transmission, processing and use. **1.1:** **The Town should make IoT and IoT-related processes and policies** publicly available through the the Town's website and should be up-to-date, transparent, clear and comprehensive including IoT principles, guidelines, operational policies and responsibilities. **1.2: IoT data should only be collected, transmitted, processed and used** for specified, explicit and legitimate purposes. The purpose of data collection (e.g., a use case such as monitoring pedestrian traffic), what data is collected (e.g., **encrypted cell phone pings**) and how data is being collected should be transparent and made public via the Town website or other public notice as appropriate. **1.3:** **Data and information collected by IoT devices** should be classified and treated accordingly, as public, sensitive, private or confidential. All Personally Identifiable Information (PII) should be classified at a minimum as private. Personally Identifiable Information is only collected when needed for a specific business purpose. If PII data is not required, as defined by the business process and supplied by the owner, it is not to be collected. All data that is classified as being confidential, or personally identifiable, will be protected from unauthorized use and disclosure. * Information and Privacy Commissioner of Ontario - What is personal information? * Newmarket Data Classification Policy - currently under review **1.4: Personal information should by default be anonymized before being shared** in any way that could make the information publicly searchable or discoverable. Any copies and reproductions must have the same or higher level of classification as the original. Any combinations of data should be reclassified according to the Town's Data Classification Policy. **1.5:** **Personal information data types should have a clearly associated retention** **and disposal policy and procedure**. Sensitive, private or confidential data should be kept for no longer than is operationally necessary or required for the specified, explicit and legitimate purposes. **1.6:** **Before any sensitive, private, or confidential data is shared** outside the originating Town department, the department should ensure that the need cannot be met by using anonymized or aggregated data and that the appropriate protections are in place to preserve the confidentiality of the data. **1.7:** **All public data sets** should be freely accessible via the Town's Open Data portal accessible through the Town's website. ### The Town of Newmarket Internet of Things (IoT) deployments must protect and respect the privacy of residents and visitors. The Town is committed to being open and transparent about the "who, what, where, when, why and how" of data collection, transmission, processing and use. **2.1: IoT systems** (e.g. how data is collected, analyzed and used) should be designed with the use case in mind (e.g. predicting demand for snow removal services, weather and events) to maximize the benefits that can be derived through data collection (e.g. routing snow removal trucks more efficiently). Relevant business and historical data from the Town or its partners should be made available and utilized by applications where it is deemed useful and/or appropriate. **2.2: The desired measurement from any IoT system** (e.g. pedestrian counts) should be collected and categorized as efficiently as possible, using as few steps and/or adjustments as necessary. **2.3: IoT data should be collected and stored** according to open standards, contain relevant contextual metadata, be exposed through open, standards-based application program interfaces (APIs), and be provided with software development kits (SDKs) where applicable and available so it can be easily shared or combined with other data sets. **2.4: IoT data should be archived** and made accessible through the Town's open data portal unless restricted by existing laws or regulations and/or in doing so would compromise privacy or public safety. Data from other systems not operated by the Town, such as from a private sector partner or from crowdsourcing, that could provide public benefit can also be provided in this form with the source documented accordingly. **2.5:** **The Town recognizes the use of distinct** and sometimes conflicting non-proprietary international, national, or industry standards for data and technology interfaces. In cases where standards conflict, the one that most closely aligns to the use case will be selected. **2.6:** **Each IoT device data set** (e.g. zoning) should be validated and verified (e.g. through redundancy in data collection and/or historical data) and the resulting master copy clearly labelled before it is used, aggregated and/or released. Data should be versioned, where appropriate, so that any updated data can be distinguished from the original and/or master copy. **2.7: IoT data should be both audited** and continuously monitored for accuracy and validity. This process should be automated where possible. **2.8: All data sets** (e.g. landmarks) should be checked for geographic, social or system-driven bias (e.g. name differences) and other quality problems. Any biasing factors should be recorded and provided with the data set and corrected where possible. ### Internet of Things (IoT) devices, networks and infrastructure shall be deployed, used, maintained and disposed of in an efficient, responsible and secure manner to maximize public benefit. **3.1:** **To support Town of Newmarket wide coordination** of IoT deployments, the Town will maintain an inventory of IoT devices that they deploy using a standardized format. The Town will also maintain an inventory of the public or private assets on which devices are installed and the networks used by these IoT devices including details on the network type (e.g. LTE), security protocol (e.g. WPA), location, service level agreements, and contact information for the network and system operator. **3.2: The Town should accumulate and publish**, via the Town website, public information on IoT systems, such as the Soofa bench network, including but not limited to examples of deployed IoT devices (e.g. pedestrian traffic pattern sensors) and the different types of public assets (e.g. street furniture) on which they are deployed. **3.3:** **The Town should make public**, via the Town website, a standardized protocol, including points of contact, for requesting access to, and approving use of, Town assets for IoT deployments. Where appropriate, the Town will detail restrictions on particular types of public assets and/or siting restrictions (e.g. rules for landmark or historic districts). **3.4:** **IoT deployments shall, where possible, leverage or repurpose** existing conduit and public assets, maximize energy efficiency, and adhere to sustainable device disposal procedures. **3.5:** **The Town should leverage their own, secure, existing wireless and fixed networks** where possible and appropriate. Networks for IoT deployments should be selected to best support the specific use case. This should include but is not limited to ensuring appropriate security protocols, bandwidth, pricing models, and service level agreements (SLAs). **3.6:** **All IoT devices and network equipment installed by the Town**, on the Town's behalf, or on Town property should have clear agreements and established terms of service governing who is responsible for ongoing operations, maintenance, and the secure disposal of equipment. IoT devices and network equipment should be labelled clearly with the name and contact information for the responsible party. **3.7: Public assets should be instrumented in an orderly and organized manner** that minimizes clutter and allows for ease of access for replacement, repair and addition of new equipment or devices. **3.8: IoT systems should be designed to maximize resiliency** in the event of a natural disaster (e.g. severe flooding) or other emergencies (e.g. electrical outages). Critical systems should have established emergency response plans to ensure the appropriate continuity of service. ### Internet of Things (IoT) systems should be designed and operated with security in mind to protect of the public, ensure the integrity of services, and be resilient to attacks. **4.1:** **IoT systems should be designed with an explicit focus** on minimizing security risks (e.g. unauthorized operation or hacking, system faults, tampering, and environmental risks), limiting the potential impact from a security breach (e.g. the release of personally identifiable information), and ensuring that any compromises can be quickly detected and managed. **4.2:** **IoT systems should utilize established security frameworks**, where possible, and ensure communication between components is tightly constrained. **4.3:** **Identity and access management controls should be in place** to ensure that the right people have access to systems, networks, and data at the right time. Users with access to IoT systems should be identified and authenticated. **4.4:** **All data should be protected in transit and at rest**, and systems should be secured against unauthorized access or operation. Data storage mechanisms must not be easily removed from devices and systems must not have vulnerable external interfaces (e.g. unsecured USB ports). **4.5: All partners utilizing public assets and/or networks** for IoT deployments should adhere to the principles and guidelines set by the Town of Newmarket. The Town has the right to restrict or revoke access to assets, devices, and networks to protect public interest and safety. **4.6: The Town and its partners should engage** in both audit-based and continuous monitoring to ensure that systems are working and that devices have not been compromised. **4.7:** **Responsibilities related to security monitoring and the protection** of IoT systems should be clearly defined. In the event of a breach, public and private sector entities will be required to comply with the Town's breach disclosure and notification requirements as outlined in the Town's Protection of Personal Information. ### All Internet of Things (IoT) deployments should be structured to maximize public benefit and ensure financial, operational, and environmental sustainability. **5.1: A business case showing demonstrated need, business case, and public benefit** (e.g. economic, social, and environmental outcomes) should be required prior to deployment of any new IoT devices or solutions. In addition, proof of concept should be required prior to Town of Newmarket wide deployments. **5.2: Prior to deployment, the Town and its partners shall identify** all stakeholder and user groups (e.g. residents, businesses, visitors and Town employees) that will be impacted by the IoT solution and establish feedback mechanisms and methods of engagement for these groups. Before, during and following deployment, the Town and its partners should also check for and address biases in the IoT solution (e.g. information asymmetries) that may result in unintended consequences (e.g. inequitable service delivery). **5.3: The Town shall prioritize access to its IoT infrastructure assets and public networks** for IoT device deployments that are distributed in an equitable manner and have the greatest public benefit. Public-private partnerships and business models that offset costs or generate revenue in ways aligned with greatest public benefit are encouraged but must be closely evaluated for risk. **5.4:** **All projects and associated contracts or agreements** should outline the "who, what, where, when, why and how" of the implementation, operations, risk management, knowledge transfer, and maintenance of IoT systems. This should include clear definitions related to system and data ownership and responsibilities. **5.5:** **Solutions shall be designed to be flexible and responsive** to evolving needs. Agreements should enable the addition of new functions and update of components over the life of the agreement at a fair and transparent cost. **5.6: Performance metrics should be maintained for solutions.** Agreements should specify intended outcomes of a solution and levels of service and provide for penalties, modifications, or terminations of the agreement in the event that the solution does not perform. **5.7: The Town and its partners should reuse infrastructures and components** where possible, leverage Town wide contracts or agreements, and develop solutions collaboratively among agencies to avoid duplicating existing solutions or functions and extract the greatest value from investments. **5.8:** **All components of a solution should be implemented** in a modular manner, prioritizing open standards where possible, to ensure interoperability and prevent dependency on a single vendor.