Support

home > privacy policy

PERSONAL INFORMATION PROTECTION ACT (PIPA)
Bill 38-2003 - Effective January 1, 2004

REASON FOR POLICY

To be accountable for our information practices, be that collection, use, disclosure or disposal of personal information, for all service recipients, staff members, or volunteers working for the Society.

POLICY

  1. Only personal information that is considered reasonable and necessary in order to provide service to clients will be collected, used, or disclosed.
  2. Only personal information that is considered reasonable and necessary in order to employ an individual at the agency will be collected, used, or disclosed.
  3. Notification will be given and consent obtained to use personal information from every individual accessing services provided through South Peace Community Resources Society prior to any collection, use or disclosure of personal information.
  4. Notification will be given and consent obtained to use personal information from every individual working for South Peace Community Resources Society prior to collecting, using or disclosing any personal information.
  5. Use of personal information is only for reasonable purposes, that which fulfills the purpose of the agency, identified at the time of collection. Only the amount and type of information needed to carry out these purposes will be collected.
  6. Personal information will be collected by fair and lawful means.

PROCEDURE

Notification: Prior to, or at the time of, collecting personal information, you must let the individual know the purposes of the collection and the name of a person who can answer any questions the provider may have.

  1. Identifying the Purpose - What is the purpose for collecting personal information?
    • SPCRS will limit the collection of personal information to that which is necessary for the purposes you identify.
    • SPCRS will only collect, use or disclose personal information if it is reasonable, having regard to the sensitivity of the personal information in the circumstances.
  2. Obtaining Consent

    SPCRS services must get consent prior to, or at the time of, any collection, use or disclosure of personal information unless otherwise stipulated by PIPA. This includes the collection of personal information from a source other than the individual. I.E. Employment References - References cannot be given without prior consent from the employee.

    SPCRS will choose an appropriate form of consent in relation to the proposed use or disclosure of the personal information and its sensitivity. SPCRS will always consider what kind of consent an individual would reasonably expect, in the circumstances, given the sensitivity of the information and the uses or disclosures you plan for the information.

    • Consent clauses should be:
      • Easy to find
      • Clear and straightforward in their language
      • Not blanket statements
    • Consent is only meaningful if the individual understands how it will be used. Communicate clearly.
    • Consent can be obtained over the fax, phone or in person.
    • PIPA considers consent to be given when an individual, knowing the purpose for the collection of his or her information to you. Verbal consents must be documented.
    • Sensitive information requires an "express, written consent".
    • Mature minors can give consent for their personal information to be used. For the purpose of PIPA, if the individual is deemed a mature minor, or is capable of making their own decisions, then their decision regarding consent will be respected.
    • PIPA does not apply to information collected before January 1, 2004. Organizations are not required to obtain consent from individuals for information collected prior to that date. However, if this information is to be used for a new purpose after January 1, 2004, consent must be obtained prior to its use for that new purpose.
    • Group Information - Where clients are unidentifiable or aggregate information such as statistical information about groups of individuals is collected, it is not considered personal information, and as such, PIPA does not apply.
    • Court Files - PIPA does not apply if the information collected is personal information in court files. If client files are subpoenaed into court, the information is no longer under the control of the Personal Information Privacy Act.
    • Individuals are not required to consent to collection, use or disclosure of personal information beyond what is necessary to provide them with service.
    • An individual can change or withdraw consent in some situations, unless the withdrawal interferes with a legal obligation.
    • PIPA recognizes the following types of consent:
      1. express consent
      2. deemed consent
      3. consent by not declining to give consent (also know as 'opt-out consent')

      Express Consent - Signifies that an individual, knowing what personal information is being collected and for what purposes, willingly agrees to the information being collected, used and disclosed as notified. Express consent can be given in writing or verbally. If you rely on verbal consent, remember that you may have to prove later that the consent was actually given by the individual. Document the verbal consent. I.E. Consent form signed to provide counseling.

      Deemed Consent - PIPA says that an individual is "deemed" to consent to collection, use or disclosure of personal information if the individual voluntarily provides it for a purpose that would, at the time, be considered obvious to a reasonable person.

      I.E. Name and phone number to return phone call.

      Opt-Out Consent - In some cases, individuals are given a chance to decline consent, or in other words, opt-out of proposed uses or disclosures and thus decline to give their consent. If they give personal information knowing the intent of usage, they have consented to the notified uses and disclosures. A common method of opt-out consent is where a form contains a notice of what the organization intends to do with the personal information it collects and also a check-off box. If the organization tells people the intended usage of their names and addresses, such as to send them various types of information, they can check the box if they do not want you to use their information of this purpose.

      I.E. Raffle Ticket - Collecting names and addresses for a mailing list. A check-off box will allow the individual to enter a draw but opt-out of being put on a mailing list.

  3. Limiting Collection
    • You must limit both the amount and type of personal information collected to that which is necessary for the purpose identified.
  4. Limiting Use
    • SPCRS will only collect, use or disclose personal information only if it is reasonable, having regard to the sensitivity of the personal information in the circumstances.
  5. Disclosure
    • The Society is legally responsible for all personal information in its custody or under it's control. If a service recipient is referred to a service provider outside of the Society, staff will ensure that the service provider uses the same personal information protection standards as does SPCRS. The personal information that the service provider uses remains our responsibility after the referral is made.
  6. Retention
    • Keep only "reasonable" amounts of personal information.
    • Personal information is to be retained for a minimum of one year. Beyond one year, Ministry and agency regulations apply. Old records, which, by law or policy are no longer needed, will be destroyed.
  7. Accuracy
    • Individuals have the right to ask for information to be corrected if they think their personal information is incorrect or incomplete. If a correction is requested, but not made, a notation of the request will be kept on file.
  8. Using Appropriate Security Measures
    • a. Personnel files as well as sensitive client files will be kept in a locked filing cabinet at all times.
    • b. If possible, all files will be identified by number, not by name.
    • c. Faxing or emailing personal information is discouraged. If no other method is available with which to transfer the information, initials or file numbers only will be used.
    • d. Traveling with personal information is discouraged. If unavoidable, staff will ensure that personal information files are locked in a briefcase. Personal information files will never be left unattended in the front of a vehicle. Files will be locked in the trunk if left unattended.
    • e. Hard drives on computers will be destroyed by smashing them. Simply wiping the hard drives clean is not sufficient.
    • f. Work areas will be kept clean and neat. Information will not be left unattended on a desk.
    • g. Hallway conversations will not include personal or sensitive information.
    • h. Office doors will be kept closed when employees are involved in a conversation that could be overheard and when dealing with personal or sensitive information.
    • i. All staff working outside of the Admin Building will stop at the Reception desk if they wish to proceed past the photocopy area in the office. The Receptionist will announce their arrival.
    • j. Disposal of records will occur in a fashion that protects the personal information, be that shredding or burning. If this task is contracted out, we will ensure that the contractor follows the same strict policy and procedure for the protection of personal information, and we will ensure that the job has been completed by the contractor.
  9. Response to Complaints and Inquiries - Procedures for Challenging compliance.
    • The Privacy Officer is responsible for responding to any complaints and inquiries
  10. Access to Information
    • Individuals have the right to access the personal information the Society has about them and to ask for the information to be corrected if they think their personal information is incorrect or incomplete. If a correction is requested, but not made, a notation of the request will be made and kept on file.
    • Employees can access their personal information free of charge.
    • Service recipients may access their personal information, however a minimal fee may be charged, if deemed necessary. Reports, letters, or summaries used in providing services are not covered by the Personal Information Protection Act, and as such, service recipients do not have access to such.
    • To request access to your Personal Information, to ask questions about our privacy policy or to request that your Personal Information not be used for the purposes outlined, you may contact the Privacy Officer at the Administration Building, located at:

    11. 10110 - 13th Street
    Dawson Creek, BC
    V1G 3W2
    Phone: (250) 782-9174
    Fax: (250) 782-4167

    Mailing Address:

    Box 713
    Dawson Creek, BC
    V1G 4H7

    For further information, you can contact:

    PIPA HOTLINE - 1-250-356-1851

    or Privacy Help Line
    (250) 387-5629
    Toll Free - 1-800-663-7867
    Email - info@oipc.bc.ca
    www.oipc.bc.ca/

    or

    Privacy Help - Corporate Privacy & Information Act
    B.C. Ministry of Management Services
    P.O. Box 9403 Stn. Prov Govt
    Victoria, BC
    V8W 9V1

    (250) 387-1992
    Toll Free - 1-800-663-7867 (Enquiry BC)
    www.mser.gov.bc.ca/foi_pop/

  11. Changes to this PIPA Policy
    • SPCRS reserves the right to modify this policy at anytime, without notice.

Local Support

Each of our programs believes in helping people help themselves. We believe in collaborating with individuals, businesses, community groups, and government to create focused, effective and responsive resources for the community.

What’s New | Our Philosophy | General Information | Getting Involved | Wishlist & Investment Opportunities | Career Opportunities | Links | Contact Us

Copyright © 2004 South Peace Community Resources Society. Privacy Policy. Site Design by Eldoren Design