IWSO is committed to protecting the privacy of personal information of its employees, clients, volunteers and donors. Information will only be released when required by law, mandated by court order, or in the instance of a medical emergency. Information about clients may also be shared between staff for the purposes of consultation. For the purpose of this policy, “personal information” means any information about an identifiable individual and, without excluding any other information, includes the following:
Members of the Board of Directors- Information relating to identity, age, gender, address, telephone number, e-mail address, date of birth, and employment
Staff (including contractual staff) – Information relating to identity, nationality, age, gender, address, telephone number, e-mail address, Social Insurance Number, date of birth, family composition, education, employment and health history, and criminal reference check
Clients- Information relating to identity, nationality, age, gender, address, telephone number, e-mail address, Social Insurance Number, date of birth, marital status/family composition, education employment and health history, as well as history of IWSO service use
Students- Information relating to identity, nationality, age, gender, address, telephone number, e-mail address, Social Insurance Number, date of birth, education, employment and health history, and criminal reference check.
Volunteers- Information relating to identity, nationality, age, gender, address, telephone number, e-mail address, Social Insurance Number, date of birth, education employment and health history, and criminal reference check
Donors- Information relating to identity, nationality, age, gender, address, telephone number, and e-mail address. Please note that the name of the donor and amount of the donation may be disclosed if the donor gives their permission in writing to publicize this information.
3. POLICY STATEMENT
3.1 All staff are expected to follow the procedures outlined in this policy when addressing privacy issues.
3.2 Guiding Principles
Organizations are accountable for the personal information they collect, use, retain, and disclose in the course of their commercial activities, including, but not limited to, the appointment of a Chief Privacy Officer.
Identifying Purposes. Organizations are to explain the purposes for which the information is being used at the time of collection and can only be used for those purposes.
IWSO will ask for information only as necessary. IWSO must obtain information directly from individuals and not third party sources. These individuals must be informed verbally how their information will be used by the staff person collecting the information.
Consent. Organizations must obtain an individual’s express consent when they collect, use, or disclose the individual’s personal information.
IWSO must not disclose the personal information of an individual unless express permission is granted by the individual. Prior written consent must be obtained from an individual before sharing information about the individual with external or collaborative agencies. A record of this consent must be kept on the individual’s file.
Limiting Collection. The collection of personal information must be limited to only the amount and type that is reasonably necessary for the identified purposes.
IWSO must collect information by fair and lawful means and will collect only that information which may be necessary for purposes related to our being able to respond to the individual’s needs.
Limiting Use, Disclosure and Retention. Personal information must be used for only the identified purposes, and must not be disclosed to third parties unless the individual consents to the alternative use or disclosures, or as the law requires.
IWSO retains information only for the time it is required for the purposes disclosed to the individual. Information is kept on file for a maximum of 10 years from the date of the individual’s first visit to IWSO. Once information is no longer required, it must be destroyed so that it cannot be used by any third parties.
Accuracy. Organizations are required to keep personal information in active files which are accurate and up-to-date.
IWSO will work to ensure that any personal information provided by the individual in his or her active file(s) is accurate, current and complete as is necessary to fulfill the purposes for which the information has been collected, used, retained and disclosed. IWSO will request that individuals inform the organization in writing of any changes to their personal information.
Safeguards: Protecting your information. Organizations are to use physical, organizational, and technological safeguards to protect personal information from unauthorized access or disclosure.
IWSO protects personal information with appropriate safeguards and security measures. Client files must remain in the office unless required by law to be removed. Access to databases and shared drives which contain personal information must only be granted to appropriate staff through named IT accounts.
Openness. Organizations must inform their clients and train their employees about their privacy policies and procedures.
Individual Access and Correction. An individual has a right to access their own personal information held by an organization and to challenge its accuracy if need be.
Individuals may request their own personal information that has been retained by IWSO and will be provided access. To review this information, individuals should submit a written request to the Executive Director or her designate. IWSO must provide access to this information in a period no longer than two weeks.
Providing Recourse. Organizations are to inform clients and employees of how to bring a request for access, or complaint, to the Chief Privacy Officer, and respond promptly to a request or complaint by the individual.
IWSO must review all requests for access or complaints within a two week period. Complaints and concerns about privacy should be submitted in writing to the Executive Director or her designate.
5.1 Related legislation
IWSO Compliance with Privacy Legislation