TARGET AUDIENCE: Partner Organizations, the General Public, Members (including Executive Committee Members), Volunteers
Adopted 17 May 2021
The East and West Learning connections Organization, hereinafter ‘the Organization’, is committed to respecting the privacy rights of individuals and ensuring the protection of the personal information in our custody and control.
To ensure that THE ORGANIZATION’s practices involving personal information are consistent with the Freedom of Information and Protection of Privacy Act (FIPPA) Part III – Protection of Individual Privacy.
- THE ORGANIZATION collects only the minimum necessary personal information, whether recorded or verbal.
- THE ORGANIZATION provides notice when it collects personal information (either directly from the individual or indirectly from another source) unless it is waived or falls under an exception under FIPPA. At a minimum, the notice will provide the authority for the collection, the purpose for collecting the personal information and contact information for further inquiries.
- THE ORGANIZATION uses personal information under the following circumstances:
◦ With the individual’s consent
◦ For the purpose identified at time of collection or for a consistent purpose
- THE ORGANIZATION discloses personal information where permitted under FIPPA. Some of the circumstances in which organizations are permitted to disclose personal information include:
◦ where the individual has consented to the disclosure;
◦ for the purpose for which the personal information was obtained or compiled or for a consistent purpose;
◦ where the disclosure is necessary and proper in the discharge of the Organization’s functions;
◦ for the purpose of complying with another Act;
◦ for law enforcement purposes;
◦ in compelling circumstances affecting the health or safety of an individual;
◦ in compassionate circumstances, to facilitate contact with the next of kin or a friend of an individual who is injured, ill or deceased;
- the Organization President or, in the Organization president’s absence, the Organization Secretary, shall ensure that only those individuals who need a record for the performance of their duties have access to it and take the necessary steps to protect the Organization’s personal information records from accidental destruction.
- THE ORGANIZATION takes the necessary administrative, technical and physical safeguards/ precautions to protect personal information (at rest, in motion, in use) from a privacy breach, including unauthorized access, linkage, disclosure or alteration.
- The Organization’s Directors and volunteers must sign and follow a Code of Conduct and Ethics that includes a commitment to “Store, handle, and transfer all records, in all formats, in a way that attends to the needs of THE ORGANIZATION and its stakeholders for privacy and security.”
- In the event of a privacy breach, THE ORGANIZATION will follow its privacy breach protocol.
- THE ORGANIZATION provides contact information for questions or concerns about any collection, use or disclosure of personal information by us, or about a request for access to personal information in our custody and control.
Breach: The result of an unauthorized access to, or collection, use or disclosure of personal information.
Control (of a record): The power or authority to make a decision about the use or disclosure of the record.
Custody (of a record): The keeping, care, watch, preservation or security of the record for a legitimate business purpose. While physical possession of a record may not always constitute custody, it is the best evidence of custody.
Consistent Purpose: Where personal information has been collected directly from the individual to whom the information relates, the purpose of a use or disclosure of that information, without consent, is a consistent purpose only if the individual might reasonably have expected such a use or disclosure. This means that the original purpose and the proposed purpose are so closely related that the individual would expect that the information would be used for the consistent purpose, even if the use is not spelled out.
FIPPA: Freedom of Information and Protection of Privacy Act in Ontario
Personal information: Recorded information about an identifiable individual, including:
- information relating to the race, national or ethnic origin, colour, religion, age, sex, sexual orientation or marital or family status of the individual;
- information relating to the education or the medical, psychiatric, psychological, criminal or employment history of the individual or information relating to financial transactions in which the individual has been involved;
- any identifying number, symbol or other particular assigned to the individual;
- the address, telephone number, fingerprints or blood type of the individual;
- the personal opinions or views of the individual except if they relate to another individual;
- correspondence sent to an institution by the individual that is implicitly or explicitly of a private or confidential nature, and replies to that correspondence that would reveal the contents of the original correspondence;
- the views or opinions of another individual about the individual; and
- the individual’s name if it appears with other personal information relating to the individual or where disclosure of the name would reveal other personal information about the individual.
Privacy: The principle that an individual has the right to control their own personal information.