adopted May 5, 2010
Preamble
The Denman Community Land Trust Association (DCLTA) is committed to respecting individuals’ right to privacy. DCLTA recognizes the need for appropriate protection and management of any personally identifiable information provided to DCLTA, whether from members, tenants, employees, volunteers, donors or the public. In addition, private information will be available to the Board on a need to know basis (limited to those Board members directly engaged in the specific undertaking/project).
DCLTA has established this Privacy Policy to ensure that any personal and/or identifiable information under its care will be properly protected. DCLTA is committed to ensuring compliance with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and the BC Personal Information Protection Act (PIPA). This Privacy Policy applies to all activities of DCLTA and to any service providers collecting, using or disclosing information on behalf of DCLTA.
The DCLTA privacy policy conforms to the 10 principles that comprise the Canadian Standards Association Model Privacy Code. (see attached or web link)
Definition of Personal Information
Personal information includes any factual or subjective information, recorded about an identifiable individual. Personal information does not include the name, title, business address or telephone number of an individual within an organization.
Principle 1 – Accountability
1.1 Accountability for DCLTA’s compliance with privacy legislation rests with DCLTA’s designated Privacy Officer. The name and contact information of the Privacy Officer will be made available to interested individuals through DCLTA’s website, or upon enquiring of the DCLTA’s board of directors.
1.2 DCLTA is responsible for personal information in its possession, including information that has been transferred to a third party for processing. If such transfers take place DCLTA ensures that the third party has comparable privacy safeguards in place.
Principle 2 – Identifying Purposes
2.1 The purposes for which personal information may be collected will be limited to those which are related to DCLTA’s charitable activities and which a reasonable person would consider to be appropriate in the circumstances. DCLTA may collect personal information concerning its donors and clients for reasons that include, but not limited to, the following activities:
1. Maintaining DCLTA membership lists.
2. Providing donors and members with information about DCLTA’s activities.
3. Meeting contractual obligations, legal and regulatory requirements (e.g. comply with Canada
Revenue Agency requirements).
4. Assisting the tenant selection process.
5. Protecting against fraud.
6. Maintaining DCLTA financial accounting.
7. Maintaining a resource contact directory for internal use.
8. Completing funding applications.
2.2 DCLTA will specify the identified purposes, orally or in writing, to the individual from whom personal information is being collected either at the time of collection or after collection but prior to use or disclosure. DCLTA will state the identified purposes in such a manner that an individual can reasonably understand how the information will be used or disclosed.
Principle 3 – Consent
3.1 The principle requires “knowledge and consent,” and DCLTA will make a reasonable effort to ensure that individuals are aware of the purposes for which information the information is collected at the time of collection.
3.2 Consent can be provided orally, in writing, electronically, through an authorized representative or it can be implied where the purpose for collecting, using or disclosing the personal information would be considered obvious.
3.3 Subject to certain exceptions (as when the withdrawal of consent would frustrate the performance of a legal obligation), individuals may withdraw consent, by any means, with reasonable notice to DCLTA.
3.4 DCLTA may collect, use and disclose personal information without consent if that information is considered by law to be in the public domain. Sources of public information include telephone and professional directories, newspapers, periodicals and public registries.
Principle 4 – Limiting Collection
4.1 DCLTA will not collect information indiscriminately. The types of information collected are limited to that which is necessary and reasonable to fulfill the purposes identified in 2.1.
4.2 DCLTA will collect personal information by lawful means and will not mislead individuals about the purposes for which information is being collected.
Principle 5 – Limiting Use, Disclosure and Retention
5.1 DCLTA will not use or disclose personal information for purposes other than those given at the time of collection, except with the consent of the individual or as required by law.
5.2 DCLTA will not sell, rent or trade mailing lists. Personal information would only be disclosed to third parties who have signed a confidentiality agreement binding them to DCLTA’s privacy policies.
5.3 Personal information will be retained as long as the purpose for which the information was originally collected remains valid.
Principle 6 – Accuracy
6.1 DCLTA will make all reasonable efforts to ensure that personal information is as accurate, complete, and current as required for the purposes for which it was collected.
6.2 Employees and the people served by DCLTA will have the opportunity to review and correct their personal data upon written request. A request to correct personal information should be forwarded to the Privacy Officer. If the personal information is demonstrated to be inaccurate or incomplete, DCLTA will correct the information as required and send the corrected information to any third party to which personal information was disclosed in the previous year.
Principle 7 – Safeguards
7.1 DCLTA’s safeguards will protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held.
7.2 DCLTA will make its employees and volunteers aware of the importance of maintaining the confidentiality of personal information, and will exercise care in the disposal and destruction of personal information to prevent unauthorized parties from gaining access to it. All employees and volunteers having access to personal information are required to sign a confidentiality agreement.
7.3 As appropriate, DCLTA’s methods of protection will include physical measures (e.g. locked filing cabinets, restricted access to offices), organizational measures (e.g. security clearances and limiting access on a “need-to- know” basis) and technological measures (e.g. the use of passwords and encryption).
7.4 Third parties are expected to safeguard personal information entrusted to them in a manner consistent with the policies of DCLTA, and are required to sign a confidentiality agreement. Examples of third parties include contractors and members of the Tenant Selection Committee.
Principle 8 – Openness
8.1 DCLTA supports the public’s right of access to information and the right of individuals to access and request correction of personal information about themselves. The Privacy Officer will assist individuals with their access requests to DCLTA.
8.2 In certain situations, DCLTA may not be able to provide access to personal information. If access cannot be provided, DCLTA will notify, in writing, the individual making the request of the reasons for the refusal.
8.3 The information made available will include:
(a) The contact information of the Privacy Officer who is accountable for compliance with DCLTA’s
policies and procedures, and to whom complaints or inquiries can be forwarded.
(b) The means of gaining access to personal information held by DCLTA.
(c) A description of the types of personal information held by DCLTA.
(d) A copy of any document that explains DCLTA’s policies, procedures, standards or codes.
(e) The types of information made available to third parties.
Principle 9 – Individual Access
9.1 DCLTA will respond to an individual’s request for information as to the existence, use, and disclosure of their personal information within a reasonable length of time, but no longer than one month. While this response will typically be provided at no cost to the individual, depending on the nature and amount of information involved, DCLTA reserves the right to impose a cost.
9.2 The requested information will be made available in a form that is generally understandable. For example, where DCLTA uses abbreviations or codes to record information, an explanation of those codes will be provided. Where possible, DCLTA will provide sources for the information.
9.3 For DCLTA to provide an account of the existence, use and disclosure of personal information, an individual may be asked to provide information to aid in the search.
9.4 Upon request, DCLTA will provide specific information about third parties to whom personal information has been disclosed.
9.5 When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, DCLTA will amend the information as required. Where appropriate, the amended information will be transmitted to third parties having access to the information in question.
9.6 Donors may review the personal information DCLTA has recorded for that donor, and only that donor.
Principle 10 – Challenging Compliance
10.1 DCLTA will maintain procedures to receive and respond to complaints or inquiries about its policies and practices relating to the handling of personal information. The complaint procedures will be easily accessible and simple to use.
10.2 If a complaint is found to be justified, DCLTA will take appropriate measures, including revision of the personal information and, if necessary, amendment of DCLTA’s policies and practices.
Updating of Privacy Policy
DCLTA regularly reviews and updates its privacy policy. Please reference the DCLTA web site for the most current privacy practices.
How to contact the Privacy Officer
Inquiries, complaints or access requests should be addressed to:
Privacy Officer
Denman Community Land Trust Association
c/o 3900 Lacon Road
Denman Island, B.C.
V0R 1T0
Canadian Standards Association (CSA) International
March, 1996
Ten Basic Principles
1. Accountability
An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles.
2. Identifying Purposes
The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
3. Consent
The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where inappropriate.
4. Limiting Collection
The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
5. Limiting Use, Disclosure and Retention
Personal information shall not be used or disclosed for purposes other than those for which it is collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of the stated purposes.
6. Accuracy
Personal information shall be as accurate, complete and up-to-date as is necessary for the purpose for which it is used.
7. Safeguards
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
8. Openness
An organization shall make specific information about its policies and practices relating to the management of personal information readily available to individuals.
9. Individual Access
Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information, and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
10. Challenging Compliance
An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization’s compliance.