Privacy and Use of Personal Information Policy
- Policy 1: Limiting Personal Information Collected
- Policy 2: Limiting the Purposes of Personal Information
- Policy 3: Information is used only for purposes stated in Policy 2
- Policy 4: Personal information is secured and used for the stated purpose at time of collection.
- Policy 5: Obtaining Consent
- Policy 6: Ensuring Accuracy of Personal Information
- Policy 7: Personal Information is Secured
- Policy 8: Access to information is limited to a need-to-know basis
- Policy 9: Personal information is disclosed only when necessary
- Policy 10: Retention and disposal of personal information
- Policy 11: Providing access to personal information
- Policy 12: Questions and Complaints: The Role of the Privacy Officer
- Appendix – About PIPA
Policy 1: Limiting Personal Information Collected
1.1 First Call may collect the following information:
- Donor and Donation Information
- Home Address
- Personal Email
- Phone Number/s – home/cell/business
- Banking information for direct deposits/payments (staff)
- Relevant health Information of individual staff/board members to support their wellness, facilitate accommodations and extended health benefit submissions.
- Marital status, family members, their dates of birth, workplace, contact info (collected for benefit plan / emergency contacts)
- Age / Date of Birth
- Social Insurance Number (required on TD1 provincial/federal tax forms and used for payments of taxes where collected)
- Employment History
- Evaluations / Performance Reviews
Policy 2: Limiting the Purposes of Personal Information
2.1 First Call will only collect information that is necessary to fulfill the following purposes:
- To verify identity
- To process e-newsletter subscriptions
- To gather feedback related to research and surveys
- To send out affiliate information
- To contact individuals for fundraising
- To meet regulatory requirements
- To collect and process payments
- To collaborate, supervise and/or manage staff/contractors/board members/volunteers
- To process staff/contractor requirements: bi-weekly pay, benefits and income tax / RRSP submissions
- To make transparent who is involved with First Call by having staff and board members made public on First Call’s website and publications
2.2 First Call will communicate the purposes for which personal information is being collected, either orally or in writing, before or at the time of collection, unless the purposes for collecting personal information are obvious and the individual voluntarily provides his or her personal information for the purpose stated.
Policy 3: Information is used only for purposes stated in Policy 2
3.1 First Call will only use or discloses personal information where necessary to fulfill the purposes identified at the time of collection or for a purpose reasonably related to the purpose stated such as:
- To conduct research or surveys
- To contact individuals directly about projects, events or programs that may be of interest
3.2 We will not use or disclose personal information for any additional purpose unless we obtain consent to do so.
3.3 We will not sell, loan or trade lists that include personal information to other parties.
Policy 4: Personal information is secured and used for the stated purpose at time of collection.
4.1 First Call collects personal information using: Mail Chimp and Microsoft 365 applications for electronic data management and storage
4.2 First Call uses personal information to enroll individuals in receiving: our newsletter, meeting announcements, fundraising and program/project updates
4.3 Anonymous information is used in research reports and case stories.
4.4. Meeting attendance – participant names and organizations are noted and added to minutes of meetings
Policy 5: Obtaining Consent
5.1 First Call will obtain consent to collect, use or disclose personal information (except where, as noted below, First Call is authorized to do so without consent).
5.2 Consent can be provided orally, in writing, electronically, through an authorized representative or it can be implied where the purpose for collecting using or disclosing the personal information would be considered obvious and the individual voluntarily provides personal information for that purpose.
5.3 Consent may also be implied where an individual is given notice and a reasonable opportunity to opt-out of his or her personal information being used for mail-outs, fundraising and the member does not opt-out.
5.4 Individuals can withhold or withdraw their consent for First Call to use their personal information at any time.
5.5 First Call may collect, use or disclose personal information without the individual’s knowledge or consent in the following limited circumstances:
- When the collection, use or disclosure of personal information is permitted or required by law
- In an emergency that threatens an individual’s life, health, or personal security
- When the personal information is available from a public source (e.g., a telephone directory)
- When First Call requires legal advice from a lawyer
- For the purposes of collecting a debt
- To protect ourselves from fraud
- To investigate an anticipated breach of an agreement or a contravention of law
Policy 6: Ensuring Accuracy of Personal Information
6.1 We will make reasonable efforts to ensure that personal information is accurate and complete.
6.2 Individuals may request correction to their personal information in order to ensure its accuracy and completeness. A request to correct personal information can be made in writing, orally or electronically, and must provide enough detail to identify the personal information and the correction being sought.
6.3 If the personal information is demonstrated to be inaccurate or incomplete, we will correct the information as required and send the corrected information to any organization to which we disclosed the personal information.
Policy 7: Personal Information is Secured
7.1 First Call is committed to ensuring the security of personal information in order to protect it from unauthorized access, collection, use, disclosure, copying, modification or disposal or similar risks.
7.2 The following security measures will be followed to ensure that personal information is appropriately protected: electronic data is securely stored in SharePoint/Microsoft 365 with managed access with approved devices (use of user IDS, passwords, restricting employee access to personal information as appropriate, First Call issued laptops) and an Information Technology service is retained to ensure the overall security of electronic data and its access.
7.3 First Call uses appropriate security measures when destroying an individual’s personal information such as shredding documents and deleting electronically stored information no longer in use or valid. All paper documents received are scanned and securely stored electronically. Paper copies may be kept as needed in secure files prior to shredding.
7.4 First Call continually reviews and updates security policies and controls as technology changes to ensure ongoing personal information security.
Policy 8: Access to information is limited to a need-to-know basis
8.1 All First Call staff members have access to basic member/affiliate information. Other information is limited to those who need it.
Policy 9: Personal information is disclosed only when necessary
9.1 Personal information is disclosed only to those who need it for program, project, or fundraising purposes.
9.2 Personal information is only disclosed to outside parties with voluntary consent, subject only to the limited exceptions outlined in Policy 5.5.
Policy 10: Retention and disposal of personal information
10.1 First Call will retain personal information only if necessary, to fulfill the identified purposes or a legal or business purpose.
10.2 Disposal of personal information is secured through the shredding of physically documented information and the deletion of electronic information.
Policy 11: Providing access to personal information
11.1 A request to access one’s own personal information must be made in writing and provide sufficient detail to identify the personal information being sought.
11.2 Upon request, First Call will disclose the use for personal information.
11.3 First Call will make the requested information available within 30 business days or provide written notice of an extension where additional time is required to fulfill the request.
11.4 A minimal fee may be charged for providing access to personal information. Where a fee may apply, First Call will inform the individual of the cost and request further direction from the member on whether or not we should proceed with the request.
11.5 If a request is refused in full or in part, we will notify the individual in writing, providing the reasons for refusal and the recourse available.
Policy 12: Questions and Complaints: The Role of the Privacy Officer
12.1 The Privacy Officer is responsible for ensuring First Call compliance with this policy and the Personal Information Protection Act.
12.2 Individuals should direct any complaints, concerns or questions regarding First Call compliance in writing to the Privacy Officer. If the Privacy Officer is unable to resolve the concern, the individual may also write to the Information and Privacy Commissioner of British Columbia.
For any questions or complaints please contact us at firstname.lastname@example.org.
First Call’s Privacy Officer is the Office Administrator – Barb McEachern
Address: #328 – 3381 Cambie Street, Vancouver, BC V5Z 4R3
- First Call Child and Youth Advocacy Society does not sell, trade or rent our mailing lists or contact information. Your information will be stored securely and used only for the purpose for which your consent was given. You may opt-out of our mailing or email list at any time.
- Donor information is held securely with our charitable partner, Vancouver Foundation, and managed according to their privacy policies.
- We are committed to protecting the personal information of First Call’s affiliates, donors, subscribers, research project participants and other individuals whose personal information we collect.
- We collect personal information as a part of our fundraising, research and communications activities. We have strengthened our commitment to protect individual’s personal information in accordance with British Columbia’s Personal Information Protection Act (PIPA).
Appendix – About PIPA
About the Personal Information Protection Act
PIPA is a Provincial Law SBC 2003 c. 38 whose purpose is to govern the collection, use and disclosure of personal information by organizations. The Act recognizes the right of individuals to protect their personal information, and the need of organizations to collect, use, or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances. PIPA is distinct from the federal law, the Personal Information Protection and Electronic Documents Act (PIPEDA), which does not apply within British Columbia.
For more information:
- The Office of the Information and Privacy Commissioner provides independent oversight and enforcement of BC’s access and privacy laws – https://www.oipc.bc.ca
- A Guide to B.C.’s Personal Information Protection Act – https://www.oipc.bc.ca/guidance-documents/1438
- Personal Information Protection Act – https://www.bclaws.gov.bc.ca/civix/document/id/complete/statreg/03063_01
Intent of the PIPA legislation
The intent of the legislation is to prohibit the use of personal information for both commercial and noncommercial purposes. It is also intended that the legislation will provide a safeguard against identity theft. The federal legislation, PIPEDA, has a narrower standard that is limited to commercial activity, while the BC Provincial Act, PIPA, also relates to non-commercial activity including not-for-profits.
Federal act vs provincial act
In provinces that have privacy legislation, the provincial legislation generally takes precedence over the federal legislation in cases in which the provincial legislation is seen to be “substantially similar” by the office of the Privacy Commissioner of Canada.
What is Personal Information?
Personal information is any factual or subjective information about an identifiable individual. It includes but is not limited to:
- Home Address
- Mental/Physical Disability
- Home Phone Number
- Family Members Names
- Date of Birth
- Employee Files
- Personal email
- Identification numbers: e.g. SIN, Health, or Driver’s License Numbers
- Credit Card and/or Bank Records • Religion
- Donation Information
- Sexual Orientation
- Loan or medical records, etc.
- Marital and/or social status
What is not personal information?
Personal information does not include business job titles, business phone numbers, address or email addresses if you are an employee of First Call. Anything that can be found through publicly available information sources is not considered personal information.