British Columbia Personal Information Protection Act. Frequently Asked Questions:



Similar documents
PERSONAL HEALTH INFORMATION PROTECTION ACT, 2004: AN OVERVIEW FOR HEALTH INFORMATION CUSTODIANS

Law Firm Compliance: Key Privacy Considerations for Lawyers and Law Firms in Ontario

Doing Business. A Practical Guide. casselsbrock.com. Canada. Dispute Resolution. Foreign Investment. Aboriginal. Securities and Corporate Finance

Taking care of what s important to you

PERSONAL INFORMATION PRIVACY POLICY FOR EMPLOYEES AND VOLUNTEERS [ABC SCHOOL]

INTRODUCTION...3 THE FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT...3 THE INFORMATION AND PRIVACY COMMISSIONER...5

The Manitoba Child Care Association PRIVACY POLICY

Guide to Identifying Personal Information Banks

Privacy Guidelines For Landlords and Tenants

Personal Information Protection Act (PIPA) Privacy & Landlord - Tenant Matters Frequently Asked Questions

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

CANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS. White Paper

PIPEDA and Online Backup White Paper

Information Governance Policy

Volunteer Application Form

Cloud Computing: Privacy and Other Risks

Personal Information Protection Act ( PIPA ) Privacy-Proofing Your Retail Business Tips for Protecting Customers Personal Information 1

Applicability: All Employees Effective Date: December 6, 2005; revised January 27, 2009 Source(s):

1. Each employee is responsible for managing college records in a responsible and professional manner.

PIPA and the Hiring Process

ADMINISTRATIVE MANUAL Policy and Procedure

4.7 Website Privacy Policy

DATA PROTECTION AND DATA STORAGE POLICY

DISASTER RECOVERY INSTITUTE CANADA WEBSITE PRIVACY POLICY (DRIC) UPDATED APRIL 2004

The Health Information Protection Act

SUBJECT: VOYAGEUR TRANSPORTATION CORPORATE POLICIES/PROCEDURES TITLE: PRIVACY OF PERSONAL HEALTH INFORMATION

Index All entries in the index reference page numbers.

This agreement applies to all users of Historica Canada websites and other social media tools ( social media tools or social media channels ).

Taking care of what s important to you

How To Protect Your Personal Information At A College

How to write a policy to prevent. Harassment. by Louise Pohl

Acting Under a Power of Attorney

PRINCIPLE IV: THE SOCIAL WORK AND SOCIAL SERVICE WORK RECORD

Intake for Services. Birth date: Age: Gender: Name of Spouse: Years Married: Spouse's Age:

Seizing Opportunity: Good Privacy Practices for Developing Mobile Apps

Personal Information Protection Act. Information Sheet 5: 1. Personal Employee Information

THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK

How To Get Insurance In Britain Colony

Cloud Computing Contracts. October 11, 2012

PINAL COUNTY POLICY AND PROCEDURE 2.50 ELECTRONIC MAIL AND SCHEDULING SYSTEM

3. Consent for the Collection, Use or Disclosure of Personal Information

CREDIT AND PERSONAL REPORTS REGULATION

Personal Information Protection Policy for Small and Medium-Size Businesses

Procedures for obtaining informed consent for recordings and images of people to support Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy

Privacy Policy on the Collection, Use, Disclosure and Retention of Personal Health Information and De-Identified Data, 2010

Recruitment, Selection & Disclosure Policy and Procedure

Privacy Law in Canada

June Privacy Guidelines for Strata Corporations and Strata Agents

AN INTRO TO. Privacy Laws. An introductory guide to Canadian Privacy Laws and how to be in compliance. Laura Brown

OFFICE OF THE PUBLIC GUARDIAN AND TRUSTEE POWERS OF ATTORNEY AND LIVING WILLS. Questions and Answers

POLICIES AND REGULATIONS Policy #78

Best Practices in Data Management - A Guide for Marketers -

Privacy Policy on the Responsibilities of Third Party Service Providers

A Guide to Ontario Legislation Covering the Release of Students

We will not collect, use or disclose your personal information without your consent, except where required or permitted by law.

Conducting Surveys: A Guide to Privacy Protection. Revised January 2007 (updated to reflect A.R. 186/2008)

1. Introduction. The laws of any jurisdiction other than England & Wales Taxes or duties Financial investment.

Admission to the Order of Ministry

TEACHERS ACT [SBC 2011] Chapter 19. Contents PART 1 - DEFINITIONS

Data Protection Act a more detailed guide

Information and Privacy Commissioner of Ontario. Guidelines for Using Video Surveillance Cameras in Schools

Information Management and Protection Policy

EHR Contributor Agreement

APPENDIX A: SOCIAL MEDIA PRINCIPLES, POLICIES AND GUIDELINES FOR PARISHES, SCHOOLS AND PROGRAMS OF THE ARCHDIOCESE OF SEATTLE

Information Privacy Policy

The Manitowoc Company, Inc.

Code of Business Conduct

YWCA Metro St. Louis Social Media Policy

The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations

ACOT WEBSITE PRIVACY POLICY

Ausgrid Privacy Policy

Overview of. Health Professions Act Nurses (Registered) and Nurse Practitioners Regulation CRNBC Bylaws

Frequently Asked Questions for Condominium Corporations

Gaming Policy and Enforcement Branch

Transcription:

British Columbia Personal Information Protection Act Frequently Asked Questions: (Further queries may be sent to Bob Stewart at the B.C. Conference Archives.) (1) What is the Personal Information Protection Act? PIPA is a Provincial law SBC 2003 c. 38 whose purpose is to govern the collection, use and disclosure of personal information by organizations. The Act recognizes the right of individuals to protect their personal information, and the need of organizations to collect, use, or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances. PIPA is distinct from the federal law, (PIPEDA), the Personal Information Protection and Electronic Documents Act, which does not apply to congregations within British Columbia. (2) Does a local church congregation or Pastoral Charge come under this Act? Congregations or Pastoral Charges must comply with the Act. All non-public organizations within B.C. from the largest corporation to the smallest non-profit society must comply with the Act. It is estimated that 400,000 organizations within B.C. come under PIPA. In provinces that have a Personal Information Protection Act, the Provincial Act takes precedence over the Federal Act. (3) What is Personal Information? Personal information is any factual or subjective information about an identifiable individual and includes: Home address Home phone number Age, date of birth Personal email address Race Weight/Height Colour Religion Sexual orientation Marital and/or social status Mental/physical disability Family members names Employee files Identification numbers: e.g. Social Insurance, Provincial Health, or Drivers License numbers Evaluations Income Credit Card and/or bank records Donation information Loan or medical records, etc. Affiliations (4) What is not personal information? Personal information does not include your business job title, telephone number, address or email address if you are an employee of the church, or anything that can be found through publicly available information such as the phone book. 1

(5) What is the intent of the PIPA legislation? The intent of the legislation is to prohibit the use of personal information for both commercial and non-commercial purposes. It is also intended that the legislation will provide a safeguard against identity theft. The federal legislation (PIPEDA) has a narrower standard, being limited to commercial activity, while the B.C. Provincial Act (PIPA) also relates to non-commercial activity (6) If there is a federal act, why do we not simply use that? In provinces that have Privacy legislation, the provincial legislation generally takes precedence over the federal legislation, when the provincial legislation is seen to be substantially similar by the office of the Privacy Commissioner of Canada. Thus at the level of the congregation, or pastoral charge, we need to use the provincial legislation. It is probable the Act applies to the Presbyteries in B.C. (7) Does the B.C. Conference office need to use the provincial or the federal legislation? This is not as clear. Given that the Conference has much to do with personal information that is moved between several legal jurisdictions, it may be that it will have to comply with both provincial and federal legislation. Many inter-jurisdictional issues require further definition and interpretation. The General Council offices follow the federal legislation, in part because Ontario has not yet framed its provincial legislation, and in part because much of the personal information at that level is shared between various legal jurisdictions. (8) Is complying with the Privacy Legislation going to be a lot of work? Most Pastoral Charges will not find it difficult. In many cases, congregations are already handling their sensitive or personal information responsibly. Your congregation will likely need to pull together a small ad-hoc committee to get your Privacy Policy launched. The staff, including ministry personnel, will need to become familiar with the Privacy Policy, and become sensitive to those times when the work of the congregation is raising privacy issues. Part of the work of a Privacy Officer is to help the Pastoral Charge and staff keep on top of privacy issues. (9) We have Church Directories containing the names, addresses and other means of contacting members of the congregation, etc. Does this infringe on the Privacy legislation? While church directories were originally compiled as an internal reference for members of the congregation, the statute includes as personal information the items included in the answer given to Question 3. It would be unwise in any event to include most of the information set out in Answer 3 in such directories. If you include home addresses, telephone numbers, e-mail addresses along with the names of members and adherents, you should have the tacit consent of such folks before printing and distributing a directory. 2

This does not mean you need to recall all current directories but when a new edition is being prepared for publication any time after January 1, 2004, members and adherents should be asked to inform those preparing the directory if they do not wish this information to be included. This can be done by notice in the weekly church worship bulletin for several weeks prior to printing the directory, making it clear that those who do not let the printers of the directory know (name a specific person) to exclude this information, they have given implied consent to publish the personal information. In view of the church s policies concerning the protection of young people within the congregation s care, it is not advisable to include in the listing in the directory the names and other information, such as e-mail addresses, of any minor children. Since minors (under 19 years in B.C.) cannot give their own consent and are persons considered at risk for which the church must provide protection, their names should be excluded from a general congregational directory, It would also be wise to place a notice inside the front cover of the directory to state that it is published for the personal use of the congregation and is not to be circulated to third parties outside of the congregation. (10) We circulate the names and addresses or e-mail addresses of individual committees for their own use? This is also personal information that requires the consent of individual members of the committee. What is often done is for the members of a church committee to all agree at the beginning of the committee s work that such a list be prepared, that all agree to include names, phone numbers, fax numbers or whatever information seems necessary for the committee s work and that it be kept by each member confidentially. (11) Are minutes of meetings considered to be personal information? Church board and committee minutes are not confidential. The Manual specifically refers to confidentiality of proceedings of the Ministry and Personnel Committee of the Pastoral Charge and the Pastoral Relations Committee of the Presbytery and these should not be circulated beyond the membership of those committees. Minutes should not contain any of the personal information set out in Answer 3 and normally would not if they are to be made public. There may be times when church meetings need to go in camera to deal with sensitive personnel and other matters. This should be noted in the minutes, as should any decisions or motions passed in such an in camera committee of the whole. Circulation of minutes of a church court on an internet website is not encouraged. (12) Do we need to have a Privacy Officer in each Pastoral Charge? Yes. Someone at each church should be so designated. (13) What do we do with records containing personal information? Records held in the church containing personal information should be kept in a locked and secure area. 3

(14) Who should we name as our Privacy Officer? In most congregations, it is likely that the Privacy Officer will not be very busy after the initial planning and launch. It may well be a position that a volunteer could take on, if they were familiar with the life and the organization of the Pastoral Charge, and if they were seen as fair minded mediators. In some cases, it may be that a Church Secretary or Church Administrator would have the skills and aptitudes required. If no one else is able or willing to accept the position, the position would fall to the ordained minister of the congregation by default. (15) What do I do if I want to have access to my personal information? A signed, detailed request should be sent to the Privacy Officer of the congregation or Pastoral Charge. (16) Can we use the personal information we have on hand for something other than the original reason for which it was collected? No. The church would have to obtain the consent of the member every time the personal information was to be used for different purposes. If, however, the personal information is transferred to the Conference Archives, it can be used for archival or research purposes. Included in the purposes for which personal information is collected are archival or research purposes, based on the long-term or perpetual legal and business purposes of the congregation. (17) Congregations frequently take photos or videos of events which are then posted in bulletins, or on websites, etc. Is consent required by anyone whose photo is so published? Yes, written, verbal or tacit consent is required. This is important if the intent is to publish the photos either in print or electronically. There may also be copyright restrictions. (18) Our congregation has a website, and on it we have a Prayer Concerns List. This gives the names of members of our congregation that are sick, so that people can pray for their healing or recovery. The list has proven to be very helpful, and includes the specific conditions and ailments that we wish to raise up to God. The problem is not whether God hears your prayers. The problem is whether others read of your prayer concerns in a published form. Medical personal information is one of the most sensitive kinds of personal information, and such all too specific names and medical conditions should not be disclosed in a written list, whether in a worship bulletin, a website, or any other publication. The disclosure of such sensitive information is not in compliance with the Personal Information Privacy Act. It would be best to seek a more private forum for such sensitive information sharing, such as within a prayer group. Nor is it prudent to include prayer list information in published worship bulletins. Prayer concerns are best shared verbally in prayer groups or in public worship. 4

(19) Can I refuse to disclose my personal information, and what happens if I do? You may do so, but it may complicate your life somewhat. If you are a donor to your congregation, you may wish to have a charitable tax receipt. The church treasurer will need some personal information to provide such a receipt. It is necessary and reasonable for a church organization to require some personal information to carry out its work, for example preparing a pay cheque, processing benefit claims, or managing donor information. At the same time, it is very possible to limit the disclosure of certain personal information if you see no benefit in providing it. (20) In Section 35(2) of the provincial Personal Information Privacy Act (PIPA), the Act states that: An organization must destroy its documents containing personal information, or remove the means by which the personal information can be associated with particular individuals, as soon as it is reasonable to assume that (a) the purpose for which the personal information was collected is no longer being served by the retention of the personal information, and (b) retention is no longer necessary for legal or business purposes. Does this affect what records we transfer to our Conference Archives? No it does not. Pastoral Charges should continue to send their archival records to the Conference Archives and should use either the listing provided in What records does the B.C. Conference want or the information found in Managing Your Congregation s Records both of which documents are found on the Records Management page of the B.C. Conference Archives website at http://bc.united-church.ca/archives/ PIPA is interested in the preservation of archival and historical records for research purposes, even those that contain personal information. In section 22 of the provincial Act, we are told that: An organization may disclose personal information for archival or historical purposes if (a) a reasonable person would not consider the personal information to be too sensitive to the individual to be disclosed at the proposed time, (b) the disclosure is for historical research and is in accordance with section 21 [a Section related to the disclosure of personal information for research or statistical purposes], (c) the information is about someone who has been dead for 20 or more years, (d) the information is in a record that has been in existence for 100 or more years. Thus Section 22 of the Act does spell out a place for archives. In Section 35(2)(b) we note that the organization must destroy its documents containing personal information only if retention is no longer necessary for legal or business purposes. It is our interpretation of Section 35(2)(b) that retention of archival and historical records of the organization are included as a part of the ongoing legal or business purposes of the church. Archival records, by their nature, are permanently necessary records for the legal and business purposes of the church. Finally, in Section 18(1) of the provincial Act, it is stated that An organization may only disclose personal information if (n) the disclosure is to an archival institution if the collection of the personal information is reasonable for research or archival purposes, 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information