HWCL acknowledges that our work takes place on acknowledges the Songhees, Esquimalt, Tsartlip/W̱JOȽEȽP, Tseycum/WSIḴEM, Tsawout/SȾÁUTW, Pauquachin/BOḰEĆEN, T’Sou-ke, Scia’new and Pacheedaht Nations who have a historical and ongoing relationship to the land where our offices and work are based.
We also respect the wide diversity of nations and languages across the province. British Columbia is home to more than 200 First Nations communities and approximately 50% of the First Peoples’ languages of Canada. For more information visit: https://maps.fpcc.ca/.
HWCL also recognizes its own responsibilities when it comes to data. Measurement, mapping, and data have historically been used in support of colonizing Indigenous lands, resources, and peoples—from surveying land for Britain, France and Canada, to experiments carried out in residential schools without Indigenous families’ knowledge or consent, to using statistics to perpetuate harmful stereotypes of Indigenous people today. We acknowledge the harms and mistakes of the past and dedicate ourselves to moving forward in partnership with Indigenous peoples in a spirit of truth, reconciliation, and collaboration.
At the Community Social Planning Council (“CSPC”), we are committed to providing our clients with safe and effective services. Providing our services involves the collection, use and disclosure of some personal information about our clients; therefore, protecting their personal information is one of our highest priorities.
While we have always respected the privacy of our clients and safeguarded their personal information, we have strengthened our commitment to protecting personal information as a result of British Columbia’s Personal Information Protection Act (“PIPA”). PIPA, which came into effect on January 1, 2004, sets out the ground rules for how B.C. businesses and not-for-profit organizations may collect, use, and disclose personal information.
We will inform our clients of why and how we collect, use, and disclose their personal information, obtain their consent where required, and only handle their personal information in a manner that a reasonable person would consider appropriate in the circumstances.
This Personal Information Protection Policy (“Policy”), in compliance with PIPA, outlines the principles and practices we will follow in collecting, storing, and protecting our clients’ personal information. Our privacy commitment includes ensuring the accuracy, confidentiality, and security of our clients’ personal information and allowing them to request access to, and correction of, their personal information.
This policy also applies to any programs administered by CSPC and any service providers (i.e., client’s social service partners) collecting, using, or disclosing personal information on behalf of CSPC.
Client – an individual who seeks CSPC programs or services
Client Identification Materials, or Client ID – any form of an officially issued, governmental document that conclusively states or confirms information relating to a client’s identity, biographical background or details, or other basic information.
Personal Information – information about an identifiable individual, such as name, home address, home phone number, email address, license numbers, place of birth, immigration status, biographic data, appearance, ethnic identity, unique marks, and/or family names and history. Personal information does not include contact information (described below).
Contact information – information that would enable an individual to be contacted in keeping with the services sought, and includes name, position name or title, business telephone number, address, email, or fax number. Contact information is not covered by this policy or PIPA.
Privacy Officer – means the individual designated with responsibility for ensuring that CSPC and any of its programs complies with this policy and PIPA. In our documents we call this role the “Information Security Lead.”
Key roles and responsibilities for the protection of CSPC’s information resources, including personal information of its clients, are listed below:
1.1. CSPC may collect and keep certain personal information in assisting its clients in applying for, obtaining, and storing client identification materials, specifically each client’s
1.2. Unless the purposes for collecting the personal information are obvious and the client voluntarily provides their personal information for those purposes, CSPC will communicate the purposes for which personal information is being collected, either orally or in writing, before or at the time of collection.
1.3. CSPC will only collect client information that is necessary to fulfil the following purposes:
2.1 CSPC will obtain client consent to collect, use or disclose personal information (except where, as noted below, CSPC is authorized to do so without consent).
2.2 Consent can be provided to CSPC in writing, by email, by completing a form, through an authorized representative (i.e., a support individual personally accompanying the client). Consent can also be implied where the purpose for collecting using or disclosing the personal information would be considered obvious and the client voluntarily provides personal information for that purpose.
2.3 Clients can withhold or withdraw their consent for CSPC to use their personal information in certain ways.
2.3.1 There are certain exceptions, however; and examples of exceptions to a client’s ability to withhold or withdraw consent may include, e.g., the personal information is necessary to provide a service, or the withdrawal of consent would frustrate the performance of a legal obligation such as fulfilling a statutory or regulatory obligation.
2.3.2 A client’s decision to withhold or withdraw their consent to certain uses of personal information may restrict CSPC’s ability to provide a particular service or information, and may not apply retroactively.
2.3.3 If so, we will explain the situation to assist the client in making an informed decision.
2.4 CSPC may collect, use, or disclose personal information without the client’s knowledge or consent in the following limited circumstances:
3.1 CSPC will only use or disclose client personal information where necessary to fulfill the purposes identified at the time of collection, or for a purpose reasonably related to those purposes, such as
3.2 CSPC will not use or disclose client personal information for any additional purpose unless CSPC obtains consent to do so.
3.3 CSPC will not sell client lists or personal information to other parties.
4.1 If CSPC uses client personal information to make a decision that directly affects the client, CSPC will retain that personal information for at least one year so that the client has a reasonable opportunity to request access to it.
4.2 Subject to policy 4.1, CSPC will retain client personal information only as long as necessary to fulfill the identified purposes or a legal or business purpose, and as required by applicable law.
5.1 CSPC will make reasonable efforts to ensure that client personal information is accurate and complete where it may be used to make a decision about the client or disclosed to another organization.
5.2 Clients may request correction to their personal information in order to ensure accuracy and completeness. A request to correct personal information must be made in writing to the Privacy Officer and must provide sufficient detail to identify the personal information and the correction being sought.
5.3 If the personal information is demonstrated to be inaccurate or incomplete, CSPC will correct the information as required. CSPC will consider whether to send the corrected information to any organization to which CSPC disclosed the personal information in the previous year. If the correction is not made, CSPC will note the client’s correction request in the client’s file.
6.1 CSPC is committed to ensuring the security of clients’ personal information in order to protect against unauthorized access, collection, use, disclosure, copying, modification, or disposal or similar risks.
6.2 CSPC will implement and follow traditional security measures to ensure that client personal information is appropriately protected:
6.3 CSPC will also implement and follow informational and technological security measures to ensure that client personal information is appropriately protected:
6.4 CSPC will audit and periodically update its informational and technological security measures as information threats evolve over time, with accompanying training for its staff as may be appropriate. Information security threats evolve, as will the responsibilities, rights, and duties of CSPC personnel.
6.4.1 CSPC will provide security awareness training to all personnel at induction and at a minimum on an annual basis. Occasional training will be provided on a more frequent basis, if necessary, and / or on a specific security threat.
6.4.2 On an ongoing basis, CSPC will:
6.5 All personnel are required to identify and raise potential issues immediately with their supervisor and/or the Information Security Lead. Examples of issues which should be raised include
6.6 CSPC will use appropriate security measures when destroying a client’s personal information such as shredding and deleting electronically stored information.
6.7 CSPC will continually review and update our security policies and controls as technology changes to ensure ongoing personal information security.
7.1 Clients have a right to access their own personal information, subject to limited exceptions (see section 23 of PIPA):
7.2 A request to access personal information must be made in writing, and it must provide sufficient detail to identify the personal information being sought. A request to access personal information should be forwarded to the Information Security Lead or designated individual.
7.3 Upon request, CSPC will also tell its clients how CSPC uses their personal information and to whom it has been disclosed, if applicable.
7.3.1 Except as otherwise allowed under applicable law, CSPC will make the information requested under Policy 7.3 available within 30 business days, Community Social Planning Council Page 9 of 9, or CSPC will provide written notice of an extension where additional time may be required to fulfill the request.
7.4 Except as otherwise allowed under applicable law, CSPC reserves a right to charge a fee to cover its costs for providing access to a client’s personal information. Where a fee may apply, CSPC will inform the client of the cost and request further direction from the client on whether or not CSPC should proceed with the request.
7.5 If a request of a client to access their own personal information is refused in full or in part, CSPC will notify the client in writing, providing the reasons for refusal and the recourse available to the client, if any.
8.1 The Information Security Lead is responsible for ensuring CSPC’s compliance with this policy and the Personal Information Protection Act.
8.2 Clients should direct any complaints, concerns or questions regarding CSPC’s compliance in writing to the Information Security Lead. If the Information Security Lead is unable to resolve the concern, the client may also write to the Information and Privacy Commissioner of British Columbia.
8.3 Contact information for CSPC’s Information Security Lead will be provided to any client of CSPC upon request.
Barry Hutchinson, Director of Finance and Operations: firstname.lastname@example.org