PIPEDA COMPLIANCE POLICY
Brampton Multicultural Community Centre (BMC) is committed to protecting and respecting the personal information of its clients, employees, volunteers and community partners, and so on in accordance with PIPEDA. This policy will provide guidelines to ensure BMC remains compliant with PIPEDA requirements.
This policy applies to the employees, management team and board of directors of BMC and is to be complied with whenever personal information is collected as a part of BMC's business functions.
The Human Resources department of BMC will be responsible for the administration of this policy.
Personal Information Privacy and Electronic Document Act (PIPEDA) establishes rules to govern the collection, use and disclosure of personal information in a manner that recognizes the right of privacy of individuals with respect to their personal information and the need of organizations to collect, use or disclose personal information for purposes that a
reasonable person would consider appropriate in the circumstances. (Source: The Justice Department of Canada)
The following guidelines will be complied with to ensure BMC remains compliant with PIPEDA requirements.
The personal information of BMC clients, employees, and volunteers, etc. must be managed so as to meet the following
- All personal information in BMC possession or custody is protected in an appropriate manner.
- Individuals must be informed as to why the information is being collected.
- Consent must be obtained for the collection of information.
- Individuals have the right to withdraw their consent.
- Personal information collected is only collected for reasonable purposes.
- Personal information is used only for the purposes for which it was collected.
- Personal information is retained only for the period of time that it is reasonably required.
- Personal information is destroyed that is no longer required using a safe, secure and effective manner (e.g. shredding).
- All personal information collected is accurate.
- Individuals are allowed to gain access to their personal information, and make corrections as appropriate.
PIPEDA Compliance Policy Brampton Multicultural Community Centre (BMC) Page 2
- Appropriate security is applied (e.g. safe/locking cabinets) for the protection of personal information.
- Access to personal information is limited to authorized personnel that have a legitimate need to access the information.
- Consent must be obtained prior to the release of any third party.
- Identify and communicate to the individual the forms of information being collected and the rationale for the collection of these forms of information.
- Notify individuals and obtain consent prior to using personal information for any reason other than those provided at the time of collection.
In addition to the above requirements, BMC has designated the Assistant Manager, Settlement Services, the Manager of Programs and Services along with the Human Resources Department the sole representatives to hold accountability for the organization's compliance with PIPEDA. The Human Resources department will hold responsibility for the management of personal information policies and procedures of BMC.
The PIPEDA representatives shall be responsible for:
- Developing and implementing policies and practices under PIPEDA including:
- Procedures that address the collection, use, retention, destruction and management of personal information;
- Procedures for protecting personal information;
- Procedures for complaints and inquiries; and Staff training on PIPEDA obligations.
- Employing privacy agreements to ensure the protection of personal information where the information must be provided to a third party.
- Reviewing policies, practices and procedures on an annual basis, or as needed, making appropriate revisions.