St. Joseph's Lifecare Foundation
Brantford, Ontario
FOUNDATION POLICY STATEMENT
St. Joseph’s Lifecare Foundation is committed to protecting the privacy of the personal information of its donors, employees, volunteers and other stakeholders. We value the trust of those we deal with, and of the public, and recognize that maintaining this trust requires that we be open and accountable in how we treat the information shared with us.
During the course of our various projects and activities, the Foundation frequently gathers and uses personal information. Anyone from whom we collect such information must be sure that it will be carefully protected and that any use of this information is subject to their prior consent. Our practices are designed to protect privacy.
Personal information gathered by us is kept in confidence. Our staff is authorized to access personal information based only on their need to deal with the information for the reason(s) for which it was obtained. We have imposed safeguards to ensure the information is not disclosed or shared any more than is necessary to achieve the purpose for which it was gathered. We also do our best to ensure the integrity of this information is maintained and to prevent it being lost or destroyed.
This policy is based on the Canadian Standards Association Model Code and adheres to the federal Personal Information Protection and Electronic Documents Act (PIPEDA).
Defining Personal Information
Personal information is any information which can be used to distinguish, identify or contact an individual. This information includes an individual’s opinions or beliefs, as well as facts about, or related to, the individual. Exceptions are: business contact information and certain publicly available information, such as names, addresses, and telephone numbers, as published in telephone directories, and are not considered personal information.
Where an individual uses his or her home contact information as business contact information as well, the contact information becomes business contact information, and is not considered personal information.
Privacy Practices
Accountability
The Foundation President and C.E.O. serves as the Foundation’s Chief Privacy Officer and works closely with the facility Chief Privacy Officer to ensure the consistent application of privacy legislation, policies and procedures.
The Chief Privacy Officer’s responsibility is to understand the broad impact of privacy, to implement policies and procedures, and to handle complaints. He/she will communicate and explain this policy and give training regarding it to all employees and volunteers, who might be in a position to collect, retain or use personal information.
Third Party Use of Personal Information
The Foundation may use third parties to process mailings. This requires sending name and address information, usually segmented into specific gift level categories, to a mail house that addresses, prints, sorts, and co-ordinates distribution of these mailings. In all cases, the third party vendor signs a confidentiality agreement promising that it will take every precaution to protect personal information in its possession and to destroy it upon completion. (See Appendix 1).
Further, data sent by the Foundation to a third party vendor will be encrypted to ensure protection. The vendor will be required to act likewise in sending data to the Foundation.
Identifying Purpose
Before personal information is collected, the Foundation must identify the purpose for which it is being collected. (See sample Purpose Statement – Appendix 2).
Information collected will only be used for the original purpose for which it was collected, unless required otherwise by law. Should a new purpose be established, individuals must be notified of the change.
Consent
In the collection, use or disclosure of personal information, knowledge and consent of the individual is required. This consent must be meaningful and easily understood. (See sample Purpose Statement – Appendix 2). The Foundation offers individuals the opportunity to not receive mailings or other communications.
Resident Family Solicitation
In particular, the consent of resident family members will be obtained through an initial mailing. It will include an opt-out clause. Signage and brochures throughout the facility will supplement this. Purpose statements will be posted on the Foundation website, and included in our newsletters, direct mailings, and other communication materials.
Requests from individuals to be excluded from mailings or other communications will be respected and acted on promptly.
Publication of Donor Lists
With respect to the publication of donor lists by gift category, donor consent will be obtained at the time of solicitation.
Limiting Collection
Personal information collected is limited to that which is necessary to fulfil the purposes identified.
Information will be collected only by lawful means without misleading or deceiving individuals as to the reason. The source of data will be indicated on each file.
Limiting Use, Disclosure and Retention
Information can only be used for the purpose for which it was collected. When personal information is no longer required, it will be permanently erased from electronic records, or shredded if in hard copy format.
The Foundation does not lend, exchange, rent or sell our donor list to other organizations or individuals.
Accuracy
The Foundation will ensure that all personal information is accurate, complete, and as up to date as possible.
Openness
Our Foundation provides the public with general information on our personal information protection policies and practices, and makes it clear who serves as the
Foundation’s Chief Privacy Officer. This information is posted on our website and published on a regular basis in our various communications.
Safeguards
The Foundation will ensure that steps are taken to protect personal information from theft and loss, as well as unauthorized access, disclosure, copying or use.
Hard copies of records are kept in secure filing cabinets and are accessible by Foundation staff only on a need-to-know basis. Only Foundation staff with confidential passwords may access electronic records. Information obtained from visitors or donors to our website is protected by special electronic security measures.
Foundation staff sign a confidentiality statement in which they agree to protect all personal information they use in the conduct of their job.
The Foundation has been assured that appropriate firewalls and other like safeguards are in place.
Individual Access
Upon request, individuals will be informed of the existence, use and disclosure of all their personal information and be given access to that information. An individual has the right to challenge the accuracy and completeness of the information and have it amended if appropriate.
An exception to this would be if information cannot be disclosed for legal, security or other reasons.
All requests for access will be responded to within a reasonable time (no more than 30 days) and at minimal or no cost to the individual.
Challenging Compliance
An individual can challenge the Foundation’s compliance with this policy. If so, the Foundation will follow the procedures as outlined in its Complaints Policy (see Appendix 3).
Policies and procedures will be amended if the complaint has validity.
Updating of Privacy Policy
The Planning and Research Committee of the Foundation will regularly review and update this policy and our privacy practices as required.
DATE ORIGINATED: November 2003
DATE REVISED
AUTHORIZED SIGNATURE TITLE President & C.E.O.
Olga Consorti
Appendix 1 Privacy Policy
Image: No Details
An Agreement
between
Name of Company/Vendor
and
St. Joseph’s Lifecare Foundation, Brantford (The "Foundation”)
99 Wayne Gretzky Pkwy.
Brantford, ON N3S 6T6
In order to protect the privacy of the individuals who comprise the database of the St. Joseph’s Lifecare Foundation, (name of company/vendor) agrees to hold such information in the strictest confidence. Its staff will limit access to this information which will be destroyed/deleted upon receiving instructions from the Foundation. It will be used in accordance with the instructions provided by the Foundation and for no other purposes whatsoever.
(Name of company/vendor) agrees not to share this information with any other person or organization, except with the prior written approval of the Foundation. It will not be retained for any other purpose. It will not be duplicated, reproduced or stored, electronically or otherwise, in whole or in part, without the prior consent of the Foundation.
(Name of company/vendor) is responsible for the implementation of security safeguards to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
(Name of company/vendor) agrees that the Foundation has at all times the right to demand immediate return of the information and any and all copies, excerpts, duplications in any form in the possession of (Name of company/vendor), their employees or agents, and that following such demand, the same shall be returned to the Foundation and all access to the information will be terminated.
_________________________________ Date ______________________
Olga Consorti, President & C.E.O.
St. Joseph’s Lifecare Foundation
_______________________________ Date ______________________
(Name of Principal & Company/Vendor)
Appendix 2 Privacy Policy
Sample Purpose Statement
"It is our policy not to share, sell, or rent our mailing list with any person or organization. However, from time to time, we share news and information about the facility and foundation by mail and by email. This may include our annual report, e-newsletters, and letters concerning the facility and Hospice’s needs and progress. If you do not wish to receive this information, please check the box below.”
Appendix 3 Challenging Compliance
In the event that a donor challenges the privacy compliance as stated in this policy, St. Joseph’s Lifecare Foundation will take the following steps:
- Request the donor provide their issue in writing identifying where they feel the privacy issue was not in compliance with the policy.
- Establish an ad hoc committee to be comprised of the President and CEO, the Board Chair or designate and one other Board member.
- The Ad Hoc Committee will review the letter and determine whether the letter has all the information required for an informed review and decision. If not, the donor will be contacted and asked for additional information. If the information is sufficient, a decision will be made as to whether the policy was followed and if so, is a revision to the policy required. If the policy was not followed, appropriate action will be taken to correct the issue.
- A response letter will be sent to the donor within 2 weeks of the letter being received from the donor. The response letter will indicate the decision of the committee and the steps taken.