Community Integration is committed to ensuring the complete protection and utmost confidentiality of personal information of its clients, employees, family members, caregivers and volunteers as legislated by Government as the Personal Information and Protection Act (PIPA – found here) and Article 28.11 of the Collective Agreement between CSSEA and CSSBA for unionized employees.
CISS is committed to meeting or exceeding privacy standards established by the BC Personal Information and Protection Act by following the Ten Privacy Principles that relate to the use of Personal Information.
Principle 1 -Accountability
CISS is responsible for maintaining and protecting the personal information under its control. In fulfilling this mandate, the society designates an individual(s) who is (are) accountable for society’s compliance with the Ten Privacy Principles. The individual is the Executive Director of the Society.
Privacy Management Program
CISS develops and maintains a privacy management program as per the requirements of FIPPA.
Principle 2 -Identifying Purposes
CISS will identify the purpose for which personal information is collected before or at the time the information is collected.
Principle 3 -Consent
CISS will obtain the consent of the individuals for collections, use or disclosure or personal information except where the law states exemptions, grant permission, or creates a requirement for collection, use or disclosure of personal information. The society may collect information about you without your consent to establish, manage or terminate the relationship.
Principle 4 -Limiting Collection
The Society will limit the personal information collected to those details necessary for the purpose identified by the Society.
Principle 5 -Use, Disclosure and Retention
CISS will only use, disclose or retain information for the purpose for which it was collected unless the individual has otherwise consented or when its use, disclosure or retention is required or permitted by law. Personal information will only be retained for the period of time required to fulfill the purpose for which it was collected.
Principle 6 -Accuracy
CISS will maintain personal information as accurate, complete and up to date form as necessary to fulfill the purpose for which it was used.
Principle 7 -Safeguarding Personal Information
CISS will protect personal information by security safeguards that are appropriate to the sensitivity level of the information.
Principle 8 – Immediate reporting of Breaches
CISS will make information available to individuals concerning the policies and practices that apply to the management of their information.
CISS will report any privacy breach that “could reasonably be expected to result in significant harm to the individual”. A “privacy breach” is broadly defined. It includes theft, loss, or any other unauthorized collection, use or disclosure of personal information.
CISS will assess whether the breach could result in reasonable harm.
CISS will provide notification of a privacy breach “without reasonable delay” to any affected individual. There are specific requirements for written notification, including descriptions of the breach, any containment steps taken, and steps the individual can take to reduce the risk of harm.
CISS is required to provide notice to the Office of the Information & Privacy Commissioner. Public bodies should keep in mind that the Privacy Commissioner has broad discretion to conduct its own investigations into privacy compliance.
Principle 9 -Individual Access
CISS will inform an individual upon the individual’s request of the existence, use and disclosure of the individual’s information, and shall give the individual access to it in accordance with the law. In addition, in accordance with the Society’s internal policy, the individual will be required to put their request in written form. Individuals may verify the accuracy and completeness of their information and may request that it be amended, if appropriate.
Principle 10 -Complaint Process
Individuals may direct any questions or enquiries with respect to the Society’s privacy policies or practices to the Executive Director of CISS.