Catholic Youth Organization Diocese of Hamilton  

Policy on the collection, use and disclosure of personal information

The Catholic Youth Organization (C.Y.O.) of the Diocese of Hamilton is committed to maintaining the privacy of our clients/customers, employees and volunteers by establishing a policy for the collection, use and protection of their personal information.

This policy applies to all clients/customers, employees and volunteers of the C.Y.O. and its programs and services. The C.Y.O. collects personal information through registration forms, donations and other required forms for participation in its programs and services. Personal information is held in confidence and is not to be revealed to anyone unless expressly or implicitly authorized by the client/customer, employee and/or volunteer. Personal information will not be made available to third party organizations for solicitation purposes.

Personal information is defined as information about an identifiable individual, factual or subjective, recorded or not, such as:

  • -name, address, telephone number, age, ethnic origin, income, health information.
  • -employee records, volunteer records, evaluations, opinions, social status.

Personal information does not refer to the name, title, business address or business telephone number of an employee of the organization.

The C.Y.O. is committed to following the principles of the Personal Information and Electronic Documents Act (PIPEDA). The PIPEDA came into effect on January 1, 2004 for all organizations engaged in the collection, use and disclosure of personal information in relation to commercial activities.

The principles in the Model Code for the Protection of Personal Information are as follows:

  • Accountability
  • Identifying Purpose
  • Consent
  • Limiting Collection
  • Limiting Use, Disclosure and Retention
  • Accuracy
  • Safeguards
  • Openness
  • Individual Access
  • Challenging Compliance
  • Accountability: T he C.Y.O. is responsible for the personal information under its control and shall designate an individual to be accountable for compliance. Our Chief Privacy Officer is the agency Executive Director.
  • Identifying Purpose: The purpose for which the information is collected shall be identified at or before the time the information is collected. Depending upon the way in which the information is collected, this can be done orally or in writing. Forms currently in use should be amended to identify the reason for collecting information.
  • Consent is required for the collection of personal information and the subsequent use or disclosure of this information. Consent for the use or disclosure of the information will be sought at the time of collection. If the reason for the use or disclosure of the information collected has changed, consent must be obtained for this new purpose prior to its use.

The C.Y.O. will obtain expressed (written) consent when the information is considered sensitive. Implied consent is sufficient when the information is less sensitive. If information is collected by phone, it is sufficient to obtain implied consent. Consent can also be given by an authorized representative (such as a legal guardian or a power of attorney).

All personal information is to be held in confidence and will not be disclosed to anyone without the expressed or implied consent of the individual involved except for but not limited to the following:

  • To be used for acting in an emergency that threatens the life, health or security of the individual.
  • Given to an individual who needs the information because of an emergency that threatens the life, health or security of another individual.
  • If the law requires it.
  • If it is required to comply with a subpoena, warrant or court order.
  • If the disclosure is requested for the purpose of enforcing, investigating or administrating any law of Canada or a province.
  • Made to an institution whose function includes the conservation of records of historic or archival importance and the disclosure is made for the purpose of such conservation.
  • A request is made after the earlier of one hundred years after the record containing the information was created or twenty years after the death of the individual concerned.
  • Limiting collection: The collection of information shall be limited to that which is necessary for the purposes of the needs identified by the C.Y.O. and its programs and services. The C.Y.O. will not collect personal information indiscriminately. The C.Y.O. shall review its current collection practises and change forms that do not comply.
  • Limiting Use, Disclosure and Retention : Personal information shall not be used or disclosed for purposes other than those for which it was collected except with the consent of the individual. Personal information shall be retained only as long as necessary for the fulfilment of those purposes. Personal information that is no longer required is to be destroyed in a secure manner.
  • Accuracy: Personal information about current clients/customers, employees, and volunteers is to be as accurate and up-to-date as is necessary for the purpose for which it is to be used.
  • Safeguards: Personal information shall be protected by security methods appropriate to the sensitivity of the information. Methods of protection should include limiting access of personal information only to individuals who need to know, using locked filling cabinets and restricting access to office areas, using passwords and encryption for data stored on computers. Those with access to personal information are to maintain the confidential nature of this information.
  • Openness: T he privacy policy shall be made available to the public through the agency website.
  • Individual Access: Upon request, clients/customers, employees and volunteers shall be informed of the existence, use and disclosure of their personal information and shall be given access to that information. Clients/customers, employees and volunteers shall be given the opportunity to challenge the accuracy and make corrections if necessary.

Access will not be provided if doing so would reveal personal information about a third party. If the information about the third party can be removed from the record or file containing the individual's information, the individual may have access to the balance of the record.

  • Challenging Compliance: Individuals shall be able to address challenges and complaints to the Chief Privacy Officer. All complaints will be investigated and changes to information, policies and practices will be amended, where necessary.

If you have any questions or wish to access your personal information, we invite you to contact our Chief Privacy Officer (agency Executive Director) at (905-528-0011).

 

Adopted by the Board of Directors of the C.Y.O. on April 6, 2005