Royal College prviacy statement
Purpose and Scope
The Royal College adopts the ten principles of the Canadian Standards Association (CSA) Model Code as the guideline for ensuring the protection of Personal Information in its care.
This policy applies to all Personal Information that has been and will be collected, used and disclosed by the Royal College as related to staff and others for whom Personal Information has been collected online and by other means.
Principles and/or Definitions
The ten principles and definitions of the CSA Model Code:
The Royal College is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the Royal College’s compliance with the ten principles.
2. Identifying Purposes
The purposes for which personal information is collected shall be identified by the Royal College at or before the time the information is collected.
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
4. Limiting Collection
The collection of personal information shall be limited to that which is necessary for the purposes identified by the Royal College. Information shall be collected by fair and lawful means.
5. Limiting Use, Disclosure and Retention
Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.
Personal information shall be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
The Royal College shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
9. Individual Access
Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information, and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
10. Challenging Compliance
An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the Royal College’s compliance.
Personal Information is defined as information about an identifiable individual and includes, but is not limited to, name, date of birth, residential address and phone number, email address, and Royal College identification number. Personal Information does not include job titles, business addresses and business phone/fax numbers.
The Guideline used is the CSA Model Code
When the Royal College enters into an agreement with an organization outside of Canada where the organization will have access to Personal Information, the Royal College will ensure that:
1. it enters into a contractual agreement that obligates the third party organization to protect Personal Information it receives from the Royal College so that the level of privacy protection is similar to the expectation in Canada, and
2. Members or other individuals are notified through publication of this Policy that the Royal College may share Personal Information with third party organizations outside of Canada.
Assignment of responsibility
The Privacy Officer, Director, eSolutions, is responsible for administering this Policy and identifying and communicating ways that the Royal College can improve compliance with this Policy.
Managers/Directors of each unit/directorate are responsible for implementing recommendations for improving compliance with this Policy.
Privacy Audits will be conducted every two years under responsibility of the Privacy Officer. Areas for improvement in Royal College processes identified as a result of the privacy audits will be communicated to Managers and Directors, who will be responsible for implementing appropriate improved processes.