“To enhance the lives of Ontarians living with the effects of acquired brain injury through education, awareness and support”
The Ontario Brain Injury Association (OBIA) is committed to individual privacy and to protecting the confidentiality of the personal information it holds. In fulfilling its mandate, OBIA is engaged in a number of activities in which personal and/or confidential information is collected, used and disclosed.
OBIA’s privacy statement has been drafted based on the federal Personal Information and Electronic Documents Act (PIPEDA) and Ontario’s Personal Health Information Protection Act, 2004 (PHIPA). It also reflects the Canadian Standards Association Model Code principles for fair information practices, as follows:
OBIA takes very seriously its responsibility to protect the personal information in its custody or control. While all OBIA staff and volunteers share this responsibility, accountability for the organization’s compliance with this privacy statement and related policies rests with OBIA’s Chief Privacy Officer (CPO). In addition, other individuals within the organization may be delegated to act on behalf of the CPO.
2. Identifying Purposes
The purposes for which personal information is collected will be identified at or before the time the information is collected. OBIA’s methods of collection can include:
• case files
• employment application forms
• benefit application forms
• purchase of memberships
• the Ontario Brain Injury Association Research Questionnaire
• resource purchases
• library utilization.
Personal information is collected for the purpose of providing services to members and the public; conducting research (both internal and external to OBIA); to assist in general or specific advocacy; and to support OBIA’s members. Any collection of personal information not set out in this policy will be done with the individual’s consent, and their purposes will be further explained to the individual upon request.
The knowledge and consent of the individual (or legal representative, such as a substitute decision-maker) is required for the collection, use, and/or disclosure of personal information, except in limited circumstances. An example would be where the law permits or requires the disclosure of the information, e.g., a court order. All information collected by OBIA is carefully protected.
4. Limiting Collection
OBIA collects personal information through the ongoing activities of its numerous programs and projects. OBIA will limit its collection to information that is necessary for purposes it identifies or that are obvious in the circumstances (for example, collecting the individual’s contact information in the event that a book order cannot be processed). OBIA will collect the information in a manner that does not coerce or deceive the individual.
5. Limiting Use, Disclosure, and Retention
OBIA will not use or disclose personal information for purposes other than for which it was collected, except with consent or as permitted or required by law. It does not rent, sell or trade its mailing or other member lists. OBIA’s anticipated uses and disclosures of personal information include:
• delivering goods and services
• advocacy on behalf of our members (for which we obtain express written and/or verbal consent)
• keeping members and the public informed about OBIA activities, including programs, services, special events, funding needs, opportunities to volunteer or to give, and open houses
• contacting prize winners in the event of a raffle or other contest
Personal information will be retained only as long as necessary to fulfill these purposes.
OBIA makes every effort to ensure that the personal information in its custody or control is accurate, complete and up-to-date for the purposes for which it will be used or disclosed.
OBIA will take steps to protect the personal information in its custody or control against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. It will protect the information regardless of the format in which it is held, and with security safeguards appropriate to its sensitivity. These include:
(a) physical measures, for example, locked filing cabinets and restricted access to offices;
(b) organizational measures, for example, security clearances and limiting access to a “need-to-know” basis; and
(c) technological measures, for example, the use of passwords and encryption.
To reinforce a culture of privacy protection, OBIA staff and volunteers are required to sign a confidentiality agreement as a requirement of employment or volunteerism. Any material which contains personal or confidential information will be destroyed in accordance with industry standards prior to its disposal.
OBIA is open about its information practices. Its Chief Privacy Officer is available to answer any questions, and its privacy statement is available on its web site as well as through its office.
9. Individual Access
Upon request, an individual will be informed of the existence, use, and disclosure of his or her personal information held by OBIA and may request access to that information. An individual may challenge the accuracy and completeness of the information and request that it be corrected. All requests must be made in writing to the Chief Privacy Officer of OBIA. The CPO will respond to the individual’s request within a reasonable time and at a reasonable or no cost to the individual.
10. Challenging Compliance
OBIA will investigate all complaints or challenges concerning compliance with this privacy statement. If a complaint is found to be justified through either the internal or external complaint review process, OBIA will take appropriate measures, including, if necessary, amending this privacy statement and any related policies and procedures.
Any questions about this privacy statement should be directed to the Chief Privacy Officer by phone at (905) 641-8877 or via e-mail at firstname.lastname@example.org.