Privacy Information for Nonprofit Organizations in Alberta
-
Upload
volunteer-alberta -
Category
Education
-
view
301 -
download
1
description
Transcript of Privacy Information for Nonprofit Organizations in Alberta
![Page 1: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/1.jpg)
Privacy for Nonprofit Organizations
www.volunteeralberta.ab.ca
![Page 2: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/2.jpg)
What we will cover today
• What is privacy and why should we care?• What is the Personal Information
Protection Act (PIPA)?– Who and what does PIPA apply to?
• PIPA and privacy principles• How to implement good privacy practices
![Page 3: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/3.jpg)
Part 1 Privacy and PIPA Primer
© Volunteer Alberta
![Page 4: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/4.jpg)
What is Privacy?
![Page 5: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/5.jpg)
Public ExpectationsMarch 2009 survey – EKOS Research• Canadians are becoming more vigilant about guarding
their personal information • 62% agree that protection personal information will be
one of the most important issues in the next 10 years• 60% believe that their information is less protected than
it was 10 years ago• 34% believe companies have adequate mechanisms in
place to safeguard personal information
![Page 6: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/6.jpg)
Privacy in the news
![Page 7: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/7.jpg)
Privacy in the news
![Page 8: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/8.jpg)
Threats to privacy
Impact of technology• Modern threats to privacy chiefly arise in the collection and use of
information about us• Privacy used to be protected by default – the nature of paper
records• Electronic records diminish the barriers of time, distance and cost
that once guarded privacy
![Page 9: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/9.jpg)
![Page 10: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/10.jpg)
![Page 11: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/11.jpg)
Poor privacy practices have consequences
• For example• Financial fraud• Harm to reputation – organizational or personal• Social stigmatization • Loss of clients, customers or donors
![Page 12: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/12.jpg)
The privacy landscape
• Health Information Act (HIA)– E.g., Hospitals, family doctors
• Freedom of Information and Protection of Privacy Act (the FOIP Act)– E.g., Government of Alberta, towns and cities, public schools
• Personal Information Protection Act (PIPA)– E.g., Retailers, non-profit organizations...more in a moment
• PIPEDA (federal)– E.g., Major banks, telecommunications companies
![Page 13: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/13.jpg)
What is PIPA?
• The Personal Information Protection Act balances– the right of an individual to have his or her personal
information protected, and– the need of organizations to collect, use or disclose
personal information for purposes that are reasonable• Provides “common sense” rules for collection, use and
disclosure of personal information by private-sector organizations
• Provides a right of access to own personal information; right to have errors corrected
![Page 14: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/14.jpg)
PIPA applies to “organizations”• Includes:
corporations
partnerships
unincorporated associations
trade unions
some non-profits (s. 56)
individuals acting in commercial capacity (e.g., sole proprietorship)
![Page 15: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/15.jpg)
PIPA does not apply to…
• Does not include:personal or domestic uses
courts
journalistic, artistic, literary uses
public body or information under FOIP Act
information captured by PIPEDA
![Page 16: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/16.jpg)
Non-profit organizations (s.56)
• “Non-profit organizations” are defined as organizations:– incorporated under the Societies Act– incorporated under the Agricultural Societies Act– registered under Part 9 of the Companies Act
• PIPA only applies to “non-profit organizations’” collection, use or disclosure personal information in connection with a commercial activity
• All other not-for-profit organizations must comply with PIPA for all their activities
![Page 17: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/17.jpg)
“Commercial activity”
• Defined in the Act as…“…any transaction, act or conduct, or…any regular
course of conduct that is of a commercial character”
• Commercial activity:– selling, bartering, leasing membership, donor or other
fundraising lists– operating a private school, ECS program, or private
college
![Page 18: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/18.jpg)
“Commercial activity”
• Commercial activity:– sale of merchandise by catalogue or Internet – offering a conference or training session for a fee
• Not likely to be commercial activity:– donations where no product or service is exchanged– offering free newsletter– providing free services– payment of membership fee
![Page 19: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/19.jpg)
It’s all about “personal information”
• Information about an identifiable individual (e.g. members, clients, donors, employees, volunteers)
• Includes:– name– birth date– address– identification numbers (SIN, employee ID) – physical description– education qualifications– financial information
• Applies whether recorded or not (written, oral, video, pictures, biometrics, etc.)
![Page 20: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/20.jpg)
PIPA principles
• Collect personal information only for reasonable purposes• Collect only the information that is needed• Collect directly from the individual (unless consent or Act permits
otherwise)• Inform the individual why information is being collected, and how it
will be used and disclosed• Obtain consent (unless Act permits otherwise) – respect withdrawal
of consent
![Page 21: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/21.jpg)
PIPA principles
• Use and disclose personal information only for purposes for which it was collected (unless consent or Act permits otherwise)
• Ensure personal information is accurate for the purpose – reasonable effort
• Safeguard personal information from unreasonable risks• Keep information only for as long as it is reasonably
needed
![Page 22: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/22.jpg)
PIPA principles
• On request, provide individuals with access to their own personal information, when reasonable; correct errors
• Designate a “privacy contact”• Develop policies and procedures for
compliance
![Page 23: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/23.jpg)
PIPA Amendments
• In force May 1, 2010• No changes to the special rules for non-
profits• New security breach notification rules
![Page 24: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/24.jpg)
Role of the Office of the Information and Privacy Commissioner
The OIPC is the independent oversight body for:
• The FOIP Act• HIA• PIPA
![Page 25: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/25.jpg)
Part 2 Implementing
Privacy Practices to Protect Personal Information
![Page 26: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/26.jpg)
Know your status• Is your
organization required to comply with PIPA?
![Page 27: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/27.jpg)
Know what you have• What types of
personal information does your organization collect about its members, clients, donors, employees and volunteers?
![Page 28: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/28.jpg)
Know why you have it• Organizations may
collect, use and disclose personal information only for reasonable purposes
![Page 29: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/29.jpg)
Choose a privacy contact person• Choose someone in
the organization to be responsible for ensuring questions about collection of personal information and general privacy practices are answered
![Page 30: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/30.jpg)
Get consent – give notice• Organizations subject
to PIPA need consent to collect, use or disclose personal information, unless the Act permits otherwise
• Tell (notify) individuals what information is being collected and how it will be used
![Page 31: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/31.jpg)
Employees and volunteers• Organizations subject to
PIPA do not have to obtain consent from employees or volunteers to collect, use or disclose their personal information– when the information is
reasonably required for establishing, managing or terminating the employment or volunteer relationship, and
– notice has been given about the collection, use or disclosure
![Page 32: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/32.jpg)
Safeguard personal information• An organization must
protect personal information in its custody or under its control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification or disposal or similar risks.
![Page 33: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/33.jpg)
Access• An individual can ask an
organization– what personal information the
organization has about him or her
– how that information was used– to whom the information was
disclosed
• The individual can also request to see his or her own personal information
• Organizations must not give out information about other individuals
![Page 34: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/34.jpg)
Privacy policy/statement• Privacy policy for
organizations subject to PIPA
• Privacy statement as best practice for organizations not subject to PIPA
![Page 35: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/35.jpg)
Resources• PIPA website:
http://pipa.alberta.ca/• PIPA Information Line, Service Alberta
– email: [email protected]– phone: 780-644-7422 (Toll free dial 310-0000 first)
• Office of the Information and Privacy Commissioner– website: www.oipc.ab.ca
![Page 36: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/36.jpg)
• creating possibilities in Alberta’s voluntary
sector by strategically connecting leaders, members, organizations and networks.
![Page 37: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/37.jpg)
Where are Alberta’s Volunteer Centres?
• Airdrie • Banff• Brooks• Calgary• Camrose• Canmore• Cochrane• Edmonton• Fort
Saskatchewan• Grande Prairie• Hanna • High River• Hinton• Leduc
• Lethbridge• Medicine Hat• Okotoks• Oyen• Red Deer• Rimbey• Rocky
Mountain• St. Albert• Stettler• Stony Plain• Strathcona
County• Sylvan Lake• Vegreville• Wood Buffalo
![Page 38: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/38.jpg)
Online Resources – Bookmark Five for Free
Projects funded by Alberta Law Foundation, The Muttart Foundation, The Co-operators, Alberta Voluntary Sector Insurance Council, Insurance Bureau of Canada, and Government of Alberta
![Page 39: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/39.jpg)
Support the sector by purchasing a Volunteer Alberta Membership
Online!
![Page 40: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/40.jpg)
Visit our website!
Check out information on:
• Volunteer Alberta• Sector News• Resources• Volunteer Centres• Read VA’s Blog• And more!
www.volunteeralberta.ab.ca
![Page 41: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/41.jpg)
Volunteer Alberta can provide access to resources &
experienceToll Free (877) 915-6336Phone (780) 482-3300 [email protected]
www.volunteeralberta.ab.ca
![Page 42: Privacy Information for Nonprofit Organizations in Alberta](https://reader035.fdocuments.us/reader035/viewer/2022070303/54909530b479599e758b4621/html5/thumbnails/42.jpg)