The Lighthouse is committed to safeguarding the personal information entrusted to us by our participants, volunteers, donors and staff. Although the Lighthouse is not generally subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) in the course of its activities, we manage this personal information in accordance with PIPEDA and other relevant laws. This policy outlines the principles and practices we follow in protecting this personal information. A copy of this policy is provided to anyone on request and is found on our website.
- Information will be collected by fair and lawful means and will be as accurate, and as current as necessary for the purpose for which it is used.
- Information collected will take into account the interests of the individual and the needs of the organization. It will also be limited to that which is necessary, has a defined reason and can be explained.
- The Executive Director will implement procedures to ensure that information collected is accurate and is updated as necessary. Individuals will not be contacted for information unless such a process is needed to fulfill an ethical, organizational need, or other valid purpose.
Description of Information Collected
- Participant intake interviews
- Volunteer screening and applications
- Contractor and staff screening
- Donor information
- Contact information to receive regular communication from the Lighthouse
- Information collected will not be used or disclosed for purposes other than those for which it has been collected. A Confidentiality Agreement (document attached) will be read and signed by Staff, Volunteers and Board Directors at the time of orientation.
- If the Lighthouse wishes to use or disclose personal information for any new business purpose, consent will be requested. There may be specific circumstances where collection, use or disclosure without consent is authorized or required by law.
- Security safeguards will be in place to protect personal information against loss, theft, or unauthorized access. The nature of the safeguards will vary, depending on the sensitivity of the information.
- Methods of protection will include: Locked filing cabinets and secure storage of files not in use, Password protected sign-in software programs if confidential information is stored electronically or in databases, safeguards will be in place to ensure that only those authorized may have access to information, virus software updated routinely and back up of information routinely, computer firewalls in place and all printed information disposed of securely by shredding and electronic records by permanently deleting.
- When faxing or emailing information, discretion will be used to ensure that the recipient is authorized, and information will be limited to that which is necessary for its purpose.
Retention and Disposal of Information
- Information will be retained as long as necessary to fulfill the intended purpose of the information, generally according to the following guidelines:
- Participant records – 5 years after the participant has finished with the Lighthouse
- Staff files – 7 years after the employee has left the organization
- Volunteer files – 3 years after the person has left the organization
- Donor Financial information – 7 years
- Personal information will be retained in a secure and locked location when not in use. When in use, files or personal information documents will be treated in a confidential manner, not open for viewing by unauthorized personnel. If confidential information is stored electronically or in databases, safeguards will be in place to ensure that only those authorized may have access to information.
- The Lighthouse Complaint Policy should be followed.
- Any individual will be able to address a challenge concerning compliance with any privacy policies, by contacting the Executive Director.
- Procedures will be implemented to receive and respond to complaints or inquiries relating to collecting or handling personal information following our Complaints Policy, including reporting to our Board of Directors
The Lighthouse is responsible for protecting personal information and designates the Executive Director to be accountable for controlling records and compliance with privacy policies and applicable privacy legislation. The Executive Director will ensure that procedures are implemented to protect personal information, and respond to complaints and inquiries. The Executive Director will give her/his name to anyone requesting compliance with privacy policies.
Date of Approval by Board of Directors: 18 January 2016