C.C.C.S. respects the privacy rights of individuals and is committed to
protect the personal information of C.C.C.S. members, clients, donors,
volunteers, board of directors and employees.
In the course of providing service, organizing activities, and managing the Society, C.C.C.S. needs to collect, use and disclose personal information. C.C.C.S. will only do so in strict compliance with the prevailing legislation1 in order to protect the privacy of personal information.
C.C.C.S. will obtain consent from individuals when it collects, uses or discloses their personal information. Individuals may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Any individual who provides C.C.C.S. with personal information should expect that it will be carefully protected and that its use and disclosure is subject to the individual’s consent.
Definition of Personal Information
Personal information means information about an identifiable individual. This includes, but is not limited to,
name, age, race, gender, ethnic origin, country of origin, immigrant status, length of residence, language, education home address, email address, telephone number, fax number Social Insurance Number (SIN), Record of Landing (IMM1000), Permanent Resident Card (PR Card)
emergency contact person, telephone number and address
employment information, financial information
service interventions (in the case of clients)
Personal information does not cover business contact information which includes name, position name or title, business telephone number, business address, business email or business fax number of the individual.
The Personal Information Protection Act (PIPA) of British Columbia and the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada.
Scope of C.C.C.S. Responsibility C.C.C.S. is responsible for an individual’s personal information in its custody or under its control. This includes,
personal information of C.C.C.S. members, clients, donors, volunteers, board of directors and employees,
personal information that the Third Parties collect, use and disclose from clients on behalf of C.C.C.S. and
personal information that C.C.C.S.’ affiliated volunteer groups collect, use and disclose.
The CEO is ultimately accountable for the protection of personal information. The Privacy Officer is responsible for the day-to-day monitoring of organizational compliance with agency policies and procedures on privacy rights.
The Privacy Officer is responsible for developing and updating organizational policies and procedures in managing personal information, responding to complaints and inquiries; training staff regarding the handling of personal information, and communicating the policies and procedures to the public.
Purpose of Collecting Personal Information
In order to conduct its business, C.C.C.S. needs to collect personal information from its members, clients, donors, volunteers and employees for one or more of the following purposes:
to provide and manage services
to determine the eligibility of individuals for different programs and services
to meet funding, regulatory or accreditation requirements
to manage and develop resources to meet service needs
to keep individuals informed of the activities of the Society
to develop services to meet the needs of clients
to establish, manage or terminate an employment relationship
Before or at the time of collection C.C.C.S. personnel will explain clearly to individuals the purpose(s) of collecting their personal information either orally or in writing.
C.C.C.S. personnel shall obtain informed consent from clients before or at the time of collecting personal information. To do so, C.C.C.S. personnel will make reasonable efforts to explain to individuals the purposes for collecting the personal information, what the information will be used for and to whom the information will be disclosed in order to obtain informed consent. In the case of a minor, informed consent will be obtained from the minor’s parent or legal guardian.
C.C.C.S. shall obtain written consent from individuals whenever possible and must obtain written consent when proof of consent is needed later or when the information collected is sensitive (e.g. medical, financial). Where written consent is not possible, C.C.C.S. shall obtain oral consent.
In some circumstances where express consent cannot or need not be obtained C.C.C.S. will take consent as implied. An individual is deemed to consent to the collection, use or disclosure of personal information if:
The individual has an ongoing relationship with C.C.C.S. For
consent could be taken as implied for using the address on a cheque to pay for course registration to send the student a receipt, unless the student expresses otherwise.
At the time the consent is deemed to be given, the purpose would be considered to be obvious to a reasonable person. For example: the information collected is being used for the purpose of enrolling the individual into a program or activity.
Collection without consent
C.C.C.S. may collect personal information about a client without consent if it is, among other things:
Reasonably clear in the interest of the client and consent cannot be obtained in a timely way.
In an emergency where the client is unable to give consent.
Required or authorized by law.
For an investigation or proceeding but only if consent would compromise the availability or accuracy of the information collected for the investigation or proceeding.
C.C.C.S. may collect without consent an individual’s personal information that is reasonably needed for establishing, managing or terminating an employment relationship between C.C.C.S. and the individual. Before collecting the personal information, C.C.C.S. will notify the individual that it will be collecting the information and explain the purposes for which it will be used.
Withdrawal of consent
C.C.C.S. respects the right of an individual to withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice.
Should an individual wish to withdraw consent, C.C.C.S. will explain to the individual the likely consequences of withdrawing consent, if any.
C.C.C.S. will never prohibit an individual from withdrawing consent to the collection, use or disclosure of personal information unless it would contravene the performance of a legal obligation.
An individual may at any time contact the Privacy Officer to withdraw
The record will be updated accordingly within 10 working days.
New consent for new purpose
C.C.C.S. will obtain consent from the individual if the personal information that has already been collected by C.C.C.S. is to be used for a purpose not previously identified.
C.C.C.S. will collect personal information that is considered reasonably appropriate for the identified purpose(s), and will limit the amount and type of information to fulfill that purpose.
C.C.C.S. will collect personal information directly from the individual unless the law, court or the individual authorizes the collection of personal information from another source.
In the case of a minor, the personal information will be collected from the parent or legal guardian.
Limit Use and Disclosure
C.C.C.S. will use or disclose personal information only for the
which it was collected, unless authorized by law or the court.
If the personal information already collected will be used for a new purpose or disclosed to Third Parties not previously stated, C.C.C.S. will only do so with new consent from the individual concerned.
C.C.C.S. will keep personal information only as long as necessary to fulfill the purpose(s) for which it was collected, or as required by legislation, funding, regulatory or accreditation bodies. Unless otherwise stated, all closed records will be kept for seven years.
If a client’s file closed in one program and the client is subsequently served in another program, the retention period of the client’s file is determined by the latest case closing date. In addition, closed files of children are kept at least until they reach the age of nineteen (19). In such cases, the seven-year retention period still applies as from the case closing date. Closed client records will remain at the originating service location.
Records of clients with a child protection element or ministry-mandated cases shall be retained permanently.
All personnel files shall be retained by Administration for seven (7) years after the termination of employment.
All recruitment records shall be retained by Administration for at least six (6) months after recruitment.
C.C.C.S. will make reasonable efforts to ensure that the personal information is as accurate, complete and up-to-date as is necessary for its intended purposes. C.C.C.S. also relies on clients to ensure that certain information, such as address or telephone number, is current, complete and accurate.
C.C.C.S. will not routinely update personal information unless such a process is necessary to fulfill the purposes for which the information was collected.
C.C.C.S. takes necessary measures to protect personal information from theft, modification and loss, as well as unauthorized access, use, disclosure, or copying.
Access to personal information is restricted to the following categories of personnel who are authorized by CEO or designate to process or receive such information in the course of their duties:
C.C.C.S. employees and consultants who need access to the information in order to carry out their duties of providing service to the client, or supervising/evaluating the service provided to the client.
C.C.C.S. administrative/support staff whose duties include preparing, storing and ensuring the security of the records.
Personnel of funding, regulatory and accreditation bodies whose duties it is to review client records.
C.C.C.S. personnel shall ensure that records of personal information must not be left unattended in areas accessible by people who are not authorized to have access to the information.
C.C.C.S. personnel shall take extra precaution when processing confidential information at the photocopier or fax machine to prevent unauthorized access.
Program directors shall ensure that client records are stored in locked cabinets in secure areas at C.C.C.S. service locations and that each service location has appropriate security measures to protect client files.
Access to client records stored in computer or intranet is restricted to authorized C.C.C.S. personnel with legitimate passwords; Internet security measures are installed and monitored by the Information Technology Unit to protect the integrity of client records stored electronically.
C.C.C.S. will destroy, erase or render anonymous personal information when the designated record retention period expires, or is no longer necessary for a legal or business purpose. If C.C.C.S. chooses to destroy those expired records, it shall do so by shredding.
Draft copies of client case notes shall be destroyed by shredding once they have been recorded in the case files.
Access to closed files is restricted to the same categories of C.C.C.S. personnel as active records. A log of the name, date and purpose of accessing the closed records shall be kept by each service.
All persons who are given access to personal information are required to sign a confidentiality agreement (HR Form-12 Confidentiality Agreement) to show their understanding of and agreement to comply with the C.C.C.S. policies and procedures to protect personal information.
All C.C.C.S. personnel are given training on protecting privacy rights.
Availability of Policies and Procedures
Access to and Correction of Personal Information
Members, clients, donors, volunteers and employees have the right to access their personal information held by C.C.C.S. Exceptions are information that contains references to other individuals, or information that cannot be disclosed for legal, security or other reasons.
Individuals may request access to their personal information by
writing to the
C.C.C.S. Privacy Officer. Upon receiving the request, C.C.C.S. will,
30 days, inform the individual what personal information the agency has, its use, and to whom it has been disclosed. If a copy of the information is requested, C.C.C.S. will provide a copy of the information requested at minimal or no cost to the individual within 30 days. If the information cannot be made available within 30 days, C.C.C.S. will notify the individual of the need to extend the time limit and the reasons for doing so.
If a request for access to personal information is refused, C.C.C.S. will notify the individual in writing, explaining the reasons for refusal and describing the resources for redress available to the individual.
If the personal information is shown to be inaccurate or incomplete, the individual may request correction of the information and C.C.C.S. will amend the information as required.
If a correction is made, C.C.C.S. will send the amended information to each organization to which the incorrect or incomplete information was disclosed in the past year.
If no correction is made in response to an individual’s request, C.C.C.S. will make a note on the record to indicate that a correction was requested but not made, and the reason for not making a correction.
Individuals may insert statements into their files if they so request. Inserted materials may include, but are not limited to:
amendment or update of personal data in the record
clarification or elaboration of statements in the record
statement of individual’s views
Individuals who have any questions, concerns or complaints regarding C.C.C.S.
privacy policies and procedures may contact the Privacy Officer. The
will provide a written response to the individual within 10 working
Vancouver, B.C. V6B 1R6
If the individual is not satisfied with the response, he/she may refer the issue to the CEO. The CEO will provide a written answer to the individual within 10 working days.
If the issue is not satisfactorily settled, the individual may present the issue to the Chair of the Board of Directors. The Chair will provide a written decision to the individual within 10 working days.
At any point in this process, the individual may also contact the Privacy Commissioner for British Columbia and/or the Privacy Commissioner of Canada:
The charity has assisted in partial financing of an addition to a seminary in Mysore, India for the training of young men to the priesthood.
The charity has supported a village in Nigeria called Oforola, of a Catholic priest who is the pastor of St. Matthew’s Catholic Church in Surrey