The Presbyterian Church in Canada (PCC) national office has a Privacy Standards Policy applicable to all individuals, lay and ordained, paid and unpaid, who serve the national office of the PCC. This Policy will delineate the procedures regarding the proper collection, retention, and distribution of personal information.
2. Privacy Officer
2.1 The Management Team has been designated as the Privacy Officer of The Presbyterian Church in Canada with responsibility to ensure compliance with the PCC Privacy Standards Policy.
2.2 The Privacy Officer will establish a PCC Privacy Committee with representation from the agencies and boards within the national office.
2.4 This Policy will be part of the Personnel Policy Handbook. Staff will be informed of the proper care of personal information in order to keep it confidential and secure. The misuse and improper handling of personal information may result in disciplinary action up to and including dismissal.
3.1 Records containing personal information are decentralized throughout the building. Personal information related to all employees (full time, part-time, contract, volunteer) may be located in files in various departments of the PCC. These files will be identified and managed securely.
3.2 Our personal data bank, Gift Traq, has accepted and identified uses and remains internal to the national office.
3.3 All individuals have access to their own personal information owned by the PCC (see also The PCC Personnel Policy Handbook, section 16). Any personal information obtained by other organizations and agencies of the PCC must comply with the standards comparable to the PCC Privacy Standards Policy.
4.1 Personal Information: Any factual or subjective information, recorded (or not) in any format, about an identifiable individual. Personal information does not include the name, job title or business contact information of an employee of an organization.
4.2 The legislation considers personal information located in any format which would include any of the following: home address and phone number, age, marital status, family members’ names, employee files including photographic images, identification numbers, ethnic origin, evaluations, disciplinary actions, the existence of a dispute, opinions, comments, social status, income, credit records, donation information, loan records, and medical records.
4.3 Commercial Activity: Any particular transaction, act or conduct, or any regular course of conduct that is of a commercial (or fund-raising) character, including the selling, bartering for or leasing of donor, membership, or other personal lists.
4.4 Consent: Voluntary agreement with what is being done or proposed. Consent can either be expressed or implied. Express consent is given explicitly, either in writing or orally. Express consent is unequivocal and does not require any inference on the part of the organization seeking consent. Implied consent arises where consent may reasonably be inferred from the action or inaction of the individual, for example, how registration forms are used for General Assembly.
4.5 Disclosure: Making personal information available to others outside the organization.
4.6 Use: Refers to the treatment and handling of personal information within an organization.
There are 10 principles established by Schedule 1of the Personal Information Protection and Electronic Documents Act of Canada that describe the handling of personal information. These principles include: accountability, identifying purposes, consent, limiting collection, limiting use, disclosure and retention, accuracy, safeguards, openness, individual access, and provision of recourse.
It is our intent to comply with all of the principles listed above.
- establish a Privacy Officer to ensure compliance
- establish Privacy Contacts to work with the Privacy Officer
- protect all personal information held by the PCC or transferred to a third party for processing
- instruct that each department follow the established procedures for the collection, retention, and distribution of information in their care and assign personal information to one of the following categories:
Level 1 – Highly Confidential or Highly Restricted (medical, financial, legal, disciplinary)
Level 2 – Confidential (performance reviews, salary, disability leaves, home contact info)
Level 3 – General Information
5.2 Identify the Purpose:
We will identify the reasons (especially with respect to matters of commercial activity) for collecting personal information before or at the time of collection. Each department will review all personal information holdings to ensure they are all required for a specific purpose.
- we will ensure that the purposes for which personal information is used are limited to what a reasonable person would expect under the circumstances.
5.3 Obtain Consent:
- For information collected by the PCC, implied consent will be the norm, subject to ongoing review by the Privacy Committee.
5.4 Limit Collection of Personal Information:
- the PCC will limit the amount and type of personal information collected based on what is necessary for the identified purposes.
- identify the type of personal information needed and the handling policies for same.
- ensure that the staff can explain why the information is needed.
5.5 Limit the Use, Disclosure and Retention:
- establish the best practices/legal requirements which will be used for overall records management in the office. This will involve maintaining appropriate records disposition, when timely, for the records that contain personal information.
- dispose of personal information that is no longer needed – document any new purpose for the use of personal information.
- dispose of any information that does not have a specific purpose or that no longer fulfils its intended purpose (Note also: The Presbyterian Church in Canada’s Personnel Policy Handbook, section 16: Personnel Files).
- ensure appropriate means of disposal for personal information such as shredding or deleting electronic records.
- Information on an individual collected by The Presbyterian Church in Canada is to be as complete and up-to-date as possible — taking into account its use and the interests of the individual.
- We take seriously our responsibility to protect personal information against loss or theft, to safeguard the information from unauthorized access, disclosure, copying, use or modification, and to protect personal information regardless of what format it is stored on.
- We will review and update security measures regularly taking the following factors into consideration in selecting appropriate safeguards:
- sensitivity of the information
- amount of information
- extent of distribution
- format of the information
- type of record
- We will inform donors, volunteers, and employees of our policies for the management of personal information.
- When requested, we will inform individuals of any personal information that is held on them including: how the information is or has been used, and we will provide a list of any organizations to which it has been disclosed. Individuals will have access to their personal information. We will correct or amend any personal information if its accuracy and completeness is challenged or found to be deficient.
6. Exceptions to the Consent Principles re. Collection, Use and Disclosure
- If it is clearly in the individual’s best interests and consent is not available in a timely way.
- If personal information is required to investigate a breach of an agreement or contravention of a federal or provincial law.
- Information used solely for journalistic, artistic, literary purposes or for statistical or scholarly study or research is exempted from the Act.
- If it is publicly available.
- For an emergency that threatens an individual’s life, health, or security.
The Presbyterian Church in Canada may disclose and use personal information without consent:
- To a lawyer representing The Presbyterian Church in Canada.
- To collect a debt an individual owes The Presbyterian Church in Canada.
- To comply with a subpoena, warrant, or order made by a court or other judicial body.
- To a lawfully authorized government authority.
7.0 Online Donations Policy
The Presbyterian Church in Canada has policies and procedures designed to protect the privacy of our people who donate on-line. We will never share or sell your personal information with any external organization. Any personal information (including name, address, credit card number, phone number etc.) are protected internally. All personnel with access to personal information are aware of our policies.
All donation transactions use the highest standard of security. Transactions take place on redundant Servers using SSL (Secure Socket Layer) encryption for the secure exchange of data between you and the payment engine. The system supports 128bit SSL encryption on virtually all browsers.