Privacy
Safety In Schools Privacy Guidelines incorporate the provisions of Part 1 of the Personal Information and Electronic Documents Act (PIPEDA – Government of Canada), the principals of the Personal Information Protection Act (PIPA Government of Alberta) and the ten principles of the Canadian Standards Association (CSA) Model Code for the Protection of Personal Information.
Application of Privacy Principles:
1. RESPONSIBILITY:
Safety In Schools has appointed a Privacy Officer who is responsible for ensuring compliance with Safety In Schools Privacy Policy and Guidelines. Responsibility rests with the Privacy Officer even though other individuals within Safety In Schools may be responsible for the day-to-day collection and processing of personal information. The privacy officer for Safety In Schools is the manager of customer service.
Safety In Schools is responsible for all personal information in its possession or control, including information that has been transferred to a third party for processing.
- Procedures to protect personal information.
- Procedures to receive and respond to complaints and inquiries.
- Communications and training programs to provide information to Safety In Schools staff about privacy policies and practices.
Safety In Schools will use contracts or other means to provide an appropriate level of protection when a third party processes information on behalf of the company. Safety In Schools will, from time to time, establish procedures to implement its commitment to privacy, including:
2. IDENTIFYING PURPOSES:
Collection of students’ personal information will be done by the school only. Personal student information – specifically first and last names – will only be used for inclusion on the certificates of completion for each course.
Users’ e-mail addresses will be used as identification for personal login to the Safety in Schools system. Otherwise, personal user information will only be used for communications directly related to the Safety in Schools program.
Teachers who have been authorized and set up with a Safety in Schools login and password have access to their students’ personal information in order to make updates as necessary.
3. CONSENT:
Safety In Schools uses reasonable efforts to ensure that individuals understand how their personal information will be used. Safety In Schools obtains consent as required for the collection, use and disclosure of personal information, except where inappropriate.
When determining the form of consent, Safety In Schools considers the sensitivity of the information and the reasonable expectations of the individual. Express consent will be obtained when the information is likely to be considered sensitive; implied consent may be appropriate when information is less sensitive. Consent may also be given through an individual’s authorized representative (such as a legal guardian or a person having power of attorney).
Safety In Schools obtains consent for the collection, use or disclosure of information through various means, including verbal, written (e.g. signed forms) or electronic processes.
Safety In Schools generally seeks to obtain consent at the same time personal information is collected. Safety In Schools may, however, seek consent to use and disclose personal information after it has been collected, but before it is used or disclosed for a new purpose (e.g. before disclosing board member information to a funding organization if this purpose was not previously contemplated).
Consent may be withdrawn at any time, subject to legal or contractual restrictions and reasonable notice. Safety In Schools and/or the Privacy Officer informs individuals of the implications for withdrawing consent.
- personal student information – specifically first and last names.
- personal contact information – specifically, email address.
- to a lawyer representing Safety In Schools.
- to a company or individual employed by Safety In Schools to perform functions on its behalf (e.g. outsourced information processing function, administration of health services plan).
- to comply with a subpoena, warrant, or court order, as required or authorized by law (e.g. Employment Standards
4. LIMITING COLLECTION:
Safety In Schools limits the amount and type of personal information collected to that which is necessary for the identified purpose.
Safety In Schools collects information by fair and lawful means.
Safety In Schools may collect the following information from users:
5. LIMITING USE, DISCLOSURE AND RETENTION
Safety In Schools does not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law.
Notwithstanding the above, Safety In Schools may disclose personal information without consent:
- to a lawyer representing Safety In Schools.
- to a company or individual employed by Safety In Schools to perform functions on its behalf (e.g. outsourced information processing function, administration of health services plan).
- to comply with a subpoena, warrant, or court order, as required or authorized by law (e.g. Employment Standards Legislation).
- when the information is publicly available (e.g. telephone directory information), to a public authority in the event of imminent danger to any individual.
Safety In Schools obtains consent for all other disclosures of personal information for purposes other than those for which the information was initially collected (e.g. to provide references regarding current or former employees.
Only Safety In Schools employees, contractors or volunteers with a business need-to-know, or whose duties so require, are granted access to personal information.
Safety In Schools has developed guidelines and implemented procedures with respect to the retention of personal information. Safety In Schools retains personal information only as long as it is necessary for the identified purpose, or as required by law. Where personal information is used to make a decision about an individual, Safety In Schools retains the information, or the rationale for making the decision, long enough to allow the individual access to the information after the decision has been made.
Personal information that is no longer required to fulfill the identified purposes or required by law to be retained is destroyed, erased or made anonymous.
- identifying the types of records provided, collected, created, or maintained in order to deliver the service, and specifying any applicable privacy legislation;
- stipulating the confidentiality of the information and the purposes for which it is to be used;
- identifying the organization(s) having custody and control of the records, including the responsibility and process for handling requests for access to information;
- ensuring that third parties and their employees having access to Safety In Schools and information assets are aware of, and understand their responsibility to adhere to Safety In Schools information handling and security policies, including maintaining the confidentiality of personal information;
- ensuring that Safety In Schools has access to information produced, developed, recorded or acquired by third parties as a result of the contract, including timely access in response to requests for information, and specifying that third parties shall not deny access to, or retain custody of, personal information because of late or disputed payment for services;
- requiring third parties to report breaches of confidentiality and privacy to Safety In Schools Privacy Officer within 48 hours of knowing that the breach occurred;
- • addressing disaster recovery and backup of any information assets and systems in the custody of the third party;
- addressing the disposition (e.g. destruction or return) of all of Safety In Schools information assets (e.g. records, hardware, system documentation) upon termination of the contract;
- specifying any audit or enforcement measures that Safety In Schools will undertake to ensure that third parties comply with information handling and security provisions outlined in contractual agreements (for example, non-disclosure agreements, audit trails, regular review of third party access requirements, inspection of third party premises).
6. ACCURACY
Safety In Schools provides our best efforts to ensure that personal information collected, used and disclosed is as accurate, complete and up-to-date as necessary for the intended purpose.
Personal information is kept sufficiently accurate, complete and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about the subject individual.
Safety In Schools updates personal information as and when necessary to fulfill the identified purpose or upon notification by the individual who is the subject of the information.
- identifying the types of records provided, collected, created, or maintained in order to deliver the service, and specifying any applicable privacy legislation;
- stipulating the confidentiality of the information and the purposes for which it is to be used;
- identifying the organization(s) having custody and control of the records, including the responsibility and process for handling requests for access to information;
- ensuring that third parties and their employees having access to Safety In Schools and information assets are aware of, and understand their responsibility to adhere to Safety In Schools information handling and security policies, including maintaining the confidentiality of personal information;
- ensuring that Safety In Schools has access to information produced, developed, recorded or acquired by third parties as a result of the contract, including timely access in response to requests for information, and specifying that third parties shall not deny access to, or retain custody of, personal information because of late or disputed payment for services;
- requiring third parties to report breaches of confidentiality and privacy to Safety In Schools Privacy Officer within 48 hours of knowing that the breach occurred;
- addressing disaster recovery and backup of any information assets and systems in the custody of the third party;
- addressing the disposition (e.g. destruction or return) of all of Safety In Schools information assets (e.g. records, hardware, system documentation) upon termination of the contract;
- specifying any audit or enforcement measures that Safety In Schools will undertake to ensure that third parties comply with information handling and security provisions outlined in contractual agreements (for example, non-disclosure agreements, audit trails, regular review of third party access requirements, inspection of third party premises).
7. SAFEGUARDS
Safety In Schools protects personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction, regardless of the format in which it is held.
Safety In Schools has developed and implemented information security policies and procedures that outline physical, organizational, and technological measures in place to protect personal information as appropriate to the sensitivity of the information. These same measures are employed in the safeguarding and protection of information resources of Safety In Schools users.
Safety In Schools protects personal information disclosed to, or processed by third parties by contractual agreements which address the following as necessary:
- identifying the types of records provided, collected, created, or maintained in order to deliver the service, and specifying any applicable privacy legislation;
- stipulating the confidentiality of the information and the purposes for which it is to be used;
- identifying the organization(s) having custody and control of the records, including the responsibility and process for handling requests for access to information;
- ensuring that third parties and their employees having access to Safety In Schools and information assets are aware of, and understand their responsibility to adhere to Safety In Schools information handling and security policies, including maintaining the confidentiality of personal information;
- ensuring that Safety In Schools has access to information produced, developed, recorded or acquired by third parties as a result of the contract, including timely access in response to requests for information, and specifying that third parties shall not deny access to, or retain custody of, personal information because of late or disputed payment for services;
- requiring third parties to report breaches of confidentiality and privacy to Safety In Schools Privacy Officer within 48 hours of knowing that the breach occurred;
- addressing disaster recovery and backup of any information assets and systems in the custody of the third party; addressing the disposition (e.g. destruction or return) of all of Safety In Schools information assets (e.g. records, hardware, system documentation) upon termination of the contract;
- specifying any audit or enforcement measures that Safety In Schools will undertake to ensure that third parties comply with information handling and security provisions outlined in contractual agreements (for example, non- disclosure agreements, audit trails, regular review of third party access requirements, inspection of third party premises).
Safety In Schools ensures that all employees and volunteers are aware of its privacy policies and procedures, and understand the importance of maintaining the confidentiality of personal information.
Care shall be taken in the disposal or destruction of personal information to prevent unauthorized parties from obtaining access to the information.
8. OPENNESS
Upon request, Safety In Schools makes available specific information about its policies and practices relating to the management of personal information, including:
- the means of gaining access to personal information held by Safety In Schools; identification of personal information held by Safety In Schools, and a general account of its use;
- Safety In Schools Privacy Policy, Guidelines and related procedures are posted and available on our website; reference to the statement of Safety In Schools Privacy Policy on Safety In Schools website, if applicable.
To make an inquiry or lodge a complaint about Safety In Schools personal information handling policies and procedures, contact:
Safety In Schools Privacy Officer
Suite 200,10th Street SW Calgary, Alberta
Canada T2P 5G3
[email protected]
9. INDIVIDUAL ACCESS
Upon request, Safety In Schools provide individuals with access to their personal information held by the foundation. Individuals have the right to challenge the accuracy and completeness of their personal information held by Safety In Schools, and to have it amended as appropriate.
All requests by individuals (e.g. customers, employees, volunteers, contractors) to access their personal information held by Safety In Schools, or to correct or amend their personal information, should be directed to the designated Privacy Officer. Such requests should be in writing.
Safety In Schools responds to requests for access to personal information within 30 business days.
Responding to an individual’s request for information is usually done at no or minimal cost to the individual. However, a fee for reasonable costs incurred may be charged when responding to more complex requests, provided the individual is informed in advance.
In order to safeguard personal information, Safety In Schools may request sufficient information from the individual to verify that person’s identity.
Limitations to Individual Access
Safety In Schools provides individuals access to their personal information subject to limited and specific exceptions. Safety In Schools will refuse access to personal information if:
- Safety In Schools has disclosed information to a government institution for law enforcement or national security reasons;
- it would reveal personal information about a third party unless there is consent or a life-threatening situation;
- doing so could reasonably be expected to threaten the life or security of another individual;
- the disclosure would reveal confidential commercial information;
- or the information is protected by solicitor-client privilege.
If access to information is refused, Safety In Schools shall, in writing, inform the individual of the refusal, the reason(s) for the refusal, and any recourse the individual may have to challenge Safety In Schools decision.
Correction/Amendment of Personal Information
Safety In Schools corrects or amends personal information as required when an individual successfully demonstrates the inaccuracy or incompleteness of the information. Amendment may involve the correction, deletion, erasure, or addition to any personal information found to be inaccurate or incomplete.
Any unresolved differences as to accuracy or completeness shall be noted in the individual’s file. Where appropriate, Safety In Schools shall inform any third parties having access to the personal information in question as to any amendments, or the existence of any unresolved differences between the individual and Safety In Schools.
10. CHALLENGING COMPLIANCE
Safety In Schools investigate all complaints concerning compliance with its Privacy Policy, guidelines and practices, and responds within 30 days of receipt of a complaint. If a complaint is found to be justified, Safety In Schools takes appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures. Individuals shall be informed of the outcome of the investigation regarding their complaint.
Complainants may address inquiries or complaints concerning compliance with these policies or guidelines by contacting Safety In Schools Privacy Officer as set out in these Guidelines under Principle 8 (Openness). A complaint may also be addressed in writing to the Privacy Commissioner of Canada at 112 Kent Street, Ottawa, Ontario, K1A 1H3 -or- to the Office of the Information and Privacy Commissioner of Alberta, #410 – 9925 – 109th Street, Edmonton, AB, T5K 2J8, 780-422-6860, www.oipc.ab.ca.
Last updated February 14, 2022.