PRIVACY AND SECURITY POLICY
Cultural Interpretation Services for our Communities (CISOC) is committed to ensuring our client’s information is protected. CISOC respects and values its clients and operates with integrity regarding the protection and security of personal information collected. This policy has been developed in compliance with applicable legislated requirements including Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) which sets out rules for the collection, use and disclosure of personal information in the course of commercial activity as defined in the Act.
“Personal information” means information that reveals a distinctive trait about an individual that could help others identify an individual. Some personal information such as business address may be found in the public domain by accessing publications like professional directors. The focus of this policy is personal information collected, used and disclosed by CISOC that is not in the public domain.
"Business information" means business name, business address, business telephone number, name(s) of owner(s), officer(s) and director(s), job titles, business registration numbers (HST, RST, source deductions), financial status. Although business information is not subject to PIPEDA, confidentiality of business information will be treated with the same security measures.
"Client" means any stakeholder group that uses the services or information of CISOC including governmental bodies, member associations, institutions, political bodies, businesses, or any other group.
"Service Recipient" means any individual who receives services from CISOC.
"Data base" means the list of names, addresses and telephone numbers of clients and service recipients/individuals held by CISOC in the forms of, but not limited to, computer files, paper files, and files on computer hard-drives.
"Express consent" means the individual signs an application, or other forms containing personal information, authorizing CISOC to collect, use, and disclose the individual's personal information for the purposes set out in the application and/or forms.
"Implied consent" means CISOC may assume that the individual consents to the information being used, retained and disclosed for the original purposes, unless notified by the individual.
"Third party" means a person or company that provides services to CISOC in support of the programs, benefits, and other services offered by CISOC but does not include any government office or department to whom CISOC reports in the delivery of programs, benefits or services.
PURPOSES OF COLLECTING PERSONAL INFORMATION:
CISOC endeavours to collect, use, and retain client information only for appropriate purposes such as what is necessary for the superior delivery and administration of services, to continue to improve and enhance programs as well as to meet applicable laws and regulations. Some of the information CISOC collects includes the following:
- Client and individual names
- Contact information including phone numbers, address of service requestor, email address
- Language of service recipient
- Date, time, address of appointment
- Type of appointment
DISCLOSURE OF PERSONAL INFORMATION
CISOC does not rent or sell personal information collected. CISOC will only disclose personal information to an organization with the client’s consent or for a purpose outlined in this policy.
As well, CISOC does not disclose personal information about clients to other clients except where the disclosure is required by one of the purposes outlined in this policy. CISOC may disclose personal information about clients to appropriate third parties only if these organizations have contracted with CISOC to help fulfill one of the purposes outlined in this policy.
SECURITY OF INFORMATION
CISOC uses physical, organizational and technological measures as methods of protection. CISOC makes every reasonable effort to protect personal information by implementing security safeguards such as internet security software, locked filing cabinets, password protected files, etc., to ensure against loss or theft, unauthorized access, disclosure, copying, use or modification.
One such technological measure used is “Secure Sockets Layer” (SSL), an industry standard protocol. CISOC’s website, logins and request forms all utilize SSL where personal information is collected and transmitted. All transactions processed through SSL ensures the confidential information is automatically encrypted before it is sent over the Internet.
CISOC networks are protected by multiple firewalls and all data is scanned for viruses. Data is backed up onto tapes on a regular rotation and stored in a fire safe storage. Documents in paper form are stored in locked filing cabinets and removed after three months to a secure storage facility.
CISOC takes the responsibility to protect the privacy and confidentiality of client information very seriously. CISOC policies and procedures protect the confidentiality of client information and help achieve compliance with relevant rules and regulations. CISOC holds its employees accountable for complying with these policies and procedures. That commitment is fundamental to the way CISOC does business. Questions or concerns can be addressed with CISOC’s Executive Director or the Board of Directors.
Links to Third-Party Sites
We may provide links to other websites or resources. We do not control these sites and resources, do not endorse them, and are not responsible for any aspects of those sites, including their availability, content, accuracy, legality or delivery of services.