Appendix I: TEN PRINCIPLES OF PRIVACY PROTECTION
Appendix II: BC ATHLETICS PRIVACY POLICY – MEMBERSHIP
Appendix III: BC ATHLETICS PRIVACY POLICY – EMPLOYEES
Appendix IV: BC Athletics Privacy Policy Confidentiality Agreement
Appendix V: BC Athletics Privacy Policy – COMPLAINT PROCESS CHECKLIST
Appendix VI: COMPLAINT PROCESS CHECKLIST – BC Athletics Club Template
Appendix VII: Conducting a Privacy Audit of Your Personal Information Holdings Introducing Private Sector Privacy Legislation On January 1, 2004 the Personal Information Protection Act (PIPA) came into effect for British Columbia. The purpose of PIPA is to govern the collection, use and disclosure of personal information by organizations including pubic groups such as BC Athletics and its Member Clubs, by recognizing:
The right of individuals to protect their personal information
The need for organizations to collect, use, secure and disclose personal information for purposes that a reasonable person would consider appropriate under the circumstances.
BC Athletics and its member clubs are covered by the Act because they collect personal information relating to athletes and their families and, as employers, information relating to staff.
The Act is complaint-driven which means that individuals will be able to make a complaint regarding an organization’s use, collection or disclosure of an individual’s personal information to the Provincial Privacy Commissioner. Fines for non-compliance can be substantial. The Act was brought about to deal with the need for privacy protection in the wake of the Internet and the ability of organizations to compile and use personal information, often without the knowledge or consent of the individual.
Hence the Act brings confidentiality to employment records and gives individuals the ability to have control over the way their personal information is handled and the right to request access to and correction of their personal information. As well, a complaints handling process is also an essential component of this Act.
This guide has been prepared as a member service of BC Athletics to assist you in developing your own privacy policy in order to comply with PIPA. Preparing for PIPA
1. IDENTIFYING PERSONAL INFORMATION “Personal Information “ is broadly defined as any information about an identifiable individual that can be used to distinguish or identify a specific individual; may be factual or subjective, recorded or not.
Examples include
Age, name, ID numbers, income
Opinions, evaluations, comments, disciplinary actions
Employee files, medical and benefits information
2. ASSIGNING RESPONSIBILITY
Under the Act, someone in each organization must assume the role of Privacy Officer. The Privacy Officer is the first contact point when privacy issues arise and is responsible for ensuring that the organization’s privacy policy and practices are fully implemented, effective and communicated to its members, its employees and others. The name and contact information of the Privacy Officer must be provided to members.
The Privacy Officer has three main responsibilities:
To encourage compliance with the Ten Principles of the Protection of Privacy (see Appendix 1) To respond to issues related to personal information including responding to request for access and correction of personal info.
To work with the provincial Information and Privacy Commissioner during an investigation should a complaint be filed.
3. LEARNING THE TEN PRIVACY PRINCIPLES
These principles are legally binding rules regulating how organizations collect, use, disclose and ensure the security of personal information. (Appendix 1) Learn and understand them.
4. CONDUCTING A PRIVACY AUDIT
To comply with PIPA, it is essential to identify what personal information is being held by the organization, how it is being held, who has access to it, and what are the current security and disposal procedures. Generally speaking Clubs collect Information related to athletes-addresses, parents, age, medical conditions, emergency contacts Athlete performance records Employment records related to staff (if applicable) If you collect personal information other than that outlined above, such as email addresses of those who have access to the organization’s website, please refer to the government website:
www.mser.gov.bc.ca/foi_pop/privacy/tools/PIPA_tool_5.htm
In Appendix VII find an Audit Chart that contains questions to assist you in conducting your organization’s audit.vernment website: www.mser.gov.bc.ca/foi_pop/privacy/tools/PIPA_tool_5.htm In Appendix VII find an Audit Chart that contains questions to assist you in conducting your organization’s audit.