Privacy Laws and Legislation

Big Picture

Privacy legislation is to be taken seriously and affects the way we do business.

Very simply: All private information the Company obtains from any person, including our customers/clients, partners, independent contractors, employees and candidates must be accompanied by disclosure for the reason of collection, consent for its use, and a guarantee that the information will be safeguarded and only used for the purposes of original collection.

Personal information is not to be distributed or disclosed to others except in very limited circumstances. In many cases, permission will be required.

For example, as a manager, virtually nothing you write about a job candidate or Company employee can be considered off limits to the candidate. Scribbles on a performance review, comments about an individual on a piece of paper, or comments on interview notes are now accessible information.

Every individual has a right to view anything written about him or her, whether that information is located in the Company personnel files, in an email, or in the margin of a manager’s notebook. However, there is no reasonable expectation of privacy when using the Company email system and Internet. For more information, please see our practices on Internet and Email use.

Document Owner: Privacy Officer
Practice Applies to: Everyone
Process Responsibility: Everyone
Final Accountability: Privacy Officer

Our Practice

The Company Privacy Officer is Laurie Carr. If you have any questions about Federal or Provincial privacy legislation and how it affects your job, please contact this person.

Managers and Employee Privacy Here are some specific examples of how privacy legislation affects you as a manager:

  • All written, recorded or scribbled notes (including drawings) about an individual are considered private information about that individual and the Privacy Officer is responsible for making sure the information is accessible to that individual. Any communication about an individual, regardless of form, must be filed in personnel records.
  • An applicant who is interviewed has the right to ask for interview notes from every individual who interviewed that person.
  • If Human Resources or a manager put together a report about an individual—whether it be a case for termination, performance review, or recommendation for promotion—the information must be in the individual’s file and accessible to him or her.
  • Resumes of all applicants must be kept on file for a year and kept secure.
  • Storage of an individual’s personal information—performance, salary, date of birth, medical or personal issues—should be consolidated wherever possible. The Privacy Officer needs to know what information is stored where. This includes personal information stored on home computers, lap tops, removable disks, etc.
  • Circulation of home addresses, birthdays, telephone numbers, and cellular telephone numbers (unless paid for by the Company), etc. is not allowed.
  • As a manager, you are not necessarily allowed to see an individual’s files. There may be no reason for you to know private information, particularly medical information.
  • Employees should discuss medical or personal information with Human Resources or Payroll only, and not with the manager. Parent Therapist however, should discuss medical issues with the Program Coordinator. This includes requests and verifications of doctor’s notes.
  • Without exception, all emails and Internet access that use the Company network belong to the Company.
  • Anyone with access to private information must sign a special confidentiality agreement, particularly as it relates to medical information and non-disclosure after parting with the Company.

The Details

The Personal Information Protection and Electronics Documents Act (PIPEDA) is the Canadian Federal legislation act currently in place. Unless a province has developed its own privacy act, it is automatically governed by the PIPEDA. Privacy legislation can be compared to the Employment Standards Act in that a Company with multiple offices across the country needs to be aware of provincial differences. At this time, Quebec, Alberta and British Columbia are the only provinces with their own privacy legislation.

Collecting private information is different than collecting and using business information. For instance, conducting a survey for marketing purposes is fine if the information being collected is for business-to-business use and not business-to-consumer or employee. An example of business-to-business use would be collecting an individual’s business email or mailing address. A retailer asking for personal information prior to conducting a cash transaction would be business-to-consumer use. Principles of Ontario Privacy Legislation Privacy Policy

Stevenson, Waplak & Associates and Quinte Children’s Homes Stevenson, Waplak & Associates provides psychological service and counselling and Quinte Children’s Homes provides therapeutic care and treatment to children and youth who benefit from a nurturing family environment, but whose needs exceed the management abilities of traditional foster care. Our subsidiary companies include; BridgeCross (eating disorder clinic) and Applewood Academy (educational facility). Personal information may be shared between these companies as required and indicated by treatment plans, but only to the extent necessary to ensure quality of care. These subsidiary companies are bound by the same privacy policies and procedures and work together to protect the privacy of individuals.

1. Our Commitment

Privacy is important to Stevenson, Waplak & Associates and Quinte Children’s Homes and our subsidiary companies. We are committed to protecting the privacy of the personal information of our clients, employees, independent contractors, volunteers and other stakeholders. We are committed to collecting, using and disclosing personal information responsibly and only to the extent necessary for the services we provide. We strive to be open and transparent regarding how we handle personal information.

During the course of treatment and related activities, we frequently gather and use personal information. Anyone from whom we collect personal information can expect it will be carefully protected, and consent will be sought should we wish to use it for any purpose other than originally intended.

2. What Is Personal Information?

Personal information is information about an identifiable individual. Personal information includes information related to: an individual’s personal characteristics (e.g., gender, age, income, home address or phone number, ethnic background, family status); health (e.g., health history, health conditions, health services received by them); or, activities and views (e.g., religion, politics, opinions expressed by an individual, an opinion or evaluation of an individual). Exceptions: business contact information and certain publicly available information, such as names, addresses and telephone numbers as published in telephone directories, are not considered personal information. This is not protected by privacy legislation. Personal information gathered by SW&A and QCH and subsidiary companies is kept in confidence. Employees are authorized to access personal information only to the extent that they require the information to carry out a specific task. Policies are in place to ensure that the information is not disclosed or shared more widely than is necessary to achieve the purpose for which it was gathered.

3. Primary Purposes for Collecting Private Information

For our clients, the primary purposes for collecting personal information are as follows: assessment, treatment, clinical consultation and monitoring progress of all clients. Examples of the type of personal information we collect for those purposes include the following: demographic information, health and safety issues, level of functioning, risk levels, objective stressors and coping abilities. For members of the general public, our primary purposes for collecting personal information are as follows: provide information on our target population and the efficiency of the treatment interventions. Examples of the type of personal information we collect for those purposes include the following: traumatic life events, perceived stressors, parental bonding, and risk level based on pre-morbid factors, socio-demographic factors and adaptive abilities. Sometimes we collect personal information from other sources if we have your consent or if the law permits.

4. Secondary Information for Collecting Private Information

Like most organizations, we also collect, use and disclose information for purposes related to or secondary to our primary purposes. The most common examples of our related and secondary purposes are as follows:

  1. Developing treatment plans
  2. Recommending placement
  3. Psychological Assessments
  4. Psycho-educational Assessments
  5. Referrals to Medical or Psychiatric Consultants

You can choose not to be part of some of these related or secondary purposes. We do not, however, have choice about some of these related or secondary purposes (e.g., external regulation).

5. How We Collect and Use Your Private Information We collect personal information about you directly from you, or the person responsible for making decisions for you. We also collect information for our records, as the law requires us to.

6. Website and Electronic Commerce We use passwords, protocols and encryption software to protect personal and other information we receive when a product or service is requested.

We do not automatically gather any personal information such as your name, phone number, e-mail or address. This information is only obtained if you supply it voluntarily, through contacting us via e-mail, by asking to be added to an Information Network or to receive information.

Any personal information you provide to us will not be sold to any third party. We use software that receives and records the Internet Protocol (IP) address of the computer that has contacted our web site. We make no attempt to link these addresses with the identity of individuals contacting our site. The information is used to improve the content of this site and is not shared with other organizations.

7. Protecting Personal Information We understand the importance of protecting personal information. For that reason, we have taken the following steps:

  • Paper information is either under supervision or secured in a locked or restricted area.
  • Electronic hardware is either under supervision or secured in a locked or restricted area at all times. In addition, passwords are used on computers. All of our cell phones are digital as these signals are more difficult to intercept.
  • Paper information is transmitted through sealed, addressed envelopes or boxes by reputable companies.
  • Electronic information is transmitted either through a direct line or has identifiers removed or is encrypted.
  • Staff are trained to collect, use and disclose personal information only as necessary to fulfil their duties and in accordance with our privacy policy.
  • External consultants and agencies with access to personal information must enter into privacy agreements with us.

8. Retention And Destruction Of Personal Information We retain personal information for some time to ensure that we can answer any questions you might have about the services provided, and for our own accountability to external regulatory bodies. We do not want to keep personal information too long, in order to protect your privacy. We keep our client files for about ten years. [NB: College Standards require files be kept for at least 10 years past the date of last contact for adults, and for child clients, 10 years past the date at which they would turn 18 years of age.] Our client and contact directories are much more difficult to systematically destroy, so we remove such information when we can if it does not appear that we will be contacting you again. However, if you ask, we will remove such contact information right away. We destroy paper files containing personal information by shredding. We destroy electronic information by deleting it and, when the hardware is discarded, we ensure that the hard drive is physically destroyed. Alternatively, we may send some or the entire client file to our client.

9. You Can Look At Your Information We give your information to only those people who need it for their work. We also give your information to those who have a right to it by law. These are the people who may see your information:

  • you, or the person responsible for making decisions for you
  • your caregivers
  • people working for agencies that govern the Act and Regulations under which the service operate, if the law requires it
  • people who have a contract to provide services to you
  • other people, if you agree, or when the law requires or permits it

With only a few exceptions, you have the right to see what personal information we hold about you. Often all you have to do is ask. We can help you identify what records we might have about you. We will also try to help you understand any information you do not understand (e.g., short forms, technical language, etc.). We will need to confirm your identity, if we do not know you, before providing you with this access. We reserve the right to charge a nominal fee for such requests.

If there is a problem, we may ask you to put your request in writing. If we cannot give you access, we will tell you within 30 days if at all possible and tell you the reason, as best we can, as to why we cannot give you access. If you believe there is a mistake in the information, you have the right to ask for it to be corrected. This applies to factual information and not to any professional opinions we may have formed. We may ask you to provide documentation that our files are wrong. Where we agree that we made a mistake, we will make the correction and, where appropriate, notify anyone to whom we sent this information. If we do not agree that we have made a mistake, we will agree to include in our file a brief statement from you on the point and, as appropriate, we will forward that statement to anyone else who received the earlier information.

Do You Have A Concern? Our Information Officer, Laurie Carr, can be reached at 72 Orchard Drive, Belleville, ON, K8P 2K7 or email [email protected] to address any questions or concerns you might have.

If you wish to make a formal complaint about our privacy practices, you may make it in writing to our Information Officer. We will acknowledge receipt of your complaint; ensure that it is investigated promptly and that you are provided with a formal written decision with reasons.

If you have a concern about the professionalism or competence of our services or the mental or physical capacity of any of our professional staff we would ask you to discuss those concerns with us. If we cannot satisfy your concerns, you are entitled to complain to our regulatory body:

The College of Psychologists of Ontario 110 Eglinton Avenue West, Suite 500 Toronto, Ontario M4R 1A3 Phone: (416) 961-8817 | (800) 489-8388 | Fax (416) 961-2635 http://www.cpo.on.ca/

Ministry of Children and Youth Services 1055 Princess Street, Suite 103 Kingston ON K7L 5T3 http://www.children.gov.on.ca/

For more general inquiries, the Information and Privacy Commissioner of Canada oversees the administration of the privacy legislation in the private sector. The Commissioner also acts as a kind of ombudsman for privacy disputes. The Information and Privacy Commissioner can be reached at:

112 Kent Street Ottawa, Ontario K1A 1H3 Phone: (613) 995-8210 | (800) 282-1376 | TTY (613) 922-9190 | Fax (613) 947-6850 www.priv.gc.ca/en/