Openness About the Management of Personal Information
The Division makes information available about its policies and practices relating to the management of personal information.
Accountability for Personal Information
The Vancouver Division of Family Practice (VDoFP) is responsible for personal information under its control and will designate an individual or individuals who are accountable for the organization’s compliance with established privacy principles.
Identifying Purposes for Personal Information
The Division will identify the purposes for which personal information is collected before or at the time the information is collected.
Consent for the Collection, Use or Disclosure of Personal Information
The Division will ensure that the knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
Limiting Collection of Personal Information
The collection of personal information will be limited to that which is necessary for the purposes identified by the Division. Information will be collected by fair and lawful means.
Limiting Use, Disclosure and Retention of Personal Information
The Division will not use or disclose personal information for purposes other than those for which it was collected, except with the informed consent of the individual or as required by law. Personal information will be retained only as long as necessary for the fulfillment of those purposes.
Accuracy of Personal Information
The Division is responsible for ensuring that personal information is as accurate, complete and up-to-date as necessary for the purposes for which it is to be used.
Safeguards for Personal Information
The Division ensures personal information is protected by security safeguards appropriate to the sensitivity of the information.
Individual Access to Personal Information
Upon request, the Division informs an individual of the existence, use, and disclosure of his or her personal information and the individual has access to that information. An individual has the ability to challenge the accuracy and completeness of the information and have it amended as appropriate.
An individual has the ability to challenge the Division’s compliance with these principles by contacting the designated individual or individuals accountable for the organization’s compliance.
Access: The entitlement of an individual to examine or obtain his or her own personal information held by an organization.
Accountability: An organization is responsible for personal information under its control and designates individual(s) who are accountable for the organization’s compliance with its privacy policies, procedures and practices.
Accuracy: Personal information kept by the organization will be accurate, complete and up-to-date.
Challenging compliance: An individual has the ability to challenge an organization’s compliance with its privacy principles, policies, procedures and practices and the complaint is directed to the designated individual(s) accountable for the organization’s compliance with its privacy policies, procedures and practices.
Collection: The act of gathering, acquiring, recording, or obtaining personal information from any source, including third parties, by any means.
Consent: An organization will ensure that there is voluntary agreement by an individual, or his or her legally authorized representative, to allow the collection, use or disclosure of the individual’s personal information. The consent may be either express or implied and should include an explanation as to the implications of withdrawing consent. Express consent is given explicitly and unambiguously, either verbally or in writing. Implied consent is given when the action/inaction of an individual reasonably infers consent.
Disclosure: Disclosure occurs when personal information is made available to a person who is not employed by or in the service of the party holding the information (e.g. service providers).
Identify the purpose: Purposes, which includes why the information is being collected and how it is being used is identified by the organization at or preferably before the time of collection. The reason for collection is documented.
Personal information: Personal information is any factual or subjective information, recorded or not, regarding an identifiable individual. Examples include name, age, identification number, income, ethnic origin, blood type, opinions, evaluations, comments, social status, disciplinary actions, employee files, credit or loan records, medical records, or the existence of a dispute between parties.
Privacy: Privacy is the fundamental right of an individual to have their personal information protected.
Retention schedule: A retention schedule identifies the period of time personal information is held. Personal information should not be held for longer than is necessary to fulfill the purposes for which it was collected.
Safeguards: Safeguards are the actions taken to protect personal information. The level of the action is appropriate to the level of sensitivity of the information.
Security: Personal information is protected from unauthorized or unintentional loss, theft, access, use, modification or disclosure.
Third party: A third party is an individual or organization outside the Division.
Use: Use refers to the treatment and handling of personal information within an organization.
** Last updated June 2013