1. Accountability for Personal Information.
The Privacy Officer has established a cross-departmental Privacy Committee that meets on an ongoing basis to discuss privacy issues as they occur.
A Privacy Impact Assessment is required for the creation of new personal information systems and for significant changes to existing information systems at the Foundation to identify potential risks for privacy.
2. Identifying Purposes for the Collection of Personal Information.
When the Foundation collects personal information directly from its constituents, the Foundation will identify the purposes for which personal information is collected at or before the time of collection. These purposes include: donor recruitment, that which is necessary for the administration of a donor’s interests and compliance with legal and regulatory requirements.
3. Obtaining Consent for the Collection, Use or Disclosure of Personal Information.
The knowledge and consent of a person is required for the direct collection, use or disclosure of personal information except where mandated by law.
4. Limiting Collection of Personal Information./strong>
The Foundation will limit the collection of personal information to that which is necessary for the purposes identified. Information will be collected by fair and lawful means. The Foundation does not collect any personal health information, other than that which is volunteered directly by the constituent.
5. Limiting Use, Disclosure, and Retention of Personal Information.
Personal information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the person or as required by law. Personal information will be retained only as long as necessary for the fulfillment of those purposes. The Foundation does not trade, rent or sell any personal information to third parties. The Foundation’s web page contains online forms that allow visitors to make a donation. The personal and credit card information provided on these forms is used only to process these donations. Online donations to the Foundation are processed through a third party. The security and privacy policies of this third party are available by clicking on the “Security and Privacy” icon on the online donation form.
6. Ensuring Accuracy of Personal Information.
The Foundation ensures personal information is accurate, complete and as up-to-date as necessary for the purposes for which it is to be used. To change or modify any personal information previously provided to the Foundation, write to the Privacy Officer at: The Princess Margaret Cancer Foundation, 610 University Avenue, Toronto, ON M5G 2M9 or send an email to Privacy@thepmcf.ca.
7. Ensuring Safeguards for Personal Information.
Personal information is protected with security safeguards appropriate to the sensitivity of the information. All Foundation employees and directors must sign a Confidentiality Agreement. In addition, all independent contractors or vendors, that have a working relationship with the Foundation’s proprietary database, must sign a Confidentiality Agreement.
8. Openness Concerning Policies and Practices.
9. Access to Personal Information.
Upon request, a person will be informed of the existence, use, and disclosure of personal information of the person and shall be given access to that information. A person can challenge the accuracy and completeness of the information and have it amended as appropriate.
10. Challenging Compliance.
A challenge concerning compliance with the above principles should be made to the Privacy Officer at: 416-946-6560, or Privacy@thepmcf.ca.