Policy Area: Operational Policies – General
Policy # & Policy Name: 3.8 Privacy and Confidentiality
Group: Executive Director; All Staff; Volunteers
Purpose: To ensure that Community Ventures Society meets all legal requirements of confidentiality and privacy for Personnel Records, Records of Persons Served and other personal information noted in relevant legislation and the Collective Agreement.
Policy Statement: Community Ventures Society (CVS) handles information in accordance with the Personal Information Protection Act (British Columbia), the Community Service Act (BC), FOIPPA and the Collective Agreement.
Practice Standards: The CVS Human Resources team, Finance team, Managers, Coordinators and staff adhere to the following practices:
- All personnel and individual files are kept in a locked location when no one is present in the room and accessible only on a need to know basis.
- All electronic files and information are password protected and accessible only on a need to know basis.
- Any personal information shared outside of the organization can only be done by written consent of the individual or their legal guardian unless required by law or court order.
- CVS uses password protocols and encryption software to protect personal and other information we receive. Our software is routinely updated to maximize protection of such information.
- Any individual has the right to access his or her under FOIPPA.
- Requests for information should be directed to the privacy officer (Director of Human Resources and Quality Assurance).
Office protocols: Nightly closing-
- Clear off and secure all files from desks.
- Log out of all computers.
- Remove all documents containing personal information
from fax machines and printers.
- Set alarms (where installed).
- Lock filing cabinets and individual office doors.
When working from home:
• Password protect your device
• Lock your device when not in use
• Ensure portable storage devices (such as USBs and portable hard drives) are
encrypted and password protected
• Keep your software up-to-date
• Use work email accounts rather than personal ones for work-related emails involving
• Before sending an email, ensure you’re sending it to the correct recipient, particularly
for emails involving large amounts of personal data or sensitive personal data
Paper copies and files
• Only remove personal information from the office if it is necessary to carry out your
• Take the least amount of personal information you need and leave the rest behind
• Securely store any paper files when not in use. This means locking files away and
not leaving any files in your vehicle
Policy Audit: March Annually
Date Issued: January 2021
Position Responsible: Director of Human Resources and Quality Assurance
- SD 5.9.A – Consumer Consent
- SDA 5.9.A – Consent for Exchange of Information
- SDC 5.9.C – Consent for Exchange of Information
- SDC 5.9.A – Consent for Use of Photographs & Videos
- 6.6 Personnel Records
- 3.6 Inter-Agency Communication & Cooperation
- 3.3 CVS Technology Policy