Protection of Personal Information Policy
What is the Personal Information Protection Act? Click to view the Act on the provincial government website.
For further information please contact the local’s Privacy Officer by emailing the union office: firstname.lastname@example.org
PROTECTION OF PERSONAL INFORMATION POLICY – CUPE Local 3338
Adopted at the June 22, 2004 General Membership Meeting
Introduction: This policy applies to CUPE Local 3338 and has been adopted pursuant to the Personal Information Protection Act (BC).
CUPE as a union is responsible under the Protection of Personal Information Act (BC) (PIPA) to protect what is defined in PIPA as “personal information” and “employee personal information”.
Not all information about all individuals is affected by PIPA. Much of the information CUPE collects and uses about individuals is defined in PIPA as “work product information” about its members, collected and used by CUPE as a collective organization, for purposes connected to promoting the welfare of the group.
This information is not subject to PIPA. Other information collected and used by CUPE is subject to PIPA. That information includes personal information about its employees and non-member volunteers, as well as information about others in the community who are not CUPE members.
CUPE protects the information of its members by ensuring that it is not disclosed to non-members except as necessary to further the interests of the membership as a whole. Members who are concerned about the disclosure of information about them are encouraged to raise those issues with CUPE officials, with final decisions to be made democratically according to CUPE’s Constitution and Bylaws.
This policy is designed to cover what is defined in PIPA as “personal information” and “employee personal information”, which is included in “personal information”. Where applicable, the principles of privacy protection contained in this policy should also be followed with respect to member information as well as the information covered under PIPA. Members are encouraged to use the democratic processes of the union to ensure that privacy is appropriately protected within CUPE and by CUPE.
Protection of “Personal Information” and “Employee Personal Information”
CUPE as an organization is responsible for the protection of “personal information” and the proper handling of it at all times, throughout CUPE and in dealings with outside parties. We recognize that our proper handling of “personal information” is both essential to the individuals concerned and to our reputation as a union.
CUPE subscribes to the following principles for the protection of “personal information” and “employee personal information”:
- Limiting collection
- Limiting use, disclosure and retention
- Individual access
- Challenging compliance
CUPE Local 3338 has a Privacy Coordinator to look after the protection of information under PIPA. Individuals who are concerned about information CUPE possesses, and how it is stored, used and disclosed are encouraged to contact our Privacy Coordinator through the union office. Our Privacy Coordinator is responsible for handling questions and requests for information from the public and our employees, as well as making recommendations to the Executive Board for the handling and protection of information. CUPE welcomes suggestions made to the Privacy Coordinator on how we can improve and maintain our protection of privacy. The Privacy Coordinator will also work with other Privacy Coordinators and resource people within both CUPE Regional and CUPE National to ensure that our privacy protection measures are appropriate and effective.
2. Identifying the purpose of collection, use and disclosure
When PIPA requires it, CUPE will identify the reasons for collecting “personal information” or “employee personal information” before or at the time we collect it. As required, we will document those reasons and inform the individual from whom it is to be collected. Any further use of the information will be subject to a new consent where PIPA requires it.
3. Obtaining consent for collection, use and disclosure
It is our policy to obtain consent for the collection, use and disclosure of “personal information” as required by PIPA. Before any “personal information” is handled by any member or employee of CUPE, they will receive instruction on the requirements to be met under the legislation by the Privacy Coordinator or another person designated by them.
4. Limiting collection
In general, it is our policy to avoid the unnecessary collection of information. Where “personal information” under PIPA is involved, or may be involved, we will require consultation with the Privacy Coordinator or reference to the written directions of the Privacy Coordinator.
5. Limiting use, disclosure and retention
“Personal Information” should only be used for the purpose for which it was collected, and should not be retained after its purpose is finished according to PIPA. There are uses for which the purpose may only seem to be completed, however. Members and employees must refer to the Privacy Coordinator for direction before destruction of “personal information” pursuant to PIPA to ensure that destruction is appropriate. Instead of destruction, the information may sometimes be altered to remove identifying information if appropriate. The Privacy Coordinator will coordinate regular reviews to ensure that “personal information” is not retained unnecessarily.
6. Maintaining accuracy
CUPE will take every reasonable step to ensure that information used in decision-making or disclosed to third parties is accurate and complete. Before making such decisions or disclosures, “personal information” must be checked.
7. Using appropriate safeguards
“Personal information” under PIPA must be protected from theft or unwarranted disclosure. All members and employees of CUPE will be advised of this requirement. The Privacy Coordinator is responsible for ensuring that CUPE maintains adequate safeguards against theft or unauthorized access, use or disclosure. These measures will be reasonably strict depending on the sensitivity of the information involved and will be reviewed on a regular basis by the Privacy Coordinator.
CUPE will make all reasonable efforts to inform the public, its members and its employees of this policy and any subsequent policy with respect to “personal information” under PIPA. To that end, a copy of the current policy will be available on request at our offices. It is our intention to protect “personal information” as defined in PIPA, and to be as open to suggestion, criticism, complaint and inquiry as we can. The Policy Coordinator will be responsible for dealing as quickly as possible with the public, members and employees who have concerns they wish to raise, and with the Privacy Commissioner under PIPA. Complaints and requests under PIPA will be handled by the Privacy Coordinator, who will be happy to assist in drafting them.
9. Giving individuals access
Under PIPA, individuals have rights to access their “personal information”, with some exceptions. Requests for access should be made to the Privacy Coordinator, who will respond to them as quickly and effectively as possible subject to PIPA’s requirements. If correction of the “personal information” is appropriate, the Privacy Coordinator will receive and act on a request for correction according to PIPA’s requirements. If there is a disagreement about accuracy of the “personal information”, PIPA requires CUPE to make a note of the requested correction attached to the document where the disputed information appears. Fees may be charged under PIPA for access to “personal information”, and may include the costs to CUPE of finding and copying such information. We will keep any such fees to a minimum, covering only our costs. Before doing the work, an estimate of any fees to be charged will be given.
Any decision of the Privacy Coordinator may be appealed to the Executive Board or its delegate(s). CUPE will make every reasonable effort to resolve disputes without the need to involve the Privacy Commissioner under PIPA.