CCPA

Privacy Policy

CANADIAN COUNSELLING AND PSYCHOTHERAPY ASSOCIATION
PERSONAL INFORMATION PROTECTION POLICY

Purpose

This Personal Information Protection Policy of the Canadian Counselling and Psychotherapy Association (CCPA) outlines a commitment to principles and practices intended to protect the security and privacy of personal information it collects. The Policy reflects compliance with the CCPA Code of Ethics and the Personal Information Protection and Electronics Documents Act (PIPEDA)
CCPA is committed to collecting, using, and disclosing personal information responsibly and only to the extent necessary for the effective delivery of the goods and services it provides.

What is Personal Information?

Personal information is information about an identifiable individual. Personal information includes information that relates to personal characteristics (e.g., gender, age, home address or telephone number), education (e.g. degree, year of graduation, institution and specialization) or activities and views (e.g. options expressed by an individual, evaluation of an individual). Personal information is to be contrasted with business information (e.g. an individual’s business address and telephone number), which is not protected by privacy legislation.

Access to Personal Information

Individuals have a right to inspect their personal information that is in the possession of CCPA.
Requests to review their personal information, change or correct it, or to make a complaint to CCPA about the collection and/or use of personal information should be directed to the CCPA privacy officer.

Employees of CCPA, in the course of their duties, have access to personal information we hold. There are a limited number of individuals, outside the Association, that may, in the course of their duties, have limited access to personal information. We restrict their access and obtain their assurance that they follow appropriate privacy principles and practices. These individuals include, but are not limited to, bookkeepers, auditors, legal counsel and contractors.

Consent

Expressed consent is sought whenever personal information is collected. However, there is sometimes implied consent, such as when an applicant or member completes and submits a membership application to CCPA. It is implicit in such a process that CCPA is collecting this personal information as part of the application process and that applicant is consenting to this collection.

Safeguards to Maximize Security of Personal Information

Location of Paper Information

Office areas restricted to staff

  • Policy that all files be locked after hours

  • Policy that secure areas be locked after hours

  • Policy defining levels of access

·       While in transit to another location

  • Policy that files must be in personal custody of staff

  • Policy that files be locked away while unattended

 Home office

Policy regarding removal of files from office

  • Policy that files be locked away while unattended

Location of Electronic Information

Computer access restricted to staff only

  • Password protection for each terminal

  • Unique users identification with passwords

  • Policy defining levels of access

Transfer of Paper Information

In sealed envelope marked private and confidential, sent by Canada Post or reputable courier.

  • In sealed envelope delivered by staff.

  • In sealed envelope to be picked up by person - envelopes kept out of sight in public areas.

Transfer of Electronic Information

Through e-mail with the consent of the person

  • Through fax with a cover sheet with a privacy clause

  • Through a disk, CD or other storage medium that is treated with the same safeguards as paper information

General Safeguards

·       Staff are trained in the following

  • The importance of personal information

  • Access to personal information is on a need-to-know basis

  • CCPA’s Personal Information Protection Policy

  • Sensitivity in collecting and using personal information when others might hear

  • When to remove or mask unnecessary information when providing copies

  • To recognize and avoid being “pumped” for information

  • How to discard personal information

  • To avoid discussing personal information public places

  • That breach of the Association’s privacy policy will result in discipline up to and including dismissal.

  • Annual review of privacy policy and practices with staff.

·       Privacy and security agreements with the following

  • Temporary/contract employees

  • Bookkeeping and accounting

  • Legal

  • Building management

Regular and systemic monitoring of compliance by the Information Officer or designate.

Systematic approach to ensure staff change passwords.

A policy to notify individuals when their personal information is misused or misappropriated.

Retention and Disposition of Personal Information

Personal information held by CCPA about members and employees will be destroyed seven years after cessation of CCPA membership or employment with CCPA. Such information will be destroyed in a manner designed to protect member/employee privacy.

Openness

CCPA is committed to ensuring this Personal Information Protection Policy is available to the public. We endeavour to do this in the following ways:

  • Staff are trained to provide the Policy to anyone who requests it

  • The Policy will be provided to each employee.

  • The Policy will be posted in the reception area of our Association.

  • The Policy will be posted on our website.

  • The Policy will be sent to members.

  • The Policy will be provided to each new member at the time a consent form is signed.

  • The Policy will be provided to each new individual about whom we collect data.

Information Collected

CCPA collects personal information about its members, employees, and contractors as follows:

Category: Members

Information Gathered

Personal Characteristics

  • Name

  • Age

  • Home contact information

  • Other contact information

  • Membership category requested

  • Membership category requested

  • Language preference

  • Gender

  • Educational information

  • Years of counselling experience

  • Work setting

  • Continuing education experiences

Activities and Views

  • Transaction history with the Association

  • Letter(s) written to the Association by the individual, and by referees.

  • CCPA disciplinary action against the individual, within appropriate time limits.

Primary Purpose of Collecting Data

  • Database for membership admission and maintenance

  • Database for Certified Canadian Counsellors and its maintenance

Authority to Collect Information for this Purpose

  • Implied

CategoryEmployees/Contractors

Information Gathered

Personal Characteristics

  • Name

  • Home Contact Information

  • Emergency Contact Information

  • Credit/Bank Information

  • Social Insurance Number

  • Gender

  • Age

  • Education or Training

  • Marital Status

Activities and Views

  • Transaction history with the Association

  • Occupation/profession

  • Community involvements

  • Work hours

  • Disciplinary actions against the individual

  • Financial Data

  • Existence of a dispute with the Association

  • Letter written to the Association by the person

  • Views, evaluations, or opinions about the person

Primary Purpose of Collecting Data

  • Employment Suitability

Authority to Collect Information for this Purpose

  • Implied

  • Written consent

Secondary Purpose of Collecting Data

  • On-going suitability of employment

Authority to Collect Information for this Purpose

  • Implied

 Complaints

All members/employees/contractors with complaints abut the collection, use, or security of their personal information held by CCPA will be directed to the CCPA privacy officer. All such complaints will be discussed with the complainant, appropriately investigated, and a timely response will be given. The CCPA Privacy Officer will inform complainants of the Office of the Privacy Commissioner of Canada, www.privcom.gc.ca.

CCPA Privacy Officer is the Executive Director

CCPA, November, 2004