Privacy Policy

KINGSTON & FRONTENAC HOUSING CORPORATION

POLICIES AND PROCEDURES MANUAL

PRIVACY POLICY

SUBJECT: PRIVACY AND CONFIDENTIALITY

Kingston & Frontenac Housing Corporation is a social housing provider of residency to families, adults and seniors as well as a provider of special needs housing. Kingston & Frontenac Housing Corporation recognizes the right of individuals to control the collection, use and dissemination on their personal information. In addition, we recognize our responsibilities in relation to holding in confidence the individual’s personal and health related information.

The policies included in this section adhere to the ten principles included in the Canadian Standards Model Code for the Protection of Personal Information. These principles have been adopted by Kingston & Frontenac Housing Corporation to guide the development of all policies and procedures related to the protection of personal information and confidentiality as they consistently enable Kingston & Frontenac Housing Corporation to achieve adherence to all acts and codes (provincial and federal) which govern these areas.

Acts and statutes impacting on our work with respect to the collection, use and dissemination of personal information include:

PIPEDA

Personal Information Protection and Electronics Documents Act Federal

*as a landlord we engage in commerce

Social Housing Reform Act, 2000 Ontario

*Rent-Geared-to-Income landlord

FIPPA

Ontario Freedom of Information and Protection of Privacy Act Ontario

*as a government funded agency we are bound to the limits of this Act

PHIPA

Personal Health Information Protection Act, 2004 Ontario

The Substitute Decisions Act Ontario

Health Care Consent Act Ontario

About Privacy

There are three fundamental constructs to bear in mind when considering the privacy of personal information strictly from the viewpoint of the individual:

1. The individual described by the personal information controls it; not the organization holding or in possession of the information.

2. Privacy is about preventing access to an individual’s personal information. It is about allowing information to be collected, used and disclosed in accordance with the specific wishes of the individual.

3. Privacy, Security and Confidentiality are not the same thing. Although there is some overlap in definition, their individual meaning and intent must not be confused,

1. 1. Privacy relates to people, process and accountability. It gives individual’s control over their personal information, and requires them to grant permission to an organization for the collection, use, disclosure and retention of that information.

1. 2. Security is the essential component for preventing inadvertent release of personal information. Security also relates to the availability and integrity of personal information.

1. 3. Confidentiality addresses only the disclosure of personal information.

Definition of Personal Information (PIPEDA)

For the application of this policy, personal information means:

1. The personal address, telephone number or email address of the individual.

2. Any identifying number assigned to an individual which can lead to their identification (e.g. Social Insurance Number).

3. Information about an individual’s income and assets.

4. Bank account and credit card information.

5. Information about rent payment history.

6. Information relating to the race, national or ethnic origin, citizenship status, colour, religion, age, sex, sexual orientation, martial or family status of the individual.

7. Information relating to the education, medical, psychiatric, psychological, criminal or employment history of the individual.

8. Credit and rental history reports.

9. Financial information for the purposes of establishing rent-geared-to-income assistance.

10. An individual’s blood type or fingerprints.

11. Information about an individual’s personal or political opinions.

12. Correspondence sent to Kingston & Frontenac Housing Corporation that is of a private or confidential nature, and any replies from Kingston & Frontenac Housing Corporation that would reveal contents of the original correspondence.

13. The individual’s name if it appears with other confidential information (e.g. rental arrears reports).

14. Employee information including resumes, salary and benefits, disciplinary action, bank account information, tenant complaints about the individual, and problems between staff.

Personal information does not include:

1. 1. The name, position and business phone number of employees

1. 2. Statistical data, which is summarized in such a way as to not identify any individuals

1. 3. Business contact information and certain publicly-available information such as name, address and telephone number (as published in telephone directories)

DEFINITION OF PERSONAL HEALTH INFORMATION (PHIPA)

Personal Health Information includes identifying information about an individual that:

• Relates to his or her physical or mental health
• Relates to providing health care, including identifying a provider of health care
• Is a plan of service within the meaning of the Long-Term Care Act
• Relates to the donation of a body part of bodily substance
• Is a health number
• Identifies a substitute decision-maker of that individual
• Is in a record where the record contains any of the above information

Personal health information does not include identifying information about an employee or Kingston & Frontenac Housing Corporation or other health care providers.

Health Information Custodian (HIC)

Kingston & Frontenac Housing Corporation is a designated “HIC” under PHIPA. As such we may share a tenant’s personal health information with other HIC’s involved in the provision of health care. This concept is referred as to the “circle of care”, which refers to those custodians and agents with whom personal health information can be shared on the basis of an implied consent.

Agents

Individuals employed by or volunteering for the health care custodian are considered “agents” of the custodian. Agents act with the authority of the HIC. Provision of personal health information to or by an agent is considered to be done to or by the health records custodian.

HIC’s include:

• A person providing health care for pay
• A long term care provider
• Community care access centers
• Community health or mental health clinic, center program or service
• Hospital, nursing home or independent health facility
• Pharmacy, ambulance service or laboratory
• Home for special care

Excluded from the list of health care custodians are:

• An aboriginal healer
• Midwife
• A person who treats solely by prayer or spiritual means
• Persons acting as agents of a HIC.

PRIVACY POLICIES

Principle 1 – Accountability

1. 0. Kingston & Frontenac Housing Corporation is responsible for personal information under its control and will designate an individual who is accountable for the organization’s compliance with the following principles.

The Board of Directors is considered the Health Records Custodian (PHIPA) and as such, holds ultimate accountability for protecting the personal information of clients and tenants. The Board will be supported in this activity by delegating the day-to-day operational privacy responsibilities to the General Manager. All staff share responsibility for adhering to Kingston & Frontenac Housing Corporation’s policies and procedures.

1. 1. The General Manager has been designated Information Officer by the Board of Directors to oversee Kingston & Frontenac Housing Corporation’s compliance with the principles and will respond to all complaints or inquiries with respect to individual privacy and confidentiality.

1. 2. Kingston & Frontenac Housing Corporation is responsible for personal information in its possession or custody, including information that has been transferred to a third party for processing. Kingston & Frontenac Housing Corporation will use contractual or other means to provide a comparable level of protection while the information is being processed by the third party.

The following policies and practices give effect to this policy, including:

• • • procedures to protect personal information
    • procedures to receive and respond to complaints and inquiries
    • training staff and communicating to staff information about the PHIPA

Principle 2 – Identifying Purposes

1. 0. The purposes for which personal information is collected will be identified by Kingston & Frontenac Housing Corporation at or before the time the information is collected. The primary purposes include the delivery of services, quality management, research and meeting legal and regulatory requirements.

1. 1. Identifying the purposes for which personal information is collected at or before the time of collection allows Kingston & Frontenac Housing Corporation to determine the information that is needed to collect to fulfill these purposes.

1. 2. The identified purposes are specified at or before the time of collection to the individual from whom the personal information is collected. Depending upon the way in which the information is collected, this can be done orally or in writing.

1. 3. When personal information that has been collected is to be used for a purpose not previously identified, the new purpose shall be identified prior to use. Unless the new purpose is required by law, the consent of the individual is required before information can be used for that purpose.

1. 4. Persons collecting personal information should be able to explain to individuals the purposes for which the information is being collected.

Principle 3 – Consent Consent Requirements

1. 0. The cornerstone of privacy legislation is that the person described by the personal information must be able to control it. The individual named must provide consent for collection, use and disclosure of his/her personal information.

1. 1. In order to consent to the collection, use, and disclosure of personal information, consent must be informed. Kingston & Frontenac Housing Corporation will make a reasonable effort to ensure that tenants are informed:

• • • Regarding services typically included in the Circle of Care
    • How personal health information is collected, shared and used

• How Kingston & Frontenac Housing Corporation ensures that personal health information is secure
• That the individual may withhold or withdraw their consent for collection and use of personal health information at any time.

Elements of Consent Consent must:

• Be capable and knowledgeable
• Relate to the information
• Not be obtained by deception of coercion
• Assumes that the individual may provide or withhold consent and understands the purpose for gathering, using and disclosing.

1. 2. When is Consent Obtained

Express Consent is obtained:

• • • As part of the application for service process
    • Annually thereafter and
    • When there is a change in purpose, use or disclosure of the information collected

1. 3. Types of Consent

Express Consent is explicit and direct. It may be given verbally, in writing or electronically. Express consent involves expressly asking the individual for consent to collect, use or disclose the information. The response can be verbal, or written (the individual signs a consent form) When verbal consent is used the worker should note the response on the application form.

1. 4. PIPEDA requires that Express Consent should be obtained for sensitive information. Personal information collected by Kingston & Frontenac Housing Corporation such as: physical or mental health, health service provided, psycho social and financial information is considered sensitive.

1. 5. Use of Express Consent

Express Consent must be obtained from the tenant in the following situations:

1. collection from or disclosure to services/individuals outside of the circle of care or to a non-custodian.

2. disclosure to another custodian for a purpose other than of providing or assisting in the provision of health care.

3. collection, use or disclosure of information for fundraising of information beyond the name and mailing address.

4. collection for market research.

5. collection for research unless certain criteria are met.

6. for the collection and use of sensitive personal information of a tenant of Kingston & Frontenac Housing Corporation.

1. 6. Implied Consent is inferred from the surrounding circumstances that the tenant would reasonably agree to the collection, use and disclosure of their personal health information (that they would provide express consent if asked to do so).

1. 7. Ensuring the Assumption of Implied Consent

1. 1. 1. Kingston & Frontenac Housing Corporation will post notices and include a section in their brochures explaining our practices with respect to the collection, retention, use and disclosure of personal health information.

1. 1. 2. At the point of intake, Kingston & Frontenac Housing Corporation staff will explain in detail to tenants our practices with respect to the collection, retention, use and disclosure of information.

1. 1. 3. Printed information and privacy practices explained by staff will endeavour to ensure that the tenant is made aware and understands their right to withhold or withdraw their consent with respect to the collection and dissemination of their personal health information.

1. 8. Implied Consent related to the collection, use and disclosure of personal health information permits:

1. 1. 1. Information to be shared between custodians within the circle of care for the purpose of providing health care.

1. 1. 2. Names and addresses to be used for the purpose of fundraising.

1. 1. 3. Providing information to a representative of the tenant’s religious organization if the tenant has provided information related to their religious affiliation.

1. 9. Withholding Consent

1. 1. 1. Tenants have the right to withhold or withdraw their consent with respect to the collection and dissemination of their personal health information. The withdrawal or withholding of consent can be done so verbally, in writing or electronically. Direction provided by the tenant to restrict the collection or use of information should be noted in the tenant’s file by the Property Manager or General Manager.

1. 1. 2. In situations where some of the information is being withheld when Kingston & Frontenac Housing Corporation discloses information to another health records custodian, the receiving custodian must be advised that, consistent with the tenant’s wishes, the information provided them is not complete.

3) Where withholding of information may pose a risk to the tenant, or others, information can be disclosed.

1. 10. Withdrawal of Consent

Individuals have the right to withdraw consent. However, this provision is dependent on whether the withdrawal may impede the provision of services. Kingston & Frontenac Housing Corporation’s ability to respond to a request for withdrawal of consent must be viewed in the context of the organization’s ability to continue to provide services. If services cannot be provided as a result of consent is withdrawn, the individual should be advised that doing so would effectively terminate our service.

1. 11. Age of Consent

Capable tenants of all ages are entitled to make their own health care decisions. If the child is 15 years of age they can limit the disclosure of information to their parents.

1. 12. Capacity

The Substitute Decisions Act identifies specific people who can make decisions on behalf of an individual. The rules outlined in the Substitute Decisions Act should be followed when obtaining consent for the collection, use, disclosure and retention of personal information.

The Health Care Consent Act outlines rules for consent with respect to consent for treatment. These same rules may be applied to the consent for the collection, use, disclosure and retention of personal information.

There is always a presumption of capacity of the individual to make a knowledgeable decision to provide or withhold consent.

1. 13. The person is capable if:

1. 1. 1. They understand the information relevant to the collection, use and disclosure.

1. 1. 2. They appreciate the reasonable foreseeable consequences of giving or withholding consent. If there is concern raised with regards to the tenant’s capacity to make a decision they should be referred to a psychiatrist for a capacity assessment.

1. 14. Substitute Decision Maker (SDM)

If the decision is not noted under the Health Care Consent Act, and no attorney or guardian has been appointed the substitute decision maker is the highest ranking qualified person from the following list:

A representative of the Board A spouse or partner

A parent, guardian, or CAS if so empowered A parent with only right to access

A sibling

Any other relative

The Public Guardian or Trustee

If the person is deceased, the SDM is the estate trustee or person who assumed responsibility to administer the estate.

Exceptions to Consent

1. 15. PIPEDA

Kingston & Frontenac Housing Corporation may COLLECT personal information without the individual’s knowledge or consent only:

1. 1. 1. If it is clearly in the individual’s interest and consent is not available in a timely manner.

1. 1. 2. If knowledge and consent would compromise the availability or accuracy of the information and collection is required to investigate a breach of an agreement.

1. 1. 3. If it is publicly available as specified in the regulations.

1. 16. PHIPA

Personal Health Information may be collected without consent:

1. 1. 1. For research allowed under the Act.

1. 1. 2. As required or permitted by law.

1. 1. 3. As required for health planning.

1. 17. Kingston & Frontenac Housing Corporation may USE personal information without the individual’s knowledge or consent only:

PIPEDA

1. 1. 1. If Kingston & Frontenac Housing Corporation has reasonable grounds to believe the information would be useful when investigating a contravention of a federal, provincial or foreign law and the information is used for that investigation.

1. 1. 2. For an emergency that threatens an individual’s life, health or security.

3. For statistical or scholarly study or research (the organization must notify the Privacy Commissioner of Canada before using this information).

4. If it is publicly available as specified in the regulations.

5. If the use is clearly in the individual’s interest and consent is not available in a timely manner.

6. If knowledge and consent would compromise the availability or accuracy of the information and collection was required to investigate a breach of an agreement.

PHIPA

1. For risk, error management and quality improvement for Kingston & Frontenac Housing Corporation.

2. For staff education.

3. For court/tribunal matters in which the tenant is a party.

1. 18. Organizations may DISCLOSE personal information without the individual’s knowledge or consent only:

PIPEDA

1. 1. 1. To a lawyer representing the organization.

1. 1. 2. To collect a debt the individual owes to the organization.

1. 1. 3. To comply with a subpoena, a warrant or order made by a court or other body with appropriate jurisdiction.

1. 1. 4. To a government institution that has requested the information, identified its lawful authority and indicates that disclosure is for the purpose of enforcing, carrying out an investigation, or gathering intelligence relating to any federal, provincial or foreign law; or suspects that the information relates to national security or the conduct of international affairs; or is for the purpose of administering any federal, provincial or foreign law, or suspects the information relates to national security or the conduct of international affairs.

1. 1. 5. If made by an investigative body for the purposes related to the investigation of a breach of an agreement or contravention of a federal or provincial law.

1. 1. 6. In an emergency threatening an individual’s life, health, security (the organization must inform the individual of the disclosure).

7. For statistical, scholarly study or research (the organization must notify the Privacy Commissioner before disclosing the information).

8. To an archival institution.

j) If it is publicly available as specified by the regulations.

PHIPA

1. Disclosures relating to providing health care.

2. Disclosures by a facility that provides health care.

3. Disclosures relating to deceased individuals.

4. Disclosures for health or other programs.

5. Disclosures related to risks.

6. Disclosures related to care and custody.

7. Disclosures for proceedings.

8. Disclosures to a successor.

1. Disclosures for research.

10. Disclosures for planning and management of health systems.

i) Disclosures with the Commissioner’s approval.

Principle 4 – Limiting Collection

The collection of personal information is limited to that which is necessary for the purposes identified by Kingston & Frontenac Housing Corporation. Information is to be collected by fair and lawful means.

1. Kingston & Frontenac Housing Corporation will not collect personal information indiscriminately. Both the amount and the type of information collected will be limited to that which is necessary to fulfill the purposes identified including but not limited to:

• • Delivery of services
  • Quality management
  • Research
  • Meeting legal and regulatory requirements

2) The requirement that personal information be collected by fair and lawful means is intended to prevent Kingston & Frontenac Housing Corporation from collecting information by misleading or deceiving individuals about the purpose for which information is being collected. (This requirement implies that consent with respect to collection must not be obtained through deception).

Principle 5 – Limiting Use, Disclosure, and Retention

1. 1. All information regarding people using services provided by Kingston & Frontenac Housing Corporation is confidential and must be treated as such. All personnel (including students and volunteer) with access to confidential information must use it only in their line of duty. This information must never be discussed with anyone, including other staff members, except for work purposes.

1. 2. Scope

Access by Kingston & Frontenac Housing Corporation employees to confidential consumer files shall be based on the “need to know” of those employees in order that they carry out their duties.

That is, relevant consumer information will be available to individual employees for purposes of consumer assessment or treatment, internal administration, audit and quality control, research, statistical compilation or education, dependent on the role of the employee.

Confidential tenant information is  accessible  to supervisory personnel of the program from which the record of information originated. The information will be available, through the supervisory personnel, to members of that program and to supervisory personnel of other programs as needed.

1. 3. Breach

Confidentiality is considered to be breached when personnel release or discuss tenant matters with any third party, unless a court order to do so, without the consent from the tenant to disclose such information.

Disciplinary action may be taken against any personnel who breaches confidentiality. Disciplinary action may range from verbal reprimand, written reprimand, suspension to dismissal, dependent upon degree and severity of the breach, subject to the discretion of the General Manager.

1. 4. Consent to Release Information to a Third Party

1. 1. 1. All personnel shall obtain consent to release information from the consumer before the requested information is released to any third party. (This would include individuals or organizations not considered to be a part of the circle of care, including family members of the tenant).

b) All release of information forms whether for receiving or transmitting of tenant information are valid for the period identified on the form. After the time period has lapsed, new forms will be required signed by the tenant.

1. 5. Third Party Requests

All requests from a third party for tenant information should be made in writing. An exception to this would be a request originating from a family member, which if received verbally, must be documented in the tenant’s file. Information is not released in verbal or written form unless accompanied by a release of information form signed by the tenant.

1. 6. Tenant Access to Files

1. 1. 1. Tenants may review or access their files upon review of their file by the Property Manager, to assess whether disclosure of contents of a file, or any part of that file would cause harm to the treatment or recovery of the consumer, or cause physical or emotional harm to a third party.

Requests must be made in writing and attached to the tenant’s file.

1. 1. 2. Please refer to Tenant Access to Records Policy.

1. 7. Research

Access to confidential tenant records by persons external to Kingston & Frontenac Housing Corporation who are carrying out research shall be granted by the General Manager, dependent on the following criteria:

1. Information will be transmitted only with the consent of the tenant or in such a form as to mask the identity of the tenant;

2. Requests for information for external researchers will be in written form and include the aims or objectives of the research and the method of conducting the research;

3. External researchers receiving confidential information must be informed of Kingston & Frontenac Housing Corporation’s policy “Confidential Information” and must be informed of sanctions resulting from any misuse of information.

1. 8. External Information

Documents, correspondence or reports received from outside of the Kingston & Frontenac Housing Corporation shall not be forwarded to any third party. Such information shall be shared with the written consent of the tenant.

1. 9. In the event that confidential tenant information is requested for legal use, staff members shall abide by the following considerations:

1. Tenant files shall be released to a police force only if a search warrant has been presented or if written consent has been received from the tenant.

Notwithstanding the above, the General Manager, speaking with an officer of the law, may answer “yes” or “no” to the question whether the agency has specific information about a named person.

2. Upon receipt of a subpoena or any other process requiring an employee of Kingston & Frontenac Housing Corporation to attend to give evidence, authorization of the tenant to disclose confidential information shall be obtained in advance of or in preparation for attendance as a witness in the proceedings.

3. When a claim is made or an action is brought against Kingston & Frontenac Housing Corporation by a tenant or a former tenant regarding the care given to the tenant, the General Manager may disclose the contents of that tenant’s files to the Board’s liability insurer and solicitor to enable them to ascertain the circumstances giving rise to the claim or action and, where appropriate, to defend the Board’s position.

4. In matters of third party liability, the General Manager shall deal only with licensed insurance adjusters, insurance companies or solicitors and not with private investigators. Verification of the identity of the person seeking the information shall be sought and consent of the tenant shall be obtained before releasing the information.

1. 10. Procedure

Kingston & Frontenac Housing Corporation will ensure that there is a systematic control over the creation, use, maintenance, retention, protection and preservation of confidential information.

1. 1. 1. CONTROL OF OFFICE ACCESS:

1. 1. 1. 1. During working hours, the office support staff will control access to the premises and direct visitors to appropriate staff and office locations.

1. 1. 1. 2. After working hours, all office entrances and rooms containing confidential records will be locked.

1. 1. 2. CONTROL OF INFORMATION USE:

1. 1. 1. 1. At the end of each working day, confidential tenant files must be removed from desk tops and file trays and returned to appropriate storage areas.

2. At the end of each working day, confidential waste material must be destroyed and reproduction equipment made inoperable.

3. Confidential tenant files being used by authorized personnel is to be concealed from the view of visitors and other unauthorized persons.

3. USE OF STORAGE EQUIPMENT:

1. 1. Storage equipment containing confidential tenant files shall be secured either by combination and/or key lock or restricted access and the combination numbers and/or keys shall be available only to authorized personnel.

1. 2. Storage equipment containing confidential tenant files must be identified with confidential labels on their outside.

1. 3. Areas and storage equipment holding confidential tenant files will be inspected periodically to ensure security is intact.

4. COMPUTER FILE SECURITY:

Staff are required to “password protect” all tenant files on their computers. Staff should give the password to their respective Supervisor and General Manager to allow access.

5. CONVERSATIONS:

When staff members need to converse about matters of a confidential nature, discussion should not take place in public areas such as restaurants or hallways where others might overhear the conversation. Whenever possible, such information should be discussed in an office behind closed doors.

1. 11. Retention of Files

Confidential tenant files shall be retained according to established format and then destroyed in such a manner as to protect the confidentiality of the information contained in the records.

1. 1. 1. Inactive confidential tenant files will be put into storage to provide access by authorized personnel during the retention period.

1. 1. 2. The retention period for inactive/closed records shall be for five (5) years.

1. 1. 3. With the authorization of the General Manager and under the supervision of the Manager of Finance & Administration, the destruction of records be carried out by shredding documents.

Inactive – is determined by the type of record and its purpose.

Authorized Personnel – supervisory personnel; employees of a program through their Supervisor.

1. 12. Confidentiality Policy and Agreement Confidentiality Policy

Tenants have the right to protection of all their personal information. Each organization must support the tenant’s right to privacy. Staff in the organization must be committed to maintaining the privacy and confidentiality of tenants and residents and their associated personal and personal health information. Breaches of privacy place the organization at risk.

1. 1. 1. A condition of employment with Kingston & Frontenac Housing Corporation is that all employees sign a confidentiality agreement. This agreement will be placed in the employee’s file.

1. 1. 2. This agreement will be renewed at regular intervals (with the annual performance review).

1. 1. 3. Failure to safeguard and protect the personal information of tenants as confidential and private may lead to disciplinary action which may include termination of employment.

All personal information of tenants, family members, and staff is confidential and must be treated as such. All personal information requested for release requires a consent from the affected individual and must be released only for the purpose agreed upon.

Confidentiality is considered to be breached when personal information is released by Kingston & Frontenac Housing Corporation staff/board members, volunteers or students without the consent of the affected individual. A breach will result in an undertaking of progressive discipline ranging from reprimand to dismissal. Breaches of confidentiality include accessing personal information without authorization to do so and without a need-to-know.

All staff at the time of hiring, and students or volunteers in direct contact with tenants will be required to sign a Confidentiality Agreement. Board members are required to sign a Confidentiality Agreement at the time of being appointed on to the board and on an annual basis until their term on the board is complete. Staff, volunteers, students and board members are expected to keep in confidence all personal information gained during their involvement with Kingston & Frontenac Housing Corporation until such time that they are given express permission to release that information by the affected person.

Principles 6 – Accuracy

1. 1. Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.

1. 1. 1. The extent to which personal information shall be accurate, complete, and up-to-date will depend on the use of the information, taking into account the interests of the individual. Information shall be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about the individual.

1. 1. 2. Kingston & Frontenac Housing Corporation will not routinely update personal information, unless such a process is necessary to fulfill the purposes for which the information was collected.

1. 1. 3. Personal information that is used on an on-going basis, including information that is disclosed to third parties, will generally be accurate and up-to-date, unless limits to the requirement for accuracy are clearly set out.

1. 1. 4. Security safeguards appropriate to the sensitivity of the information will protect personal information.

1. 1. 5. Security safeguards in place have been developed to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification. Kingston & Frontenac Housing Corporation will protect personal information regardless of the format in which it is held.

1. 1. 6. The nature of the safeguards will vary depending on the sensitivity of the information that has been collected, the amount, distribution, and format of the information, and the method of storage. More sensitive information should be safeguarded by a higher level of protection.

1. 1. 7. Kingston & Frontenac Housing Corporation will make their employees aware of the importance of maintaining the confidentiality of personal information.

1. 1. 8. Care shall be used in the disposal or destruction of personal information, to prevent unauthorized parties from gaining access to the information.

Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual as required by law.

~ 18 ~

1. 2. Safeguards

Kingston & Frontenac Housing Corporation will ensure that there is systematic control over the maintenance, retention, transmission and preservation of personal information.

1. 1. 1. Office Security

• • • • During working hours, visitors, including tenants will be provided controlled access to appropriate staff and office locations.
      • Confidential tenant files (including computer screens) being used by authorized personnel shall be concealed from the view of visitors and other unauthorized persons.
      • At the end of the working day, confidential tenant files shall be removed from desk tops and file trays and returned to secured storage areas.
      • All staff are provided keys to enter all office sites but should not typically have access to individual offices or filing cabinets.
      • All staff have passwords to disarm electronic security at the office site. Security is further enhanced as the remotely monitored system records the password and date/time of entry.
      • At the end of the working day, all office entrances will be locked and the electronic security system engaged.
      • Computers will be turned off to limit potential access by unauthorized persons.

1. 1. 2. Storage of Personal Information

• • • • Filing cabinets/desks containing confidential information shall be locked to secure/restrict access.
      • Keys: one copy will be provided to authorized staff and one copy kept in the main office in the secured key cabinet.
      • All electronically stored tenant files require password protection to access these files.
      • All passwords created to protect access must be shared with the employee’s immediate supervisor and the General Manager.
      • Tenant’s specific information/data should be stored on the hard drive of the worker’s computer. These files are routinely backed-up to provide a reference copy should the computer hard drive become inoperable.
      • As is the case with hard copy information (paper storage), electronic data storage discs are removed from the office site.

1. 1. 3. Transmission of Personal Information

With reference to our policies on confidentiality and the release of personal information, prior approval must be sought from the individual. With respect to transmission of information the following should be noted:

~ 19 ~

• E-Mail: Kingston & Frontenac Housing Corporation makes every effort to ensure its Information Systems are protected from unauthorized access through the use of password encryption, firewall installation and virus software which is routinely upgraded. Users should be aware that the security is not failsafe and use of this medium should be limited to sending information needed urgently. The recipient’s e-mail address should be verified before sending. Should it be sent to an unauthorized recipient, this will be considered a breach of confidentiality.
• Fax: this provides a direct link to the recipient however, wrong numbers can result in personal data being sent to an unauthorized site, resulting in a breach of confidentiality. This medium should be used only when information is required  urgently and the receiver’s number should be verified before sending.
• Mail: this is the most secure form of transmission.

d) Access to Tenant Files

Only authorized staff have access to personal information and access is provided only on a need to know basis. The following categorizes personal information and defines access:

Principle 8 – Openness

An organization shall make readily available to individual’s specific information about its policies and practices relating to the management of personal information.

Kingston & Frontenac Housing Corporation will be open about their policies and practices with respect to the management of personal information. Individuals will be able to acquire information about an organization’s policies and practices either through direct access or upon request.

The information made available shall include:

1. the name/title and address of the person (Privacy Officer\General Manager) who is accountable for Kingston & Frontenac Housing Corporation policies and practices and to whom complaints or inquiries can be forwarded.

2. the means of gaining access to personal information held by Kingston & Frontenac Housing Corporation.

3. a description of the type of personal information that explains Kingston & Frontenac Housing Corporation’s policies, standards, or codes.

4. what personal information is made available to related organizations (e.g. other healthcare providers and other social housing providers).

Kingston & Frontenac Housing Corporation will provide a written description in its brochures available in its place of business, provide online access and provide written/verbal information upon request.

Principle 9 – Individual Access

Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

9.1 Upon request, Kingston & Frontenac Housing Corporation will inform an individual whether or not the organization holds personal information about the individual. Kingston & Frontenac Housing Corporation will indicate the source of this information. Kingston & Frontenac Housing Corporation will allow the individual access to this information. Kingston & Frontenac Housing Corporation will provide an account of the use that has been made of this information and an account of the third parties to which it has been disclosed. Kingston & Frontenac Housing Corporation will limit information provided to that created by its staff; all third party information will be removed at the discretion of the creator.

1. 2. An individual may be required to provide sufficient information to permit Kingston & Frontenac Housing Corporation to provide an account of the existence, use, and disclosure of personal information. The information provided shall only be used for this purpose.

1. 3. In providing an account of third parties to which it has disclosed personal information about an individual. Kingston & Frontenac Housing Corporation will attempt to be as specific as possible. When it is not possible to provide a list of the organizations to which it has actually disclosed information about an individual. Kingston & Frontenac Housing Corporation will provide a list of organizations to which it may have disclosed information about an individual.

1. 4. When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, Kingston & Frontenac Housing Corporation will amend the information as required. Depending upon the nature of the information challenged, amendment involves the correction, deletion, or addition of information. Where appropriate, the amended information shall be transmitted to third parties having access to the information in question.

1. 5. Exceptions: Individuals may not be granted access to their personal Health Information under the following:

• • • A legal privilege restricting disclosure applies
    • Another law prohibits disclosure
    • The information collected was for court proceedings
    • Information collected was during an inspection, investigation or similar procedure
    • Access could result in harm to any person

1. 6. Kingston & Frontenac Housing Corporation has thirty (30) days to respond to a request for access. A thirty (30) day time extension may be granted if additional time is required to determine the impact of granting access on the tenant and others potentially impacted by this action.

Principle 10 – Challenging Compliance

An individual shall be able to address a challenge concerning compliance with the above principles to the General Manager.

Kingston & Frontenac Housing Corporation will put procedures in place to receive and respond to complaints or inquiries about their policies and practices relating to the handling of personal information. The complaint process should be easily accessible and simple to use.