Canadian Aviation Historical Society
Privacy of Personal Information
Reference: Government of Canada - Personal Information Protection and Electronic Documents Act (PIPEDA), S.C. 2000, c.5.
Introduction
- As an organization that collects personal information in order to provide services to its members, the Society has a commensurate responsibility to protect that information. This policy provides the details on why the Society will collect personal information, and on how such information will be protected.
- CAHS does not rent, sell or trade our mailing lists. The information provide by our members is used only to communicate with the members and to conduct official CAHS business related to membership, CAHS Journal subscriptions and distribution of the CAHS electronic newsletter or other forms of communication with members.
- CAHS Privacy Statement: The CAHS respects your privacy. We voluntarily protect your personal information by following the legislative requirements as outlined in the Canadian Federal Government’s Personal Information Protection and Electronic Documents Act even though as a public charity we are not legally required to follow the act.
Responsibility
- The Membership Secretary shall be the Society’s privacy/compliance officer in accordance with Section 6.02 (e) of the Society’s By-law 7. In addition, he/she shall be responsible for:
- examining what information is collected on an annual basis and determining whether that information is still required; and
- responding to requests for access.
- The Vice-President shall be responsible for responding to complaints.
- The Secretary shall maintain originals or copies of all written permissions granted and directions received from Executives, Directors, Officers, contractors and members regarding address (home or e-mail) usage.
- It is the responsibility of all National and Chapter Directors and Executives to comply with the provisions of PIPEDA and this Society policy.
Collection
- Members must be informed about what information is being collected and why. The reasons shall be included on the membership application form and renewal form and shall include the points noted in paragraph 13. In addition, members shall be provided the option of having any part of their personal information exempted from National and Chapter membership lists.
- The CAHS Executive is responsible to ensure that the information collected is accurate. When a membership update or notification of a change of address is received, the new information shall be entered in the membership information.
- Individuals may have access to their own information. It may then be amended if so required. All such requests from individual shall be handled within one month of the receipt of the letter or e-mail.
Identity of the Compliance Officer
- The name and CAHS business address of the Membership Secretary shall be provided to any individual requesting the identity of the compliance officer.
- This Privacy of Personal Information policy can also be provided to anybody requesting a copy of the Society’s policy.
Information Handled by a Third Party
- All contracts between the Society and a third party shall include a section on how the information shall be protected and returned on completion. The contract shall comply with this policy.
Usage of Personal Information
- Personal information collected by the Society shall be used only for internal Society purposes. These include but are not limited to communications with the members, analysis of member locations, and support to Chapters where membership information is required. Communications include but shall not be limited to:
- Journal and other communications;
- Membership renewal;
- Membership Directories; and
- Provision of information of interest, such as upcoming events.
- For all internal usages, the Executive shall review and approve all requests and provide written blanket or singular approval in the minutes of the Society. Use of personal information for other than internal purposes must receive approval from the members by means of a two-thirds vote at a meeting of the members.
Protecting Information
- Home and e-mail addresses. The Membership list or any part or portion thereof shall not be made available to any external individual or organization. The e-mail and home addresses of the Executive shall be that of the National mailbox and e-mail address unless specific written direction is received from an Executive officer that their home address and e-mail may be used. Directors and Chapter Executives shall specify their desire in writing to the Membership Officer, with a copy to the Secretary.
- Access. Access to membership information by Directors, Executives and contractors shall be on a need-to-know basis. Access may only be granted to Directors, Executives, officers and contractors after reading this Society policy (see paragraph 27 for training requirements). There is no direct access for members except to their own information.
- E-mail. When using e-mail to communicate in a mass mailing with members other than Directors and/or Executives, e-mail addresses shall be put into the BCC address block. Normal correspondence shall allow e-mail address in the action and/or cc block. All mass e-mails shall also contain the following notation:
If you are not the authorized recipient of this e-mail, please contact the originator immediately by return e-mail. In this case, you should not read, print, re-transmit, store or act in reliance on this e-mail or any attachments, and should destroy allcopies of them. This e-mail and any attachments are confidential and to be used only by the nominated person(s), in accordance with the Privacy Act. - Requests for personal addresses. The Society shall not disclose any information except with the express written consent of the individual. This consent may be via letter or e-mail. All requests for access to an individual’s personal information shall be forwarded to the noted individual(s) for his or her action.
- Disclosure agreement. Directors, Executives and officers of the Society who have access to the membership list shall, by agreeing to perform the noted duty, be deemed to have accepted that they will follow the terms of this policy. Upon completion of the contract or the term of office of any individual having membership information access, all information, whether on paper or electronic, original or copies, shall be returned to the Membership Secretary, indicating in writing that they have returned all CAHS-related personal information or destroyed such information by secure electronic means or shredding by cross-cut shredder if in paper form. All electronic records must be electronically shredded using a program such as “CCleaner” which meets Canadian and U.S. Federal Department Standards for electronic file destruction using a minimum of seven overwrite passes of the file being deleted.
- All third party contractors shall have a disclosure agreement included in their contracts. The agreement shall specify the terms noted in paragraph 18.
- Stale information. Information no longer required shall be destroyed, erased or made anonymous. If the information is only a partial part of an individual’s total file, this partial information shall be destroyed, erased or made anonymous as per any fiscal and/or legal requirement. If an individual ceases to be a member or notification is received of a member’s death, the full information shall be destroyed, erased or made anonymous as required by fiscal and/or legal requirements.
Procedures in Handling Complaints
- Complaints can be received via mail or via e-mail. The website shall have a page describing the uses to which personal information is put and the e-mail address of the individual who can respond to complaints, and that of the individual who can respond to requests for access or updates.
- The Vice-President shall investigate all complaints related to personal information stored by the Society. The name of the Vice-President as well as his/her title and CAHS business address shall be provided to a complainant.
- An initial response shall be provided to the complainant within two weeks of the complaint being received. The response shall include the name and address of the Vice-President, or if the nature of the complaint is included, a response on when a report can be expected.
- Any aspects of a complaint that is not resolved to a complainant’s satisfaction shall be noted in the minutes of the Board’s next scheduled meeting.
- This policy can be disclosed, including a description of the information held, the use to which it is put, what other organizations have access or to whom it is made available.
- The Vice President shall:
- Keep a record of complaints and their resolution on file; and.
- If a complaint is justified, maintain a record of the corrective actions.
Training and Communications
- CAHS Education Program. All National and Chapter Directors and Executives shall be familiar with this policy and the requirements of PIPEDA and the contents of this policy. The PIPEDA guide from the Office of the Privacy Commissioner can be found at http://www.priv.gc.ca/information/guide_e.pdf The Society education package on PIPEDA shall include examples of applications and requirements of this policy.
- Website. A statement of the Society’s collection purposes shall be maintained on the website. The website shall also include the approved e-mail addresses of the Compliance Officer and the Complaints Officer. The statement shall also include the uses to which any information collected is used.
- Membership applications. A statement of the Society’s collection purposes shall be included on new members forms and renewal notices.