PATH Employment Services (PATH) is committed to complying with the Privacy Standards outlined in the Personal Information Protection and Electronic Documents Act. Our information handling practices have been established to respect and enforce our clients’ right to privacy.
All Information related to an identified individual, business or organization must be treated as confidential. This information may be written, verbal, electronic, or in other forms.
Confidentiality extends to everything PATH personnel learn in carrying out their duties. It extends to both important and unimportant information, background information, the process and everything the client discloses with a view to getting a better understanding of the situation. Everything the Executive Director or staff member learns about a client from conversation, assessments, conduct, financial state, and personal status is strictly confidential. It is the responsibility of the Executive Director and Staff to keep it so.
All information concerning clients, related to PATH operations and activities, shall be held in strict confidence and shall not be discussed with anyone other than those appropriately concerned.
What Information is collected and how is it used?
The type of information PATH gathers and uses depends on the requirements of the services and programs that the client is accessing. Information which is essential for participating in our services and programs typically includes: personal information, non-personal information and information that does not identify the individual. Personal and non-personal information is usually collected at the point of intake to assess client and employer needs and eligibility. The information that our clients provide helps our staff to accurately assess needs and eligibility for the government programs we deliver.
What is the definition of “Personal Information”?
Personal Information as defined by the Personal Information Protection and Electronic Documents Act is information about an “identifiable individual”. With consent PATH may collect personal information through our staff, over the telephone, via email or the internet.
PATH will only use personal information for the purpose it is collected. Should for any reason personal information be required to fulfill a different purpose, PATH will obtain consent before proceeding. The choice to provide PATH with personal information is always up to the client. The decision to withhold particular details may limit the services and programs we are able to provide.
PATH will make a reasonable effort to make sure clients understand how their personal information will be used. PATH will obtain consent from its clients when it collects or uses the personal information. A client’s consent can be expressed or implied. A client can withdraw consent at any time, with certain exceptions. PATH however, may collect, use or disclose personal information without the client’s knowledge or consent in exceptional circumstances where such collection, use or disclosure is permitted, or is required by law.
When Authorized by the Client:
When a client provides personal information to us, we may communicate and disclose it to third parties for the purpose of fulfilling our mandate or services to them. Clients are advised of all incidents where information may be forwarded to a third party and request for consent will be given, signed and kept on file.
As part of our services to employers PATH provides resumes to employers for their consideration. By submitting a resume, individuals consent to having their information disclosed to the employer and employment opportunity.
How We Protect Personal Information
PATH is committed to ensuring all personal information is protected against unauthorized access, disclosure or misuse. Our security practices are reviewed on a regular basis to ensure that confidentiality and privacy of personal information is not compromised.
Personal information is kept while an individual is a client of PATH and then is securely stored for a period of time after, as stipulated by our funding contracts. Once the required amount of time has been fulfilled, the information is safely destroyed in a secure manner.
The PATH web-site, www.pathemployment.com, links to other related sites which may be of interest to our clients and web-site visitors. Although we try to link with sites that share our commitment and respect for privacy, we are not accountable for the privacy practices recognized by other sites.
Accessing and Amending Personal Information
Due to eligibility requirements for the programs and services offered by PATH, it is important to have up-to-date and complete client records. As a client of PATH, individuals have the right to access, confirm and amend their personal information.
If for any reason an individual wishes to access their information, please submit a written request to our Privacy Officer. Requests for access will be addressed as quickly as possible, but no later than 30 days.
Breach of Privacy Business Process
What is a breach of Privacy?
A breach of Privacy includes the intentional and unauthorized access to, use and /or disclosure of confidential information.
How to prevent privacy breaches
Given the complexity of privacy legislation and the requirements to share information to third party associates for the purpose of service delivery, whenever there is an uncertainty regarding client information and its use, staff members are encouraged to review the sharing of information directly with the client or Management for support.
To avoid privacy breaches, the following preventive measures are mandated:
- Protect the privacy of all client data by ensuring that client files are kept in a secure and locked area, that computer stations are locked when they are not in use, ensure privacy when discussing client cases and referring information.
- Ensure that appropriate measures are exercised when handling client information off site and assess risks associated with transporting client data.
- As a general rule, do not send personal information by facsimile unless absolutely necessary.
- Ensure that requests for personal information are valid and that individuals asking for personal information are in fact who they claim to be and the client has authorized consent.
- Never provide personal information in response to an unsolicited telephone call, fax, letter, email attachment, or Internet advertisement.
- Ensure that all client data is kept in a locked and secure area at all times.
- Collect necessary third party consents in cases where client data must be shared for the purpose of supporting the client’s action plans.
How to respond to a privacy breach
Containment, Assessment, Reporting and Documentation of a Breach:
- Containment: The first priority after a security breach is discovered is to contain the breach and notify the Manager of Administrative Services, or designate, as quickly as possible. For any category of breach, the data must be secured, and the reasonable integrity, security, and confidentiality of the data or data system must be restored.
- Assessment: The next step is to determine the exact nature of the breach in terms of risk, extent and seriousness.
- Internal Reporting of a Breach: As soon as a breach has been identified, the employee who discovered it must take immediate steps to report the breach to his or her supervisor/manager. The supervisor/manager must take immediate action to determine the extent of the breach and to take such further action as is necessary to contain the breach or recover the missing data.
- Documentation: Capturing the details of the incident is vital to restoring privacy. The supervisor/manager must document the breach, noting the scope of the breach, steps taken to contain the breach, and the names or categories of persons whose personal information was, or may have been, acquired by an unauthorized person. A copy of that documentation must be reviewed by the Executive Director for further risk assessment and next steps in risk management.
- A member of the Management team shall notify affected individuals without unreasonable delay.
- The responsibility for providing notification shall lie with PATH Employment Services Management Team.
- Notification shall be clear and include a description of the following:
- The incident in general terms.
- The type of personal information that was subject to the unauthorized access
- The actions taken by PATH Employment Services to protect the personal information from further unauthorized access. However, the description of those actions may be general so as not to further increase the risk or severity of the breach.
- Contact information that the person may call for further information and assistance
- Written notification, or Electronic notification, for those persons for whom PATH has a valid e-mail address
- An internal review of processes will be completed and recommendations compiled to prevent recurrence.
- If it is established that a breach of confidentiality has occurred, those individuals deemed responsible may be subject to a privacy compliance review and the occurrence may lead to disciplinary action.
PATH is accountable for the management and confidentiality of the information collected. Should you have questions or concerns regarding this policy, please feel free to contact our Privacy Officer in writing as we cannot guarantee the security of an email message.
PATH Employment Services
31 King Street East Suite 100
PATH Employment Services reserves the right to add, modify or remove portions of this policy when deemed appropriate. The revision date is located on the bottom right corner, so you may confirm that you are familiar with the terms of the most recent update.
Reviewed February 2019