TRIUMF, is committed to providing employees and users with an environment based on respect for individuals. Part of TRIUMF's operations involve the collection, use and disclosure of some personal information. Protecting this personal information is a high priority. Therefore, this policy extends to all individuals employed or working on site. TRIUMF has always respected employees' and users' privacy, and safeguarded their personal information. These commitments have now been strengthened and formalized to comply with British Columbia's Personal Information Protection Act (PIPA). PIPA, which came into effect on January 1, 2004, governs the use and disclosure of personal information.
Personal Information -means information about an individual (e.g, name, age, home address and phone number, social insurance number, marital status, income, first -aid information, education). Personal information does not include contact information (described below).
Contact information - means information that would enable an individual to be contacted at a place of business and includes name, position title, business telephone number, business address, business email or business fax number. Contact information is not covered by PIPA, nor by this policy.
Unless the purposes for collecting personal information are obvious, and the individual voluntarily provides his or her personal information for those purposes, we will communicate the purposes for which personal information is being collected, either verbally or in writing, before or at the time of collection.
We will only collect information that is necessary to fulfill the following purposes:
- To set an individual up on the payroll or accounting system
- To enroll an individual in TRIUMF benefits plans or make changes to same
- To satisfy visa and immigration requirements for foreign workers or visitors
- To enroll or send out user group information
- To issue security access cards or radiation badges
- To ensure all on-site medical and safety requirements are met
- To contact next of kin in cases of emergency
- To meet regulatory requirements; including, but not limited to: CIC, WCB, CNSC, CCR.
- To meet recording requirements for patents and licensing
- To contact owners of vehicles parked on the TRIUMF site
- To include biographical data in publications where appropriate and necessary
- To maintain on-site first-aid information in the event of life-threatening emergencies
TRIUMF will obtain consent to collect, use or disclose personal information (except where, as noted below, TRIUMF is authorized to do so without consent). Consent may be provided verbally, in writing, or electronically, or it can be implied where the purpose for collecting using or disclosing the personal information would be considered obvious and the individual voluntarily provides personal information for that purpose. Consent may also be implied where an individual is formally given notice and a reasonable opportunity to opt-out of his or her personal information being used for, and he/she does not opt-out.
Subject to certain exceptions (e.g., the personal information is necessary to provide a service), individuals can withhold or withdraw their consent for TRIUMF to use their personal information in certain ways. An individuals decision to withhold or withdraw their consent to certain uses of personal information may restrict TRIUMF's ability to provide a particular service. If so, TRIUMF will explain the situation to assist the individual in making the decision.
TRIUMF may collect, use or disclose personal information without the individuals knowledge or consent in the following limited circumstances:
- When the collection, use or disclosure of personal information is permitted or required by law
- When collection is for the purpose of enrollment and coverage under a benefit or pension plan
- When collection or disclosure is for the purpose of meeting operational responsibilities
- In an emergency that threatens an individual's life, health, family or personal security
- When the information is necessary for the immediate medical treatment of the individual
- When the personal information is available from a public source (e.g., a telephone directory)
- When TRIUMF requires legal advice from a lawyer
- To protect TRIUMF from fraud
- To investigate a suspected breach of employment or an agreement, or a contravention of law
USING AND DISCLOSING PERSONAL INFORMATION
TRIUMF will only use or disclose personal information where necessary to fulfill the purposes identified at the time of collection, and will not use or disclose personal information for any additional purpose unless consent is obtained. All personal information obtained is deemed strictly confidential.
RETAINING PERSONAL INFORMATION
If personal information is used to make a decision that directly affects the individual, it will be retained for at least one year so that the individual has a reasonable opportunity to request access to it. Not withstanding the above, personal information will be retained only as long as is necessary to fulfill the identified purposes or a legal or business purpose.
ENSURING ACCURACY OF PERSONAL INFORMATION
TRIUMF will make reasonable efforts to ensure that personal information is accurate and complete. Individuals may request corrections to their personal information in order to ensure its accuracy and completeness. A request to correct personal information must be made in writing and provide sufficient detail to identify the personal information and the correction being sought. If the personal information is demonstrated to be inaccurate or incomplete, TRIUMF will correct the information as required and send the corrected information to any organization to which the personal information was disclosed in the previous year.
SECURING PERSONAL INFORMATION
TRIUMF is committed to ensuring the security of personal information in order to protect it from
unauthorized access, collection, use, disclosure, copying, modification or disposal or similar risks. The
following security measures will be taken to ensure that personal information is appropriately protected. Examples include:
- the use of locked filing cabinets
- physically securing offices where personal information is held
- the use of user IDs, passwords, encryption, firewalls
- restricting employee access to personal information as appropriate (i.e., only those that need to know will have access; requiring any service providers to provide comparable security measures).
TRIUMF will use appropriate security measures when destroying personal information, including:
- shredding documents
- deleting electronically stored information
TRIUMF will continually review and update our security policies and controls as technology changes to ensure the ongoing security of personal information.
PROVIDING ACCESS TO PERSONAL INFORMATION
Individuals have a right to access their personal information, subject to limited exceptions such as:
- If disclosure would reveal personal information about another individual
- If disclosure would reveal the identity of an individual who has provided personal information about the individual, and that individual does not consent to disclosure of his/her identity
- If disclosure would reveal the "work product" of an individual or group of individuals. (Work product is defined as information prepared or collected by an individual or group of individuals as a part of said individual's or group's responsibilities or activities)
A request to access personal information must be made in writing and provide sufficient detail to identify the personal information being sought. TRIUMF will make the requested information available within 10 working days, or provide written notice of an extension where additional time is required to fulfill the request, or advise why this information will not be released.
1. It is the responsibility of each TRIUMF employee authorized to collect personal information to comply
with this policy and respect the privacy of individuals as outlined above.
2. It is the responsibility of those TRIUMF employees who are privy to personal information to respect the privacy of individuals as outlined above
3. It is the responsibility of senior management to ensure systems, equipment or resources are in place to support the integrity of securing personal information.
4. The administration and interpretation of this policy is the responsibility of the Human Resources