The United Church of Canada has a privacy standards policy that allows for the collection, use, management, retention, protection, disclosure and disposition of personal information held at the church offices in compliance with all applicable federal and provincial privacy legislation including, but not limited to, The Personal Information Protection and Electronic Documents Act (PIPEDA) (S.C. 2000, C. 5). The privacy policy and applicable legislation applies to all records and information collected and under the jurisdiction of General Council.
The United Church of Canada follows ten principles for handling of personal information outlined in schedule 1 of PIPEDA which include accountability, identifying purpose, consent, limiting collection, limiting use, disclosure, and retention, accuracy, safeguards, openness, individual access, challenging compliance.
Questions regarding privacy legislation and policies can be addressed to General Council Archivist.
What is personal information?
Personal information includes any factual or subjective information, recorded or not, about an identifiable individual – that is, it is information which can, directly or indirectly, identify the individual. This information can be in paper or electronic form and can include:
- Home address
- Home phone number
- Age
- Personal email address
- Race
- National or ethnic origin
- Colour
- Religion
- Sexual orientation
- Marital status
- Mental or physical disability
- Family members’ names
- Employee files
- Identification numbers
- Evaluations
- Disciplinary actions
- Existence of disputes
- Opinions
- Comments
- Social status
- Income
- Credit and bank records
- Donation information
- Loan records
- Medical records
Collected Information
The following are some examples of personal information collected by the United Church:
- Personal information of ministry personnel, employees, elected and appointed members, volunteers, donors and retail customers are collected and maintained by The United Church of Canada.
- Employees and pensioners of the Church have confidential and secure personnel, pension, benefits and payroll files
- Personal information is often required to accommodate event attendance and programs.
- All personal information is the property of the church and all individual have controlled access to their personal information
Levels of Privacy
Personal information will be inventoried and assigned one of the three levels of privacy.
Level 1 – Highly Restricted Personal Information
Information is very sensitive and if shared or published inappropriately or harvested electronically for fraudulent activities such as identity theft, has the potential of damaging people’s lives and/or their well-being and would likely bring about legal action against the church. The information issued for internal judicial decisions, identifies donor designations, career development, compensation determination and legal action.
Level 2 – Confidential Personal information
Information is somewhat sensitive and if inappropriately shared, published, or harvested electronically could contribute to fraudulent activity such as identify thefts, and bring about hardship or embarrassment to an individual and/or the church, or may bring about legal action against the church. The information is used for career development and legislative compliance. This information is considered private, but more individual shave controlled access to it than the information in Level 1.
Level 3 – General Information
Information is not sensitive and can be shared. This information is no restricted and many can have access to it. It is collected to assist the department in the accomplishment of their tasks. There is no confidential or restricted personal information included in this level.
There are some actions that employees can undertake to ensure the privacy of records and information:
- Personal information can only be used for the purposes in which it was collected.
- Personal information should be stored under lock and key or securely on a server and only certain authorized individual should have access to it.
- Personal information that is no longer required should be destroyed expect in cases where federal and/or provincial retention rules apply