Kingston Day Care Privacy Policy
POLICY
The Information and Privacy Policy applies to personal information collected for the following individuals at Kingston Day Care:
1) Children in our care.
2) The parents/legal guardians, siblings, other individuals who are directly involved in the care and upbringing of the children in our care (collectively, “the children in our care and their families”).
3) Employees of KDC – Full-time, Part-time, Permanent, Contract and Casual.
4) Board Members of KDC.
5) Volunteers and students on educational placement.
For the purposes of this policy, “personal information” is defined as any identifiable
information such as:
1) For children in our care and their families: contact details, health information, living arrangements, background information, financial information, the child’s personal characteristics and behaviour styles.
2) For Employees: contact details, health information, performance reviews, employment agreements, employer/employee correspondence and Criminal Reference/Vulnerable Sector Check.
3) For Board Members: contact details, oaths and policies and, Criminal Reference/Vulnerable Sector Check.
4) For Volunteers & Students: contact details, oaths and policies and, Criminal Reference/Vulnerable Sector Check.
Personal information is only collected, used and disclosed by Kingston Day Care in accordance with this Privacy Policy and the legal obligations imposed by the Personal Information Protection and Electronic Documents Act (PIPEDA).
PURPOSE:
Personal information is collected for the following purposes:
-
To identify the children in our care and their families;
-
To monitor the health and well-being of the children in our care;
-
To monitor developmental levels, skill acquisition and special needs of the children in our care;
-
To establish a culturally sensitive and developmentally appropriate program for the children in our care;
-
To understand the desires, concerns and opinions of the children in our care and their families;
-
To establish and maintain good relationships with the children in our care and their families;
-
To provide the responsible child care services expected of a licensed child care program to the children in our care and their families;
-
To manage and enhance our business and operations; and to meet legal and regulatory requirements, such as those contained in the Child Care and Early Years Act and its associated Regulations.
-
To identify employees of Kingston Day Care
-
To identify members of our Board of Directors
-
To identify volunteers and students of KDC
Kingston Day Care will not collect more personal information than is needed to fulfill these purposes, unless there is written consent for such collection.
PROCEDURE:
Note: Whenever practical, Kingston Day Care discloses unidentified information as opposed to identifiable personal information.
KDC will ensure that any required disclosure of personal information is made on a confidential basis, and in accordance with the provisions of the Child Care and Early Years Act and its associated regulations. Personal information is never traded, sold or leased by us to any external companies. Written consent will be given by the parent/guardian prior to the release of any personally identifiable information to third parties. This includes the release of any information through social media (e.g. posting pictures on Facebook).
Personal information may be disclosed to:
-
Public Health
-
Ministry of Education
-
City of Kingston Childcare Programs
-
Prince Edward - Lennox and Addington Children’s Services
-
United Counties of Leeds and Grenville Community and Social Services
-
Kingston Day Care’s Board of Directors
-
Therapists with Kingston Day Care
-
Educational or regulatory observers; and other service providers on an as-needed basis in order for them to assist us in managing, providing or evaluating our child care services and program;
-
Agent of a public authority (such as the Children’s Aid Society) if, in our reasonable judgment, it appears that there is imminent danger to life or property which could be avoided or minimized by the disclosure of the information;
-
A third party with whom we are negotiating in order for them to take over some or all of our services and/or other activities;
-
A third party where the individual (his/her parent/legal guardian) has consented to such disclosure; a third party where such disclosure is required or permitted by law.
When sharing personal information we release limited information as required for the function that will be performed by the representative on our behalf. We also ensure that every representative is clear on their obligation to protect personal information and only use the information for the purpose(s) for which it is being provided.
Examples of the Representatives that Kingston Day Care may share your limited personal information with include:
-
Professionals who may assist us in caring for the physical, emotional, social and/or intellectual well-being and/or safety of the children in our care;
-
Entities that assist us with general administration including debt collection.
Consent to Release
KDC employees, Board members, Volunteers and Students will read and sign-off on this policy upon commencement of employment/term.
Families will review this policy as part of the ‘Parent Handbook’ and give written consent upon enrolment.
KDC will coordinate collection of 3rd Party consent forms that are required to be completed if information needs to be shared with an outside/third party organization.
If Kingston Day Care will be using or disclosing personal information for purposes that have not been stated in this policy and that we do not feel are obvious, we will first obtain express written consent. KDC may imply consent if we feel we are using personal information for purposes that are obvious. Consent may at any time be
withdrawn subject to legal or contractual restrictions and reasonable written notice.
In certain circumstances, personal information can be collected, used or disclosed without the knowledge and consent of the individual (or his/her parents/legal guardian). For example: If it is clearly in the interests of the individual and consent cannot be obtained in a timely way, such as when the individual is seriously ill or mentally
incapacitated; If seeking the consent might defeat the purpose for collecting the information, such as in the context of an investigation of a breach of an agreement or a contravention of a federal or provincial law; or If there is an emergency where the life, health or security of an individual is threatened.
Access to personal information without consent (parental or individual) will only be given to the following officials:
-
Coroner’s Office
-
Courts in response to a warrant or court order
-
Authorities vested in provincial or federal statutes
-
The Minister of Education and officials to whom he/she has delegated authority (e.g. Program Advisor).
Retaining Information
We retain personal information only as long as it remains necessary or relevant for the identified purposes, and in accordance with legal requirements. Therefore, we will retain
children’s files as long as they are enrolled in our child care program and for a fixed period of time thereafter (a minimum of 3 years). Employee files will be retained for a period of 7 years. Casual/Supply employee files will be retained for a minimum of 3 years. Members of the Board of Directors will be retained for 3 years. Volunteer files for a minimum of 3 years. Student files will be maintained at the corresponding educational institute.
Depending upon the circumstances, where personal information has been used to make a decision about an individual, we will retain the information for a period of time that is reasonably sufficient to allow for access by that individual (or his/her parent/legal guardian). Kingston Day Care retains and securely destroys personal information in accordance with our internal record retention procedure. Our retention procedure takes into account retention requirements for financial and insurance records, the statutes of limitation relevant to injuries that occur while children are in our care, as well as the requirements of the Child Care and Early Years Act and its associated Regulations.
SECURITY OF INFORMATION
KDC policies and procedures will ensure that personal information, in both paper and electronic format, are protected against the risk of loss, theft, unauthorized access, disclosure, copying, modification or destruction.
The following Best Practices are in place:
-
All visitors are required to report to the office and will be escorted while on the premises.
-
Filing cabinets containing personal information are only accessible to the executive director, supervisor, general manager and the on-site-supervisors of our child care programs. When filing cabinets are not in use and after hours they are locked.
-
The Board of Directors will have a separate lockable drawer (at a Kingston Day Care site) to house the personal file of the Executive Director and In-camera meeting notes. Only the Chair and Vice Chair will have access to this file.
-
Paper records containing personal information that are no longer needed or required or retained are securely shredded.
Cyber Security
-
Access to computers and electronic files is limited depending on job function (e.g. Managers, Supervisors, Bookkeeper).
-
Password selection criteria and password expiry make unauthorized access to our systems extremely difficult.
-
Kingston Day Care’s secure databases are well-protected on servers equipped with enterprise firewalls that are immediately updated when new patches and fixes are released.
-
Cloud security is used to provide additional security and stability. Kingston Day Care is currently being hosted by Wix.com.
-
Lists of passwords and employee access are maintained by the Executive Director. Passwords/Passphrases will be discontinued if an employee leaves the organization or transfers to a position without authority to access computers or electronic information. Passwords will be kept in a sealed (and initialed) envelope in personnel files.
-
Data is backed-up to ensure ease of recovery of information in the event of a system crash or data corruption occurs
-
Staff training on the importance of privacy and security, including creating strong passwords is undertaken annually.
ACCESS
Kingston Day Care expects that all information provided to us is up-to-date and accurate. Parents, Employees and Board Members may at any time make a written request for access to personal information using our “Access to Personal Information Form”. Personal information will be provided in an understandable form within a reasonable time.
In certain situations we may not be able to provide access to all of the personal information we hold about an individual as there are numerous exceptions to the access principle under PIPEDA. For example, we cannot provide access to personal information about another individual if they have not consented, or to information that could reasonably be expected to threaten the life or security of another individual. Also, we cannot provide access to information that was generated in the course of a formal dispute resolution process. If we are unable to provide all the information contained in the file, that individual will be informed.
IN CASE OF BREACH OF INFORMATION
The Executive Director and General Manager will contain and assess the breach. In doing so the following will be considered:
-
Evaluate the risks, including the nature of the information involved, the cause and extent of the breach, the number of individuals affected, the likelihood and type of harm.
-
Determine if the breach should be reported and if so, how and to whom
-
Report and notify those potentially impacted (if appropriate). (MEDU)
-
Investigate cause, review practices, update policies and re-train appropriate employees. *Please refer to Decision Tree appendix
NOTE: if it is reasonable to believe that the breach causes a risk of significant harm to an individual Kingston Day Care will: report a breach of security safeguards to the Privacy Commissioner, notify the individual and notify any other organization or government institution that may be able to reduce the risk of harm or mitigate the harm.
Kingston Day Care takes full responsibility for the management, confidentiality and protection of the personal information we collect, use and disclose. If there are any concerns about this policy, or there is a belief that Kingston Day Care is not abiding by it, please contact the Executive Director or General Manager at info@kingstsondaycare.org or write to:
Kingston Day Care Inc.
829 Norwest Road, Suite # 818
Kingston, ON K7P 2N3