Steveston Winemakers is subject to the BC Personal Information Protection Act with respect to their collection, use, disclosure and retention of personal information.
Steveston Winemakers collects, uses, and discloses personal information about individuals to:
• provide and administer services to its clients
• develop, manage, protect, and improve its services
• conduct customer satisfaction surveys
• comply with legal requirements and
• manage its operations
1. Accountability for Personal Information
The organization is responsible for personal information under its control and has designated an individual or individuals who are accountable for its compliance with the following principles.
2. Identifying Purposes for Personal Information
The organization identifies the purposes for which personal information is collected at or before the time the information is collected.
3. Consent for Personal Information
The organization requires the knowledge and consent of the individual for its collection, use, or disclosure of personal information, except where inappropriate or not required by law.
4. Limiting Collection of Personal Information
The organization limits its collection of personal information to that which is necessary for the purposes it has identified. It collects information by fair and lawful means.
5. Limiting Use, Disclosure and Retention of Personal Information
The organization does not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information is retained only as long as necessary for the fulfillment of those purposes.
6. Ensuring Accuracy of Personal Information
The organization ensures that personal information is as accurate, complete, and as up-to-date as is necessary for the purposes for which it is to be used.
7. Openness about Personal Information Policies and Practices
The organization makes readily available to individuals specific information about its policies and practices relating to the management of personal information.
8. Safeguards for Personal Information
The organization protects personal information using security safeguards appropriate to the sensitivity of the information.
9. Individual Access to Personal Information
Upon request, the organization will inform an individual of the existence, use, and disclosure of his or her personal information and will give access to that information. An individual will be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
An individual is able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization’s compliance and to the Office of the BC Information and Privacy Commissioner.
A privacy breach occurs when there is unauthorized access to or collection, use, disclosure or disposal of personal information. The most common privacy breach happens when personal information of customers or employees is stolen, lost or mistakenly disclosed. Examples include when a computer containing personal information is stolen or personal information is mistakenly emailed to the wrong person.
Any staff member or contractor that becomes aware of a privacy breach is responsible for notifying the Privacy Officer or their manager immediately.
The Privacy Officer will:
- identify the information, cause and extent of the breach
- determine the number of individuals affected
- contain the breach
- evaluate risks and determine whether harm could come to affected parties
- collaborate with management on notification to affected parties
- report to the Office of the Privacy Commissioner for BC on the prescribed form
- determine if any other parties should be notified
- cooperate with authorities during breach investigations