Adopted by the Executive Council November 23, 2014
Principle 1 – Accountability
Principle 2 – Identifying Purposes
The MIA shall identify the purposes for collecting personal information before or at the time personal information is collected.
The MIA needs to collect, use and disclose some information about its members, participants, parents, donors, staff and volunteers, in order to conduct its operations, and deliver MIA programs and services to the communities it serves. The MIA purposes for collecting personal information are:
• To establish and maintain responsible relationships with its members, participants, parents, donors, staff and volunteers;
• To manage, develop and enhance MIA operations, programs and services;
• To acknowledge gifts, issue tax receipts, and other administrative requirements including information requests;
• To process and collect fees for service;
• To assess participant needs;
• To determine program, service, employment or volunteer eligibility;
• To provide safe and secure MIA environments;
• To collect data for statistical purposes;
• To better understand the changing needs of communities we serve;
• To communicate a range of programs, services, and philanthropic opportunities that benefit people we serve;
• To meet legal, regulatory and contractual requirements.
As a member or program participant of the MIA, you may receive:
• Information packages pertaining to members
• Information to keep you informed and up to date on the activities of the MIA, including programs, services and special events
• Membership renewal notices
• Fundraising requests
• Electronic newsletters
• Opportunities to volunteer
• Tax receipts
If, at any time, you wish to be removed from any of these contacts, simply call contact the MIA office and we will gladly accommodate your request.
The MIA shall indicate either orally, electronically or in writing, at or before the time personal information is collected, the purpose for which it is being collected.
Unless required by law, staff and volunteers shall not use or disclose for any new purpose personal information that has been collected, without the consent of the individual.
Principle 3 – Consent
The knowledge and consent of an individual is required for the collection, use, or disclosure of personal information, except where not required by law (see Exceptions). In obtaining consent, staff and volunteers shall advise participants, members, parents, donors, staff, volunteers, independent contractors of identified purposes for which personal information will be used or disclosed. Purposes shall be communicated in clear, understandable language.
In general, the following actions by an individual constitute implied consent for the MIA to collect, use and disclose personal information for purposes identified to the individual:
• Registration for MIA programs and services;
• Completion of a donation pledge form;
• Acceptance of employment and benefits enrolment by an employee;
• Acceptance of a volunteer position.
Express consent is required from an individual when dealing with more sensitive information, such as financial, criminal and medical data. For example, express consent is required from applicants for the Takaful program.
Individuals may at any time withdraw their consent to subject to certain service, legal or contractual restrictions. Individuals wishing to withdraw consent may contact the MIA for more information regarding the implications of withdrawing consent.
MIA may collect, use or disclose personal information without prior knowledge or consent of the individual in the following limited circumstances:
• To a lawyer or other legal representative of the MIAA, when legal advice is required by the organization;
• To a government body or agency in certain circumstances;
• To collect a debt, or comply with a subpoena, warrant or other court order, or as may be otherwise required by law;
• When the collection, use or disclosure of personal information is permitted or required by law.
• When the personal information is available from a public source (e.g., a telephone directory);
• In an emergency that threatens an individual’s life, health, or personal security;
• To protect ourselves from fraud;
• To investigate an anticipated breach of an agreement or a contravention of law
Principle 4 – Limiting Collection
The MIA shall take reasonable steps to limit the collection of personal information to that which is necessary for the purposes identified by the MIA. Information shall be collected by fair and lawful means.
When collecting personal information, staff and volunteers will usually collect it directly from the individuals about whom the personal information pertains.
Personal information may be collected from other sources with prior consent from the individual, for example, from prior employers, personal references or from other third parties having the right to disclose the information.
Principle 5 – Limiting Use, Disclosure, and Retention
The MIA shall not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained for at least a year and after which for only as long as necessary for the fulfillment of those purposes.
Principle 6 – Accuracy
Personal information shall be as accurate, complete and up-¬‐to-¬date as is necessary for the purposes for which it is to be used.
Principle 7 – Safeguards
The MIA shall protect personal information by security safeguards appropriate to the sensitivity of the information. All staff and volunteers with access to information shall be required as a condition of employment or volunteer role, to respect the confidentiality of personal information.
The more sensitive personal information is, the more security is required. Staff and volunteers shall protect personal information in their control (regardless of format) against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction, through appropriate security safeguards. Safeguards may include physical measures (such as locked doors, locked file cabinets), organizational measures (such as staff training, limited access) and technological measures (such as passwords, anti-¬‐virus software for computer systems). Personal information shared with a third party for processing shall be protected through contractual agreements with requirements for confidentiality and appropriate safeguards.
Website and Electronic Commerce
We use password protocols and encryption software to protect personal and other information we receive when a program or service is requested and/or paid for online. Our software is routinely updated to maximize protection of such information.
Links to Third-¬‐Party Sites
We provide links from our website to third party websites. The MIA does not control these websites and therefore we would encourage you to review their privacy policies.
Principle 8 – Openness
The MIA shall make readily available to individuals, information about its procedures and practices relating to the management of personal information. Information on the MIA commitment to privacy is available to the public on the MIA’s web site at www.miaonline.org.
Staff and volunteers shall make known upon request the contact information for the MIA privacy officer to whom inquiries or complaints can be forwarded.
Principle 9 – Individual Access
The MIA shall upon request inform an individual of the existence, use and disclosure of his or her personal information and shall give the individual access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate. Staff members and volunteers shall refer requests about personal information held about an individual to the privacy officer.
In order to safeguard personal information, an individual may be required to provide sufficient identification information to permit MIA to account for the existence, use and disclosure of personal information, and authorize access to the individual’s file.
Upon request, the privacy officer shall provide an account of the use and disclosure of personal information. A list of organizations to which the MIA may have disclosed personal information shall be provided. Staff can request access to their employee file by contacting the Executive Council member responsible for Human Resources.
Exceptions to access
The MIA may not be able to provide an individual with access to some or all of his or her personal information in certain circumstances permitted by law. Some exceptions include if:
• Doing so would likely reveal personal information about a third party;
• Disclosure could reasonably be expected to threaten the life or security of another individual;
• Information was collected in relation to the investigation of a breach of an agreement, or a contravention of law, or as otherwise permitted by law.
If access to personal information cannot be provided, the privacy officer shall provide the individual with written reasons for denying access.
Principle 10 – Challenging Compliance
An individual shall be able to address a challenge concerning compliance with the above principles to the designated MIA privacy officer.
Individuals wishing to make a complaint about MIA information handling practices, will be asked to provide in writing to the privacy officer, the following information: name and address or fax number where the individual prefers to be reached; nature of the complaint and relevant details; if applicable, the name of the MIA staff or volunteers with whom the individual has already discussed the issue.
The MIA shall investigate all complaints. If a complaint is found to be justified, the MIA shall take appropriate measures to resolve the complaint.
How do I get more information?
Our staff members will be happy to answer any questions you may have about your personal information. If you would like more information about our policies, or you would like to see exactly what personal information we have about you in our records, or you wish to register a complaint, please contact the MIA office manager at 204-256-1347 or firstname.lastname@example.org.