BRITISHCOLUMBIALAWINSTITUTE 1822EastMall,UniversityofBritishColumbia Vancouver,BritishColumbiaV6T1Z1 Voice:(604)8220142Fax:(604)8220144E‐mail:bcli@bcli.org Website:www.bcli.org

PersonalInformationProtectionPolicyTheBritishColumbiaLawInstituterecognizestheimportanceofprivacyandthesensitivityofpersonal information.Wearecommittedtokeepingpersonal informationaccurate,se‐cure,andconfidential.Thispolicyoutlineshowwewillmanagepersonalinformationandsafeguardtheprivacyofourstakeholders.At theBritishColumbiaLaw Institute,weare committed to fulfillingourmission tobealeaderinlawreformbycarryingoutthebestinscholarlylawreformresearchandwritingand the best in outreach relating to law reform. As fulfilling ourmission and providingrelated services sometimes involves the collection, use, and disclosure of some personalinformation about our stakeholders, protecting their personal information is one of ourhighestpriorities.We will inform our stakeholders of why and how we collect, use, and disclose theirpersonalinformation,obtaintheirconsentwhererequired,andonlyhandletheirpersonalinformation in a manner that a reasonable person would consider appropriate in thecircumstances.SCOPEOFTHISPOLICY

ThisPersonal InformationProtectionPolicy, incompliancewith thePersonal InformationProtection Act (PIPA), outlines the principles and practices we will follow in protectingpersonal information. Our privacy commitment includes ensuring the accuracy,confidentiality, and security of our stakeholders’ personal information and allowing ourstakeholderstorequestaccessto,andcorrectionof,theirpersonalinformation.ThisPersonalInformationProtectionPolicyappliestotheBritishColumbiaLawInstituteandtoitsinternaldivision,theCanadianCentreforElderLaw.ThisPersonalInformationProtectionPolicyalsoappliestoanyserviceproviderscollecting,using,ordisclosingpersonalinformationonbehalfofus.DEFINITIONS

Collection—meanstheactofgathering,acquiring,recording,orobtainingpersonal infor‐mationfromanysourceincludingthirdparties.

BritishColumbiaLawInstitute Page2of7PersonalInformationProtectionPolicy LastModified:12November2008Consent—means informedvoluntary agreement for the collection,use, anddisclosureofpersonalinformationfordefinedpurposes,and,forgreatercertainty:

(a) consentcanbeexpress,deemed,orimplied;(b) expressconsentcanbegivenorallyorinwriting,andcanbeinhardcopyform

ordigital(c) deemedconsentmayexistifthepurposeforthecollection,use,ordisclosureof

the informationwould be considered obvious to a reasonable person and theindividualprovidesthepersonalinformationtousforthatpurpose;

(d) impliedconsentmayexist if itcanreasonablybe inferredfroman individual’sactionorinaction;

(e) consent can be given through an authorized representative, such as a legalguardianorapersonwithapowerofattorney.

Contactinformation—meansinformationthatwouldenableanindividualtobecontactedat a place of business and includes name, position name or title, business telephonenumber,businessaddress,businessemail,orbusinessfaxnumber.ContactinformationisnotcoveredbythispolicyorPIPA.Disclosure—meanstheactofmakingpersonalinformationavailabletoathirdparty.Personal information—means informationaboutan identifiable individual, including in‐formation relating to personal characteristics, health, activities, or views. Personalinformationdoesnot include contact informationanddoesnot includeaggregated infor‐mationthatcannotbeassociatedwithaspecificindividual.PrivacyOfficer—meansthe individualdesignatedtoberesponsible forensuringthatwecomplywiththispolicyandPIPA.Stakeholder—meansspecificindividualswhoareouremployees,members,orvolunteers,orwhootherwiseprovideuswiththeirpersonalinformation.Thirdparty—meansanindividualororganizationotherthanus.Use—means the treatment, handling, or management of personal information by andwithinus.We,us, orour—means the British Columbia Law Institute and the Canadian Centre forElderLaw.POLICY1—COLLECTINGPERSONALINFORMATION

1.1 Unless the purposes for collecting personal information are obvious and thestakeholdervoluntarilyprovideshisorherpersonalinformationforthosepurposes,

BritishColumbiaLawInstitute Page3of7PersonalInformationProtectionPolicy LastModified:12November2008

wewillcommunicatethepurposesforwhichpersonalinformationisbeingcollected,eitherorallyorinwriting,beforeoratthetimeofcollection.

1.2 Wewillonlycollectstakeholderinformationthatisnecessarytofulfillthefollowing

purposes:

• toverifyidentity;• toestablishandmaintainrelationswithstakeholders;• tounderstandneedsandpreferencesofstakeholders,includingthepreferences

ofvisitorstoourwebsite;• toenableustofulfillourpurposes,includingpublicoutreachandconsultation;• tomanageanddevelopourorganization, includingpersonnelandemployment

matters;• todeliverrequestedproductsandservices;• tocontactstakeholdersforfundraising;• tomeetlegalandregulatoryrequirements;• tomeetsuchadditionalpurposesthatareidentifiedtoanindividual.

1.3 Our website uses Google Analytics to help us understand how visitors use the

website. This information allows us to improve ourweb services. Google Analyticsuses cookies to collect standard information (including your IP address) aboutvisitors’ behaviour in an anonymous form and stores this information on Google’sservers.Cookiesaresmalltextfilessenttoyourcomputerwhenyourbrowservisitsawebsite.Wewillnot (andwillnotallowany thirdparty to)useGoogleAnalytics tocollectpersonally identifiable informationofvisitorstoourwebsite.Googlewillusetheanonymousinformationcollectedforthepurposeoftrackinguseofthewebsite,compiling reports and providing other services relating to website activity andInternet usage. For further information, you can refer to the Terms of Service ofGoogle Analytics <https://www.google.com/analytics/home/tos/TOS_en‐US.html>.Byusingourwebsite,youconsent to theprocessingofdataaboutyoubyGoogle inthemanner and for the purposes set out above. However, youmay also choose todeclinecookiesbyselectingtheappropriatesettingsonyourbrowser.

POLICY2—CONSENT

2.1 Wewillobtain stakeholder consent to collect,use,ordisclosepersonal information(exceptwhere,asnotedbelow,weareauthorizedtodosowithoutconsent).

2.2 Inobtainingconsent,wewillexplaintostakeholdersinplainlanguagethepurposes

forwhichpersonalinformationwillbecollected,used,ordisclosed.

BritishColumbiaLawInstitute Page4of7PersonalInformationProtectionPolicy LastModified:12November20082.3 Wewillseekconsenttouseordisclosepersonalinformationatthesametimewecol‐

lecttheinformation.Insomecircumstances,wemayidentifyanewpurposeandwillseekconsenttouseanddisclosepersonalinformationafterithasbeencollected,butbeforeitisusedordisclosedforanewpurpose.

2.4 Indeterminingtheappropriateformofconsent,wewillconsiderthesensitivityofthe

personalinformationandthereasonableexpectationsofstakeholders.2.5 Subjecttocertainexceptions(e.g.,thepersonalinformationisnecessarytoprovidea

serviceorproduct,orthewithdrawalofconsentwouldfrustratetheperformanceofalegalobligation),stakeholdersmaywithholdorwithdrawtheirconsentforustousetheir personal information in certainways.A stakeholder’s decision towithhold orwithdrawconsenttocertainusesofpersonalinformationmayrestrictourabilitytoprovideaparticularserviceorproduct.Ifso,wewillexplainthesituationtoassistthestakeholderinmakingthedecision.

2.6 We may collect, use, or disclose personal information without a stakeholder’s

knowledgeorconsentinthefollowinglimitedcircumstances:

• when the collection,use, ordisclosureofpersonal information ispermittedorrequiredbylaw;

• inanemergencythatthreatensanindividual'slife,health,orpersonalsecurity;• when the personal information is available from a public source (e.g., a

telephonedirectory);• whenwerequirelegaladvicefromalawyer;• forthepurposesofcollectingadebt;• toprotectourselvesfromfraud;• toinvestigateananticipatedbreachofanagreementoracontraventionoflaw.

POLICY3—USINGANDDISCLOSINGPERSONALINFORMATION

3.1 Wewill only use or disclose stakeholder personal informationwhere necessary tofulfill the purposes identified at the time of collection or for a purpose reasonablyrelatedtothosepurposessuchastoconductstakeholdersurveysinordertoenhancetheprovisionofourservices.

3.2 We will not use or disclose stakeholder personal information for any additional

purposeunlessweobtainconsenttodoso.3.3 Wewillnotsellstakeholderlistsorpersonalinformationtootherpartiesunlesswe

haveconsenttodoso.

BritishColumbiaLawInstitute Page5of7PersonalInformationProtectionPolicy LastModified:12November2008

POLICY4—RETAININGPERSONALINFORMATION

4.1 Ifweusestakeholderpersonalinformationtomakeadecisionthatdirectlyaffectsthestakeholder,wewillretainthatpersonalinformationforatleastoneyearsothatthestakeholderhasareasonableopportunitytorequestaccesstoit.

4.2 Subjecttopolicy4.1,wewillretainstakeholderpersonalinformationonlyaslongas

necessarytofulfilltheidentifiedpurposesoralegalorbusinesspurpose.POLICY5—ENSURINGACCURACYOFPERSONALINFORMATION

5.1 Wewillmakereasonableefforts toensure thatstakeholderpersonal information isaccurate and complete where it may be used to make a decision about thestakeholderordisclosedtoanotherorganization.

5.2 Stakeholdersmayrequestcorrectiontotheirpersonalinformationinordertoensure

its accuracy and completeness. A request to correct personal informationmust bemadeinwritingandprovidesufficientdetailtoidentifythepersonalinformationandthe correction being sought. A request to correct personal information should beforwardedtothePrivacyOfficer.

5.3 If thepersonal information isdemonstratedtobe inaccurateor incomplete,wewill

correct the information as required and send the corrected information to anyorganizationtowhichwedisclosedthepersonalinformationinthepreviousyear.Ifthecorrection isnotmade,wewillnote thestakeholder’s correctionrequest in thefile.

POLICY6—SECURINGPERSONALINFORMATION

6.1 We are committed to ensuring the security of stakeholder personal information inorder to protect it from unauthorized access, collection, use, disclosure, copying,modification,ordisposalorsimilarrisks.

6.2 We will safeguard stakeholder personal information in our possession or control

fromlossortheftandfromunauthorizedaccess,use,disclosure,copying,ormodifica‐tionthroughappropriatesecuritymeasuresdependingonthesensitivity,format,andstorageofthepersonalinformation.

6.3 Wewillprotectstakeholderpersonalinformationdisclosedtothirdpartiesbyrequir‐

ingthosethirdpartiestosafeguardallpersonalinformationinamannerthatiscon‐sistentwithourpracticesandasregulatedbylaw.

6.4 Any of our employees with access to stakeholder personal information will be re‐

quiredtorespecttheconfidentialityofsuchinformation.6.5 We will use appropriate security measures when destroying stakeholder personal

information.

BritishColumbiaLawInstitute Page6of7PersonalInformationProtectionPolicy LastModified:12November20086.6 We will continually review and update our security policies and controls as

technologychangestoensureongoingpersonalinformationsecurity.Asaresult,thispolicymaychangeandstakeholdersshouldconsultthelatestavailableversion.

POLICY7—PROVIDINGACCESSTOPERSONALINFORMATION

7.1 Stakeholders have a right to access their personal information, subject to thefollowingexceptions:

• itislikelytorevealpersonalinformationaboutathirdparty;• disclosingthepersonal informationcouldrevealconfidentialcommercial infor‐

mation;• thepersonalinformationisprotectedbysolicitor/clientprivilege;• thedenialofaccessisrequiredorauthorizedbylaw;• information relates to existing or anticipated legal proceedings against that

stakeholder;• itmightprejudicenegotiationswiththatstakeholder;• itisnecessarytoprotecttheourrightsandproperty;• therequestisfrivolousorvexatious;• theinformationiscollectedforpurposesofaninvestigationortheinformationis

theresultofarbitrationorotherformaldisputeresolutionprocess.7.2 A request to access personal information must be made in writing and provide

sufficientdetailtoidentifythepersonalinformationbeingsought.ArequesttoaccesspersonalinformationshouldbeforwardedtothePrivacyOfficer.

7.3 Uponrequest,wewillalso tell stakeholdershowweuse theirpersonal information

andtowhomithasbeendisclosedifapplicable.7.4 We will make the requested information available within 30 business days, or

providewrittennoticeofanextensionwhereadditionaltimeisrequiredtofulfilltherequest.

7.5 Aminimalfeemaybechargedforprovidingaccesstopersonalinformation.Wherea

fee may apply, we will inform the stakeholder of the cost and request furtherdirection from the stakeholder on whether or not we should proceed with therequest.

7.6 If a request is refused in full or in part, we will notify the stakeholder in writing,

providingthereasonsforrefusalandtherecourseavailabletothestakeholder.

BritishColumbiaLawInstitute Page7of7PersonalInformationProtectionPolicy LastModified:12November2008

POLICY8—QUESTIONSANDCOMPLAINTS:THEROLEOFTHEPRIVACYOFFICER

8.1 ThePrivacyOfficer is responsible for ensuringour compliancewith thispolicyandthePersonalInformationProtectionAct.

8.2 Stakeholders should direct any complaints, concerns, or questions regarding our

complianceinwritingtothePrivacyOfficer.IfthePrivacyOfficerisunabletoresolvethe concern, the stakeholder may also write to the Information and PrivacyCommissionerofBritishColumbia.

PRIVACYOFFICER

Ourprivacyofficer’snameandcontactinformationis:KevinZakreskiStaffLawyerBritishColumbiaLawInstitute1822EastMallUniversityofBritishColumbiaVancouver,BCV6T1Z1Tel.:(604)827‐5336Fax:(604)822‐0144Email:kzakreski@bcli.org