VCDS Policies & Disclaimers
Revised September 26th, 2020
The Volunteer Cancer Drivers Society (VCDS) complies with all laws and regulations governing not-for-profit societies. The Personal Information Protection Act (PIPA) is one such law governing our operations.
- Central Data Registry is the secure, off-site electronic storage facility for all VCDS confidential and historical information;
- Donors include all individuals providing funds to the Society; Little Green Light (LGL) is the donor management program in support of the Donor Stewardship strategy;
- Organized Donors include all corporations, businesses, associations, service clubs, government entities at all levels and any other organization providing funding;
- Patient is a person who applies to the Society and is accepted for transportation to cancer treatment in accordance with the Mission of the Society;
- Personal Information means information collected and stored that relates to patients, volunteers, donors and organized donors, but including contact information;
- RideScheduler is the dispatch/driver program for control of all patient and driver activity. It securely stores all personal patient, driver and statistical data related to the transportation of patients;
- Stakeholder is a patient, volunteer, donor or organized donor of VCDS; Statistical Data means personal information collected, collated and used by authorized Society members to provide statistical information that does not identify individuals or entities or in any way reveals individual personal information; and Volunteers include drivers, dispatchers, Board members and other members of the Society.
The VCDS Board appoints a Privacy Officer to be responsible for ensuring regular audit procedures and compliance assurance to the Board with this Policy and PIPA.
POLICY 1. Collecting Personal and Organized Donor Information
1.1 Purposes for which Personal Information Collected
The purposes for collecting personal information must be obvious to the patient, volunteer, donor or organized donor and the information must be voluntarily provided for those purposes. If the purpose is not obvious, VCDS will communicate to the patient the purposes for which personal information is being collected, either orally or electronically, before or at the time of collection and obtain consent to do so.
1.2 Necessary Information
VCDS will only collect, use or disclose patient, volunteer and donor information that is necessary to:
1.2.1 ensure safe, efficient transportation of patients to and from cancer treatment and appointments;
1.2.2 conduct stakeholder surveys to ensure the quality of the provision of services;
1.2.3 provide information related to operations and management of the Society;
1.2.4 maintain a Society membership role;
1.2.5 meet regulatory requirements;
1.2.6 compile financial, fund raising, marketing and statistical data.
1.3 Information to be collected
VCDS will collect the following information:
1.3.1 Volunteers’ name, age, address, phone number(s) electronic address(s), emergency contact, criminal record check, vulnerable person check, and in the case of drivers, driver’s license, vehicle insurance, ICC abstract, availability to drive and facilities willing to attend;
1.3.2 Patients’ name, address, phone number(s) electronic address(s), emergency contact, appointment date, time and location, nature of treatment, doctor’s name, special needs, age range. and cancer registration number.
1.3.3 Donors’ personal and contact information willingly supplied by individuals;
1.3.4 Organized Donors’ information available to the public, contact person(s) and other information willingly supplied by the organization.
1.4 Website Cookies
This website collects cookies to analyse our traffic and user behaviour. We do not share information about your use of our site with anyone else.
POLICY 2. Consent
2.1 Use or Disclose Information
Except for the provisions in 1.2, VCDS will obtain consent of patients, volunteers and donors to collect, use or disclose personal information in writing except where VCDS are authorized to do so without consent as noted in 2.2 to 2.4 below.
2.2 Consent Provided
Consent can be provided orally, in writing or electronically or can be implied where the purpose for collecting, using or disclosing the personal information is to provide VCDS services and information and the patient, volunteer or donor voluntarily provides that information.
2.3 Withhold or Withdraw Consent
Subject to personal information that is necessary to provide VCDS services, patients, volunteers and donors can withhold or withdraw consent to use their information at any time. A decision to withhold or withdraw consent to certain uses of personal information may restrict the VCDS ability to provide a particular service or maintain membership. If such a conflict arises, VCDS will explain this verbally or in writing to the individual(s) before removing the requested data from its servers.
2.4 Collect Information Without Consent
VCDS may collect, use or disclose personal information without the patient’s, volunteer’s or donor’s knowledge:
2.4.1 when permitted or required by law;
2.4.2 when the personal information is available from a public source;
2.4.3 in an emergency that threatens an individual’s life, health or personal security;
2.4.4 when VCDS requires legal advice from a lawyer;
2.4.5 to protect the Society from fraud.
POLICY 3. Using and Disclosing Personal Information
3.1 Using Personal Information for Data Compilation
Personal information may be combined to provide statistical, financial, marketing, and fundraising data provided that any data that may be released beyond the control of VCDS does not identify a person or persons in any context that implies or states a relationship to cancer or cancer treatment or any other health-related issues.
3.2 Use Information for Other Than Intended Purpose
VCDS will not use or disclose patient, volunteer or donor personal information for any additional purpose without written consent.
3.3 Not Sell Personal Information
VCDS will not sell patient, volunteer or donor personal information to other parties.
POLICY 4. Retaining Personal information
4.1 Maximum Time to Retain Information
VCDS will retain personal information only as long as necessary to fulfil the identified purposes.
POLICY 5. Ensuring Accuracy of Personal Information
5.1 Personal Information Accuracy
VCDS will make every effort to ensure that patient, volunteer or donor information is accurate and complete so patients, volunteers or donors of the Society are able to make informed decisions regarding the Society’s services.
5.2 Corrections to Personal Information
Patients, volunteers and donors may request a correction to their personal information verbally or in writing to ensure its accuracy and completeness. Such corrections must provide sufficient detail to identify personal information and facilitate an accurate correction.
POLICY 6. Securing Personal Information
6.1 Security of Personal Information
VCDS is committed to taking all reasonable precautions to ensure the security of patient, volunteer and donor personal information from unauthorized access, collection, use, disclosure, copying, modification or similar risks.
6.2 Access to Personal Information
Access to personal information is controlled and limited to those who need it for operational or administrative purposes.
6.3 Third Party Access to Personal Information
6.4 Storage of Personal Information
VCDS will ensure personal information is securely stored, electronically, off-site and is both password and firewall-protected. Where information is stored on personal electronic devices, the devices must be password and firewall-protected and precautions must be taken to ensure devices are not lost, stolen or otherwise compromised. Paper personal information will be not retained longer than required to complete the intended activity.
VCDS will store all current and historical personal and operational information in the following off-site, third-party managed, secure facilities:
6.4.1 RideScheduler, for storage of all personal patient, driver and statistical data related to the transportation of patients; and
6.4.2 Central Data Registry for storage of information related to patients, volunteers, donors together with financial, policy, procedures and operational and administrative data of the Society;
6.4.3 Little Green Light for storage of information related to donors and volunteers.
6.4 Downloading Personal Information
Drivers, dispatchers, other volunteers and authorized third-party entities involved in fundraising, marketing, statistic generation, financial compilation, survey preparation and other activity directly related to the Mission of the Society may download or obtain by other means, sufficient information to complete the task or tasks at hand.
6.5 Security of Downloaded Personal Information
Volunteers downloading information in 6.4 above shall ensure that:
6.5.1 the information held on personal electronic devices is password secured and has reasonable protection against loss, hacking or other means of intrusion; and
6.6 Destroying Personal Information
All entities holding personal information will take all appropriate security measures, including deleting electronic data and shredding paper documents, when destroying personal information.
6.7 Privacy and Security Policy Review
VCDS will review these Privacy and Security policies and controls regularly as technology changes to ensure ongoing personal information security.
POLICY 7. Anecdotal Personal Information
7.1 Disclosing Anecdotal Personal Information
VCDS will ensure that anecdotal personal information relayed by patients to dispatchers and drivers, including the patient’s cancer treatment, prognosis, health, personal circumstances and other confidential information, will not be divulged or disclosed to any other person or persons, except when the information is required in the course of providing the services of VCDS or when authorized by the patient and/or the Board.
POLICY 8. Providing Access to Personal Information
8.1 Access to Personal Information
Patients, volunteers, donors and organized Donors have a right to access their personal information.
8.2 Request to Access Personal Information
A request to access personal information as required in 8.1 must be made in writing and provide sufficient detail to identify the personal information being sought. The requested information will be provided within 30 days, upon confirmation of receipt.
8.3 Right to Know How Personal Information Used
If requested, patients, volunteers and donors will be told how the Society uses their personal information and to whom it has been disclosed.
8.4 Refusal to be Told How Personal Information Used
If a request is refused in full or in part, the patient, volunteer or donor will be notified in writing, providing the reasons for refusal and the recourse available.
POLICY 9. Privacy Breach Response Procedure
A privacy breach occurs when there is unauthorized access to, or collection, use, disclosure or disposal of personal information. In the event of a privacy breach, VCDS will take steps to contain the breach, evaluate the risks, notify involved stakeholders and review and update policies. The following steps will be taken in the event of a privacy breach.
9.1 Contain the Breach
To contain the breach, VCDS will immediately stop the unauthorized practice, recover the breached records, to the extent possible, shut down the system that was breached, revoke or change computer access codes and correct weaknesses in physical security. The Privacy Officer will:
9.1.1 Designate an appropriate individual to lead the initial investigation
9.1.2 Notify the appropriate government authorities if the breach involves theft or other criminal activity.
9.1.3 Ensure that the ability to investigate the breach is not compromised.
9.2 Evaluate the Risks
The more sensitive the data, the higher the risk. A combination of personal information with any relationship to cancer is more sensitive than individual information. The investigation will determine:
9.2.1 What data elements have been breached and who is affected by the breach.
9.2.2 Whether the personal information lost can be used for fraudulent or otherwise harmful purposes.
9.2.3 The cause of the breach.
9.2.4 The extent of the risk and whether the risk is ongoing or if there is further exposure of information.
9.2.5 Whether it is a systemic problem or an isolated incident.
9.2.6 Who is, or may be, in receipt of the information and what harm could result to the stakeholders involved.
Notification of affected stakeholders is a key consideration to avoid or mitigate harm to the individual whose personal information has been compromised. Notification will occur as soon as possible after the breach, except when law enforcement authorities, if notified, determine that notification should be delayed in order not to impede a criminal investigation. Notification must occur when:
9.3.1 Legislation requires notification.
9.3.2 There is a risk of identity theft or fraud.
9.3.3 There is a risk of loss of confidence in VCDS and/or good patient relations dictates that notification is appropriate.
9.3.4 Notification should include:
184.108.40.206 Date and details of the breach and the risk that may be caused by the breach.
220.127.116.11 Steps taken to further mitigate the risk.
18.104.22.168 VCDS Privacy Officer contact information.
22.214.171.124 Privacy Commissioner contact information and the fact that persons have a right to complain to the Office of the Information and Privacy Commissioner.
10.1 Direct Questions Complaints
POLICY 10. Questions and Complaints
Patients, volunteers and donors should direct any complaints, concerns or questions regarding the Society’s compliance with the above to the Privacy Officer. If the Privacy Officer is unable to resolve the concern, the complainant may also contact the Information and Privacy Commissioner of British Columbia.
Please be advised that all of the information on this website is provided for informational purposes only. Reliance on any information provided by The Volunteer Cancer Drivers Society appearing on or provided in relation to the VCDS website is solely at your own risk. The Volunteer Cancer Drivers Society assumes no responsibility or liability for any damages, claims, liabilities, costs or obligations arising from the use of this website or any other website to which this site is linked. Your use of third-party websites is at your own risk and subject to the terms and conditions of use for such sites.
Use of Content
The content of the Volunteer Cancer Drivers website is for visitors’ personal and non-commercial use. The materials and images on this website are protected by copyright and any other use of the material is strictly prohibited without our prior written permission and the permission of the applicable rights-holder(s). For use of materials for fundraising events and/or information on our authorization and release policies, please contact VCDS at firstname.lastname@example.org