Dealing with Personal Information


If we hold Personal Information about an individual, they have a right to access that information, correct that information and request the destruction of that information. Should you receive any of the above-mentioned requests from an individual, you must notify; where the request can be considered with regard to our legal obligations. Generally, these requests must be complied with. 

Use only for Primary Purpose

Personal Information which is collected by us should only be used for:

What is the primary purpose?

This will differ depending on each resident and their needs. Where we require Personal Information about an individual, when requesting such information from a resident or related third party, it must be made clear at the outset why the information is required, and how it will be used. 

If the information is disclosed to us by a resident or related third party without requesting it, we must ensure the information is actually required in order to complete the task we have been engaged for. 

If it is not required, we should destroy the information.


Where Personal Information is held by us, we must ensure the information is stored securely and accurately. Accordingly, information should only be stored on approved corporate systems and should be saved to a file reserved only for information relating to a certain resident (i.e., each resident must have a separate file). Additionally, only the staff members working on a with a particular resident are permitted to access that file.

It is up to each and every staff member staff member(s), but particularly the Facility Managers and RNs, delegated to caring for a certain resident to ensure the information is kept up-to-date and accurate. Should you become aware of outdated information, you must update it.

Where Personal Information is held by us and it is no longer required for the purpose it was collected for, you should either securely destroy such information, or de-identify the information. 

Privacy Obligations when Working Remotely

The requirements of the Privacy Laws continue to apply when employees work off site or from home. When working remotely and dealing with privacy and/or personal information, employees and contractors must:

What happens if there is a suspected data breach?

Continue to next section...

Other Policy Sections For Employees