top of page

Privacy Compliance Rules for Community Legal Information Project (Ontario)

  1. Purpose and Scope

    • These rules govern the collection, use, disclosure, and protection of personal information by the Community Legal Information Project (CLIP).

    • CLIP is committed to respecting individual privacy and complying with Ontario’s privacy laws, including FIPPA.

  2. Collection of Personal Information

    •  Personal information shall only be collected if:

      • It is necessary for providing legal information or referrals.

      • The individual has provided informed consent.

    • Collection must be:

      • Direct from the individual whenever possible.

      • Limited to what is relevant and necessary.

  3. Use and Disclosure

    • Personal information may only be used for the purpose for which it was collected.

    • Disclosure to third parties is prohibited unless:

      • The individual has consented.

      • Required by law (e.g., court order).

      • Necessary to prevent serious harm.

  4. Consent

    • Consent must be:

      • Informed, voluntary, and documented.

      • Specific to the purpose of collection and use.

      • Individuals may withdraw consent at any time

  5. Safeguards and Security

    •  CLIP must implement reasonable safeguards to protect personal information from:

    • Theft, loss, unauthorized access, disclosure, copying, modification, or disposal.

    • Measures include:

      • Secure storage (physical and digital).

      • Role-based access controls.

      • Regular staff training on privacy protocols.

  6. Privacy Impact Assessments (PIA)

    • A PIA must be completed before launching any new program or service that involves personal information.

    • PIAs must be updated if the purpose or method of data use changes significantly.

  7. Breach Notification

    • CLIP must report privacy breaches to the IPC and notify affected individuals if:

    • There is a real risk of significant harm.

    • Breach response includes:

      • Immediate containment.

      • Investigation and documentation.

      • Corrective action and future prevention

  8. Access and Correction

    • Individuals have the right to:

    • Access their personal information.

    • Request corrections to inaccurate or incomplete data.

    • CLIP must respond to access requests within 30 days.

  9. Accountability and Oversight

    • A designated Privacy Officer shall oversee compliance.

    • Annual privacy audits and staff training are mandatory.

    • CLIP must submit an annual report to the IPC detailing any breaches and compliance efforts.

  10. Transparency

    • CLIP shall maintain a publicly accessible Privacy Policy.

    • All individuals must be informed of their rights and how their data is handled.​​

bottom of page