1. Introduction

The Protected Client Alert Database (PCAD) is a secure, proprietary system developed and managed by the Organizations to handle critical information related to high-risk Intimate Partner Violence (IPV) and Domestic Violence (DV) cases classified as Category 1 (CAT 1). These cases involve individuals at significant risk, including survivors, minors, and those under legal protection. The PCAD system is a cornerstone of our mission to provide compassionate, comprehensive support for safe housing and crisis intervention across Ontario, as outlined at EmergencyHousing.ca.

This policy establishes a stringent framework to govern access, use, and management of PCAD data, prioritizing the safety of protected clients, the security of our systems, and the legal and operational interests of the Organizations. It is designed to ensure rapid response, enhance client protection, maintain legal compliance, and support community safety while safeguarding the Organizations from liability and misuse.

The Organizations reserve the right to modify these Terms at any time, with changes effective upon posting. Continued use of the PCAD system constitutes acceptance of the revised Terms.

2. Purpose

The PCAD system serves to:

• Ensure Rapid Response: Provide authenticated users with immediate access to actionable data for coordinated safety interventions.
• Enhance Client Protection: Safeguard vulnerable individuals through rigorous access controls, encryption, and privacy measures.
• Maintain Legal Compliance: Adhere to all applicable laws, including but not limited to PHIPA, PIPEDA, YCJA, court orders, and publication bans.
• Support Community Safety: Share redacted data publicly to raise awareness while protecting sensitive information.

This policy reflects the Organizations’ unwavering commitment to leadership in IPV/DV case management, client safety, and operational integrity, as part of our broader mission to empower individuals and families across Ontario.

3. Definitions

• CAT 1 IPV/DV: High-risk IPV or DV cases requiring immediate attention and restricted access due to severe safety concerns.
• PCAD: Protected Client Alert Database, a proprietary system for storing, managing, and sharing CAT 1 data.
• Redacted Data: Publicly accessible information stripped of all personally identifiable and sensitive details.
• Unredacted Data: Full case details, accessible only to authenticated users with explicit clearance.
• Protected Clients: Individuals at risk due to IPV/DV, including survivors, minors, or those under legal protection orders.
• Authenticated Users: Vetted personnel or entities (e.g., emergency services, case managers) granted role-based access.
• Approved Partners: Organizations contractually authorized to access specific PCAD data under strict terms.
• Authorized Stakeholders: Individuals or groups with a verified, legitimate role in IPV/DV case management.
• Organizations: EmergencyHousing.ca, OttawaHousing.ca, and CitrixIQ Case Management Systems, collectively.

4. Scope

This policy governs all CAT 1 IPV/DV data managed by the Organizations, including:

• Public Access: Redacted data shared for community awareness and safety planning, published at https://emergencyhousing.ca/public-alerts.
• Restricted Access: Unredacted data available only to authenticated users, including approved partners, emergency services, and authorized stakeholders.

The Organizations retain sole discretion over all aspects of PCAD access, use, and management, prioritizing client safety and organizational interests.

5. Public Access to Redacted Data

5.1 Included in Redacted Data

• Case Reference ID: Unique identifier for tracking purposes.
• General Risk Alerts: Broad safety warnings without specific details.
• Public Conditions: Non-identifiable measures (e.g., no-contact zones).
• Status Updates: General case status (e.g., active, resolved).

5.2 Excluded from Redacted Data

• Names, addresses, contact details, or any personally identifiable information of protected clients or related parties.
• Medical, psychological, legal, or financial records.
• Multimedia evidence (e.g., photos, videos, recordings).
• Any information subject to publication bans or legal restrictions.

5.3 Publishing Process

Data is redacted by staff trained in privacy and data protection, with oversight to ensure compliance with applicable laws. While automation may assist, the Organizations prioritize accuracy and client safety. Errors, if any, do not constitute a breach of duty by the Organizations, and users assume all risks associated with reliance on redacted data.

Redacted data is published at https://emergencyhousing.ca/public-alerts and updated in real-time as case statuses change. The Organizations are not liable for any misuse or misinterpretation of redacted data.

6. Secure Access to Unredacted Data

6.1 Included in Unredacted Data

• Full legal orders (e.g., restraining orders, custody terms).
• Detailed risk assessments and case notes.
• Authorized contact information for protected clients, where permitted.
• Real-time alerts and updates.
• Multimedia evidence (e.g., photos, recordings), accessible only with specific case authorization.

6.2 Authentication Process

1. Vetting: Submit access requests via https://emergencyhousing.ca/support. The Organizations reserve the right to deny access at their sole discretion.
2. Multi-Factor Authentication (MFA): Requires login credentials plus a secondary method (e.g., authenticator app, SMS code, or hardware token).
3. Confidentiality Agreement: Users must sign a legally binding agreement outlining data protection obligations, sharing restrictions, and liability for misuse.
4. Role-Based Permissions: Access is strictly limited to data necessary for the user’s verified role.

6.3 Security Measures

• All access is logged and audited at least quarterly, with immediate review for suspicious activity.
• Sessions timeout after 15 minutes of inactivity to prevent unauthorized access.
• Access is restricted to pre-approved devices and networks meeting the Organizations’ stringent security standards.
• Emergency services may receive pre-authorized access for urgent responses, subject to post-access verification and audit.
• Data is encrypted in transit and at rest using industry-leading protocols.

The Organizations reserve the right to revoke access at any time, without notice, for any reason, including suspected misuse or security concerns.

7. Legal and Privacy Compliance

7.1 Applicable Laws

The Organizations comply with all applicable laws, including but not limited to:

• PHIPA: Personal Health Information Protection Act, protecting health information.
• PIPEDA: Personal Information Protection and Electronic Documents Act, governing personal data in private systems.
• YCJA: Youth Criminal Justice Act, safeguarding youth data.
• Other federal, provincial, and municipal laws, court orders, and publication bans.

Youth information is redacted in all public disclosures. Other data may be published if accessible via Freedom of Information (FOI) or public records, at the Organizations’ discretion.

7.2 Publication Bans

Data subject to publication bans is flagged and restricted to specially authorized users. Unauthorized access attempts trigger immediate alerts, account suspension, and potential legal action.

7.3 Prohibited Actions

Users are strictly prohibited from:

• Sharing unredacted data without explicit approval from the Organizations.
• Using PCAD data for any purpose beyond authorized case management or safety interventions.
• Attempting to bypass, hack, or manipulate PCAD security measures.
• Disclosing access credentials or facilitating unauthorized access.

Violations may result in immediate access revocation, civil or criminal liability, and reporting to law enforcement or regulatory authorities.

8. Consent and Data Sharing

Where feasible, protected clients are informed about PCAD data use and sharing, consistent with the Organizations’ commitment to transparency and dignity. However, in emergencies, legal mandates, or situations critical to client safety, data may be shared without prior consent, as permitted by law.

Data sharing with approved partners is governed by formal, legally binding agreements that enforce compliance with this policy, applicable laws, and the Organizations’ security standards. The Organizations retain sole authority to approve or deny data-sharing requests.

Users acknowledge that the Organizations are mandatory reporters under the Child, Youth and Family Services Act (CYFSA) and may disclose data to protect client safety, without liability.

9. Stakeholder Benefits

The PCAD system provides tailored benefits to stakeholders while prioritizing client safety and organizational control:

• Emergency Services: Immediate access to critical risk data for rapid, life-saving responses.
• Case Managers: Detailed insights to develop personalized housing and support plans, as part of our Intensive Housing-Based Case Management approach.
• Community: Enhanced safety through redacted alerts, fostering awareness without compromising privacy.

10. Data Management

10.1 Retention

Data is retained for 3 years post-case closure, unless otherwise required by law or court order.

10.2 Archiving

Closed cases are stored in encrypted archives with access restricted to authorized administrators. Archival access is audited biannually.

10.3 Updates

Real-time changes to PCAD data include time and date stamps for accountability. The Organizations are not liable for delays or errors in updates due to technical issues or third-party actions.

11. Training and Enforcement

11.1 Training

All authenticated users must complete mandatory training on:

• Privacy and data protection laws (PHIPA, PIPEDA, YCJA).
• PCAD system operation and security protocols.
• Legal obligations, including publication bans and confidentiality.
• Best practices for IPV/DV case management, aligned with Ontario Best Practices.

11.2 Enforcement

Violations of this policy may result in:

• Immediate revocation of access.
• Disciplinary action, including termination of partnership agreements.
• Civil or criminal legal proceedings, at the Organizations’ discretion.
• Reporting to law enforcement, regulatory bodies, or professional licensing authorities.

The Organizations reserve the right to pursue all available remedies for breaches, including recovery of damages and legal fees.

12. Data Breach Response

In the event of a data breach or unauthorized access, the Organizations will:

1. Conduct an immediate investigation to assess the incident’s scope and impact.
2. Notify affected individuals and authorities as required by law, within mandated timelines.
3. Implement mitigation steps to limit harm and prevent recurrence.
4. Review and update security measures to enhance system resilience.

Users agree to cooperate fully with breach investigations and waive any claims against the Organizations for losses arising from breaches, except where gross negligence is proven.

13. User Roles and Access Levels

• Administrators: Full system and account management access, reserved for designated Organization personnel.
• Case Managers: Detailed access to data for assigned clients, aligned with their role in Intensive Housing-Based Case Management.
• Emergency Responders: Real-time alerts and critical risk data for urgent interventions.
• Public Users: Access to redacted data only, via public alerts.

The Organizations may modify or revoke access levels at their sole discretion, without liability.

14. Disclaimers and Limitation of Liability

The PCAD system and all data are provided “AS IS” and “AS AVAILABLE,” without warranty of any kind, express or implied, including but not limited to warranties of accuracy, completeness, or fitness for a particular purpose. The Organizations disclaim all liability for:

• Errors, omissions, or delays in PCAD data or system functionality.
• Misuse or misinterpretation of PCAD data by users or third parties.
• Any indirect, incidental, special, punitive, or consequential damages arising from PCAD use, even if advised of such possibilities.
• Unauthorized access or breaches not resulting from the Organizations’ gross negligence.

To the fullest extent permitted by law, the Organizations’ aggregate liability for any claim arising from PCAD use shall not exceed $1 CAD.

15. Indemnification

Users agree to indemnify, defend, and hold harmless the Organizations, their affiliates, officers, directors, employees, agents, and partners from any claims, damages, losses, liabilities, costs, or expenses (including reasonable legal fees) arising out of or related to:

• Users’ violation of these Terms or applicable laws.
• Users’ misuse of PCAD data or system.
• Users’ infringement of any third-party rights.
• Any actions or omissions by users that compromise client safety or system security.

The Organizations reserve the right to assume control of any defense in indemnifiable matters, at users’ expense.

16. Termination

The Organizations may suspend or terminate access to the PCAD system, in whole or in part, at their sole discretion, without notice or liability, for any reason, including but not limited to:

• Violation of these Terms.
• Suspected misuse or security risks.
• Operational or legal requirements.

Terminated users may not reapply for access without the Organizations’ express written permission.

17. Dispute Resolution

Any disputes arising from or related to these Terms or PCAD use shall be governed by the laws of the Province of Ontario and the federal laws of Canada. Disputes shall be resolved exclusively in the courts of Ottawa, Ontario, and users irrevocably submit to this jurisdiction.

Users waive any right to class actions or collective proceedings. The maximum award for any claim against the Organizations shall not exceed $1 CAD, to the fullest extent permitted by law.

18. Severability

If any provision of these Terms is found to be illegal, unenforceable, or unconscionable by a court of competent jurisdiction, the remaining provisions shall remain in full force and effect to the fullest extent permitted by law. The invalid provision shall be replaced with a valid one that most closely reflects the Organizations’ intent.

19. Entire Agreement

These Terms constitute the entire agreement between users and the Organizations regarding PCAD use, superseding all prior or contemporaneous agreements, understandings, or representations. Any additional terms proposed by users are void unless expressly accepted in writing by the Organizations.

20. Contact

For questions, concerns, or access requests related to the PCAD system or this policy, contact:

• PCAD Administrator
• Email: [email protected] or [email protected]
• Phone: 613-663-2399

Responses will be provided within 5 business days, subject to operational constraints. The Organizations are not liable for delays in response.