Part of GRIT Toronto’s mission is to provide under-represented groups the opportunity to test and evaluate digital products and services that will impact their cities and their lives. We’re committed to doing so in a way that respects testers’ privacy and their right to know, understand and control how their data is used.
How GRIT Toronto handles data
Because we collect and manage some of your personal data when you become a technology tester with GRIT Toronto, we want to make sure you have all the information you need to understand how we handle that data.
Why? Because as users of technology ourselves, we think it’s important to be informed about how our data is handled when collected by an organization. We also think it should be part of the public dialogue, so we want to be super transparent about our actions (and encourage others to do the same).
Below you’ll find a bunch of common questions and answers about how GRIT Toronto handles your data and privacy. We take this stuff really seriously; the policies we have in place were drafted in consultation with certified privacy experts and are in accordance with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).
“What kind of data does GRIT Toronto collect from me, and why?”
Our registration form asks for your contact information and includes questions about your background (such as age, ethnicity, income level and gender identity) and your experience with technology. We ask these questions because we’re striving to build a community of testers that is as diverse and representative of Toronto as possible.
“Can my feedback from a test identify me?”
We strive to de-identify all of our testers. When you participate in a test, all of the feedback you give will be associated with a number (i.e. ‘tester #1) and possibly a persona of your choosing. A persona is a way for us to get a sense of who the person testing technology is without giving away the identity of that person. For example, a persona may be, “Mid-20’s female MBA student.” Personas may be shared when we deliver the data to the developer of the technology being tested and/or on a public blog post about the test.
“Will you use my data for anything not related to GRIT Toronto?”
We only use your data for purposes that are demonstrably necessary to achieve the stated purposes of the GRIT program (For example, Code for Canada requires a test participant’s email address in order to communicate to them the details of the GRIT program, schedule their participation, etc.). Therefore, the email address information should only be used for these purposes and promptly and securely disposed of once it has served its purpose.
In the same vein, we require personal information in order to conduct the test and obtain required evidence. However when sharing the test results with our client and/or publicly, we will be cautious to only do so by using aggregate, de-identified data such as personas. certain response to the test technology.
Once the test results have been processed and packaged, unless there is any other compelling reason for keeping the personal information of the test participants, it will be securely disposed of.
“What do you do with my personal information?”
First off, we never share your personal information. Only a couple of GRIT staffers have access to your information, which is encrypted and password-protected, and that’s only to contact you when a new testing opportunity comes up, or to help us ensure our testing pool is diverse and representative the community.
“How will you safeguard my personal information?”
As long as we retain the collected personal information, we will ensure that it is adequately protected from the risk of unauthorized use and/or disclosure. We will clearly define the circle of internal stakeholders who require access to the involved personal information. Further, access to both electronic and physical personal information will only be provided to such stakeholders through the implementation of physical safeguards (locked storage cabinets, restricted access to certain areas housing physical and/or electronic personal information, etc.) and electronic safeguards (e.g., encryption, password-based access, etc.), as required. Also, to the extent that personal information exists in electronic form, such will be encrypted both at rest and in transit.
Once the personal information has served its stated purpose, it will be securely and irrevocably disposed of.
“How can I find out what data you have from me?”
Upon request, we will inform you of the existence, use, and disclosure of your personal information and you will be given access to that information. You’ll be able to challenge the accuracy and completeness of the information and have it amended as appropriate, or erased. Contact us at firstname.lastname@example.org to start this process.
Dive deeper into data & privacy
Let's get technical
You can also view GRIT Toronto’s privacy impact assessment (PIA). The Information Privacy Commissioner of Ontario refers describes a PIA as “a risk management tool used to identify the actual or potential effects that a proposed or existing information system, technology, program, process or other activity may have on an individual’s privacy.”