Privacy

Combination LockMachinery Safety 101 is a blog owned and pub­lished by Compliance InSight Consulting Inc. Our activ­it­ies are sub­ject to Canadian Federal pri­vacy legis­la­tion.

Download the Policy

Policy Number 8.2, Revision 1, 26-​Mar-​08Adobe Acrobat

Approved by: Doug Nix

Summary

The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian Federal Law that reg­u­lates the col­lec­tion and use of per­son­al inform­a­tion with­in Canada. Compliance InSight Consulting (CIC) and Machinery Safety 101 are oblig­ated to com­ply with this Act whenev­er per­son­al inform­a­tion is col­lec­ted.

Application

This policy applies to the col­lec­tion and use of per­son­al inform­a­tion exceed­ing that which is pub­licly avail­able and includes the stor­age of that inform­a­tion. Specifically excluded from this policy under the PIPEDA are:

  • An employee’s name, title, busi­ness address or tele­phone num­ber;
  • Employee inform­a­tion.

Other fed­er­al and pro­vin­cial laws may reg­u­late this inform­a­tion.

Responsibilities

All CIC dir­ect­ors, employ­ees and sub­con­tract­ors are respons­ible for keep­ing this policy.

Policy

Ten Privacy Principles have been set out by the Federal Department of Justice and the Privacy Commissioner. These prin­ciples were first artic­u­lated in CSA Q830-​96, Model Code for the Protection of Personal Information.

CIC is com­mit­ted to apply­ing these prin­ciples in our busi­ness deal­ings with com­pan­ies and indi­vidu­als.

Privacy Principles

  1. Accountability: An organ­iz­a­tion is respons­ible for per­son­al inform­a­tion under its con­trol and shall des­ig­nate an indi­vidu­al or indi­vidu­als who are account­able for the organization’s com­pli­ance with the fol­low­ing prin­ciples.
  2. Identifying Purposes: The pur­poses for which per­son­al inform­a­tion is col­lec­ted shall be iden­ti­fied by the organ­iz­a­tion at or before the time the inform­a­tion is col­lec­ted.
  3. Consent: The know­ledge and con­sent of the indi­vidu­al are required for the col­lec­tion, use or dis­clos­ure of per­son­al inform­a­tion, except when inap­pro­pri­ate.
  4. Limiting Collection: The col­lec­tion of per­son­al inform­a­tion shall be lim­ited to that which is neces­sary for the pur­poses iden­ti­fied by the organ­iz­a­tion. Information shall be col­lec­ted by fair and law­ful means.
  5. Limiting Use, Disclosure, and Retention: Personal inform­a­tion shall not be used or dis­closed for pur­poses oth­er than those for which it was col­lec­ted, except with the con­sent of the indi­vidu­al or as required by the law. Personal inform­a­tion shall be retained only as long as neces­sary for ful­fil­ment of those pur­poses.
  6. Accuracy: Personal inform­a­tion shall be as accur­ate, com­plete, and up-​to-​date as is neces­sary for the pur­poses for which it is to be used.
  7. Safeguards: Personal inform­a­tion shall be pro­tec­ted by secur­ity safe­guards appro­pri­ate to the sens­it­iv­ity of the inform­a­tion.
  8. Openness: An organ­iz­a­tion shall make read­ily avail­able to indi­vidu­als spe­cif­ic inform­a­tion about its policies and prac­tices relat­ing to the man­age­ment of per­son­al inform­a­tion.
  9. Individual Access: Upon request, an indi­vidu­al shall be informed of the exist­ence, use and dis­clos­ure of his or her per­son­al inform­a­tion and shall be giv­en access to that inform­a­tion. An indi­vidu­al shall be able to chal­lenge the accur­acy and com­plete­ness of the inform­a­tion and have it amended as appro­pri­ate.
  10. Challenging Compliance: An indi­vidu­al shall be able to address a chal­lenge con­cern­ing com­pli­ance with the above prin­ciples to the des­ig­nated indi­vidu­al or indi­vidu­als for the organization’s com­pli­ance.

To meet these prin­ciples, CIC makes these com­mit­ments:

  1. The Managing Directors of the cor­por­a­tion are respons­ible for the imple­ment­a­tion and main­ten­ance of this policy.
  2. Wherever CIC gath­ers inform­a­tion on indi­vidu­als, this inform­a­tion will be main­tained in a con­fid­en­tial man­ner. CIC will not sell, lease, lend or oth­er­wise dis­close per­son­al inform­a­tion col­lec­ted for any pur­pose except where per­mit­ted or required by Canadian Federal or Provincial law. A notice will be pos­ted on web pages and oth­er doc­u­ments where per­son­al inform­a­tion may be gathered inform­ing indi­vidu­als that their inform­a­tion is being col­lec­ted for a spe­cif­ic pur­pose, out­lining that pur­pose and their rights under the PIPEDA
  3. Where per­son­al inform­a­tion exceed­ing that which is pub­licly avail­able is gathered on an indi­vidu­al, a request for con­sent to gath­er that inform­a­tion will be made. Refusing to give con­sent may pre­vent the indi­vidu­al from obtain­ing access to cer­tain products or ser­vices. Where this is the case, a notice will be clearly made indic­at­ing the reas­ons for refus­al of ser­vice.
  4. CIC will lim­it the col­lec­tion of per­son­al inform­a­tion to that spe­cific­ally required for the stated pur­poses.
  5. Personal form­a­tion exceed­ing that which is pub­licly avail­able will only be used for the ori­gin­al pur­pose for which it was obtained. CIC will not sell, lease, lend or oth­er­wise dis­close per­son­al inform­a­tion col­lec­ted for any pur­pose except where per­mit­ted or required by Canadian Federal or Provincial law. Personal inform­a­tion will be retained for a lim­ited peri­od not exceed­ing five (5) years after which time it shall be securely des­troyed.
  6. Every effort will be made to ensure that the inform­a­tion gathered is accur­ate and up-​to-​date as neces­sary for the pur­pose. Individuals have the right to request access to the inform­a­tion that is held by CIC, and to make cor­rec­tions, addi­tions or dele­tions at any time. A request must be sub­mit­ted in writ­ing, along with accept­able iden­ti­fic­a­tion to allow CIC officers to determ­ine that the indi­vidu­al request­ing the changes is the indi­vidu­al whose inform­a­tion will be affected. Wherever pos­sible, CIC will provide the means for indi­vidu­als to securely view and modi­fy their per­son­al inform­a­tion dir­ectly.
  7. CIC will employ suit­able secur­ity meas­ures to pro­tect per­son­al inform­a­tion from unau­thor­ized use by any indi­vidu­al or organ­iz­a­tion.
  8. CIC policies and pro­ced­ures on col­lec­tion and use of per­son­al inform­a­tion shall be made pub­licly avail­able.
  9. Individuals have the right to free access to their per­son­al inform­a­tion. Anyone who believes that CIC may hold their per­son­al inform­a­tion will be giv­en free access to that inform­a­tion as out­lined else­where in this policy. Wherever pos­sible, means will be provided to facil­it­ate dir­ect access to per­son­al inform­a­tion by the indi­vidu­al.
  10. Challenges to this policy or to CIC com­pli­ance with this policy and the PIPEDA shall be dir­ec­ted to the indi­vidu­als respons­ible for imple­ment­a­tion and main­ten­ance of this policy as giv­en in Section I of this policy.

Managing Directors

Douglas Nix, A.Sc.T., Managing Director, Sales and Operations and Principal Consultant

Kimberly Nix, Managing Director, Finance, Marketing and Educational Design

Or write us at:

Compliance InSight Consulting Inc.
145 Deer Ridge Drive,
Kitchener, Ontario N2P 2K9
CANADA

Phone: +1(519) 650‑4753
Fax: +1 (519) 653‑1318

  • Darlene Kettle

    my col­league required a form some time ago and loc­ated a busi­ness with a lot of sample forms . If you have been need­ing it as well , here’s a <http://goo.gl/pfo6dd

  • BION I’m imrepsesd! Cool post!