8.2 – PIPEDA Policy

Compliance inSight Consulting Inc. logo in 240 x 240 px size

Policy & Procedures Manual

Num­ber:

8.2

Pre­pared By:

D. Nix

Approved By:

K. Nix

Rev:

1

Date:

26-Mar-08

PIPEDA Policy

Machinery Safety 101 is a blog owned and pub­lished by Com­pli­ance InSight Con­sult­ing Inc. Our activ­it­ies are sub­ject to Cana­dian Fed­er­al pri­vacy legis­la­tion (PIPEDA) and to the EU GDPR.

Policy Num­ber 8.2, Revi­sion 1, 26-Mar-08Adobe Acrobat

Pre­pared by: Doug Nix

Approved by: Kim­berly Nix

Summary

The Per­son­al Inform­a­tion Pro­tec­tion and Elec­tron­ic Doc­u­ments Act (PIPEDA) is a Cana­dian Fed­er­al Law that reg­u­lates the col­lec­tion and use of per­son­al inform­a­tion with­in Canada. Com­pli­ance InSight Con­sult­ing (CIC) and Machinery Safety 101 are oblig­ated to com­ply with this Act whenev­er per­son­al inform­a­tion is col­lec­ted.

Application

This policy applies to the col­lec­tion and use of per­son­al inform­a­tion exceed­ing that which is pub­licly avail­able and includes the stor­age of that inform­a­tion. Spe­cific­ally excluded from this policy under the PIPEDA are:

  • An employee’s name, title, busi­ness address or tele­phone num­ber;
  • Employ­ee inform­a­tion.

Oth­er fed­er­al and pro­vin­cial laws may reg­u­late this inform­a­tion.

Responsibilities

All CIC dir­ect­ors, employ­ees and sub­con­tract­ors are respons­ible for keep­ing this policy.

Policy

Ten Pri­vacy Prin­ciples have been set out by the Fed­er­al Depart­ment of Justice and the Pri­vacy Com­mis­sion­er. These prin­ciples were first artic­u­lated in CSA Q830-96, Mod­el Code for the Pro­tec­tion of Per­son­al Inform­a­tion.

CIC is com­mit­ted to apply­ing these prin­ciples in our busi­ness deal­ings with com­pan­ies and indi­vidu­als.

Privacy Principles

  1. Account­ab­il­ity: An organ­iz­a­tion is respons­ible for per­son­al inform­a­tion under its con­trol and shall des­ig­nate an indi­vidu­al or indi­vidu­als who are account­able for the organization’s com­pli­ance with the fol­low­ing prin­ciples.
  2. Identi­fy­ing Pur­poses: The pur­poses for which per­son­al inform­a­tion is col­lec­ted shall be iden­ti­fied by the organ­iz­a­tion at or before the time the inform­a­tion is col­lec­ted.
  3. Con­sent: The know­ledge and con­sent of the indi­vidu­al are required for the col­lec­tion, use or dis­clos­ure of per­son­al inform­a­tion, except when inap­pro­pri­ate.
  4. Lim­it­ing Col­lec­tion: The col­lec­tion of per­son­al inform­a­tion shall be lim­ited to that which is neces­sary for the pur­poses iden­ti­fied by the organ­iz­a­tion. Inform­a­tion shall be col­lec­ted by fair and law­ful means.
  5. Lim­it­ing Use, Dis­clos­ure, and Reten­tion: Per­son­al inform­a­tion shall not be used or dis­closed for pur­poses oth­er than those for which it was col­lec­ted, except with the con­sent of the indi­vidu­al or as required by the law. Per­son­al inform­a­tion shall be retained only as long as neces­sary for the ful­fil­ment of those pur­poses.
  6. Accur­acy: Per­son­al inform­a­tion shall be as accur­ate, com­plete, and up-to-date as is neces­sary for the pur­poses for which it is to be used.
  7. Safe­guards: Per­son­al inform­a­tion shall be pro­tec­ted by secur­ity safe­guards appro­pri­ate to the sens­it­iv­ity of the inform­a­tion.
  8. Open­ness: An organ­iz­a­tion shall make read­ily avail­able to indi­vidu­als spe­cif­ic inform­a­tion about its policies and prac­tices relat­ing to the man­age­ment of per­son­al inform­a­tion.
  9. Indi­vidu­al Access: Upon request, an indi­vidu­al shall be informed of the exist­ence, use and dis­clos­ure of his or her per­son­al inform­a­tion and shall be giv­en access to that inform­a­tion. An indi­vidu­al shall be able to chal­lenge the accur­acy and com­plete­ness of the inform­a­tion and have it amended as appro­pri­ate.
  10. Chal­len­ging Com­pli­ance: An indi­vidu­al shall be able to address a chal­lenge con­cern­ing com­pli­ance with the above prin­ciples to the des­ig­nated indi­vidu­al or indi­vidu­als for the organization’s com­pli­ance.

To meet these prin­ciples, CIC makes these com­mit­ments:

  1. The Man­aging Dir­ect­ors of the cor­por­a­tion are respons­ible for the imple­ment­a­tion and main­ten­ance of this policy.
  2. Wherever CIC gath­ers inform­a­tion on indi­vidu­als, this inform­a­tion will be main­tained in a con­fid­en­tial man­ner. CIC will not sell, lease, lend or oth­er­wise dis­close per­son­al inform­a­tion col­lec­ted for any pur­pose except where per­mit­ted or required by Cana­dian Fed­er­al or Pro­vin­cial law. A notice will be pos­ted on web pages and oth­er doc­u­ments where per­son­al inform­a­tion may be gathered inform­ing indi­vidu­als that their inform­a­tion is being col­lec­ted for a spe­cif­ic pur­pose, out­lining that pur­pose and their rights under the PIPEDA.
  3. Where per­son­al inform­a­tion exceed­ing that which is pub­licly avail­able is gathered on an indi­vidu­al, a request for con­sent to gath­er that inform­a­tion will be made. Refus­ing to give con­sent may pre­vent the indi­vidu­al from obtain­ing access to cer­tain products or ser­vices. Where this is the case, a notice will be clearly made indic­at­ing the reas­ons for refus­al of ser­vice.
  4. CIC will lim­it the col­lec­tion of per­son­al inform­a­tion to that spe­cific­ally required for the stated pur­poses.
  5. Per­son­al form­a­tion exceed­ing that which is pub­licly avail­able will only be used for the ori­gin­al pur­pose for which it was obtained. CIC will not sell, lease, lend or oth­er­wise dis­close per­son­al inform­a­tion col­lec­ted for any pur­pose except where per­mit­ted or required by Cana­dian Fed­er­al or Pro­vin­cial law. Per­son­al inform­a­tion will be retained for a lim­ited peri­od not exceed­ing five (5) years after which time it shall be securely des­troyed.
  6. Every effort will be made to ensure that the inform­a­tion gathered is accur­ate and up-to-date as neces­sary for the pur­pose. Indi­vidu­als have the right to request access to the inform­a­tion that is held by CIC, and to make cor­rec­tions, addi­tions or dele­tions at any time. A request must be sub­mit­ted in writ­ing, along with accept­able iden­ti­fic­a­tion to allow CIC officers to determ­ine that the indi­vidu­al request­ing the changes is the indi­vidu­al whose inform­a­tion will be affected. Wherever pos­sible, CIC will provide the means for indi­vidu­als to securely view and modi­fy their per­son­al inform­a­tion dir­ectly.
  7. CIC will employ suit­able secur­ity meas­ures to pro­tect per­son­al inform­a­tion from unau­thor­ized use by any indi­vidu­al or organ­iz­a­tion.
  8. CIC policies and pro­ced­ures on col­lec­tion and use of per­son­al inform­a­tion shall be made pub­licly avail­able.
  9. Indi­vidu­als have the right to free access to their per­son­al inform­a­tion. Any­one who believes that CIC may hold their per­son­al inform­a­tion will be giv­en free access to that inform­a­tion as out­lined else­where in this policy. Wherever pos­sible, means will be provided to facil­it­ate dir­ect access to per­son­al inform­a­tion by the indi­vidu­al.
  10. Chal­lenges to this policy or to CIC com­pli­ance with this policy and the PIPEDA shall be dir­ec­ted to the indi­vidu­als respons­ible for imple­ment­a­tion and main­ten­ance of this policy as giv­en in Sec­tion I of this policy.

Managing Directors

Douglas Nix, C.E.T., Man­aging Dir­ect­or, Sales and Oper­a­tions and Prin­cip­al Con­sult­ant

Kim­berly Nix, O.C.T., B.Ed., Man­aging Dir­ect­or, Fin­ance, Data Pro­tec­tion, Mar­ket­ing and Edu­ca­tion­al Design

Or write us at:

Com­pli­ance InSight Con­sult­ing Inc.
145 Deer Ridge Drive,
Kit­chen­er, Ontario N2P 2K9
CANADA

Phone: +1(519) 650‑4753
Email: privacy@complianceinsight.ca