Prepared by: Doug Nix
Approved by: Kimberly Nix
The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian Federal Law that regulates the collection and use of personal information within Canada. Compliance InSight Consulting (CIC) and Machinery Safety 101 are obligated to comply with this Act whenever personal information is collected.
This policy applies to the collection and use of personal information exceeding that which is publicly available and includes the storage of that information. Specifically excluded from this policy under the PIPEDA are:
- An employee’s name, title, business address or telephone number;
- Employee information.
Other federal and provincial laws may regulate this information.
All CIC directors, employees and subcontractors are responsible for keeping this policy.
Ten Privacy Principles have been set out by the Federal Department of Justice and the Privacy Commissioner. These principles were first articulated in CSA Q830-96, Model Code for the Protection of Personal Information.
CIC is committed to applying these principles in our business dealings with companies and individuals.
- Accountability: An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles.
- Identifying Purposes: The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
- Consent: The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except when inappropriate.
- Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
- Limiting Use, Disclosure, and Retention: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by the law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes.
- Accuracy: Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
- Safeguards: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
- Openness: An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
- Individual Access: Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
- Challenging Compliance: An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals for the organization’s compliance.
To meet these principles, CIC makes these commitments:
- The Managing Directors of the corporation are responsible for the implementation and maintenance of this policy.
- Wherever CIC gathers information on individuals, this information will be maintained in a confidential manner. CIC will not sell, lease, lend or otherwise disclose personal information collected for any purpose except where permitted or required by Canadian Federal or Provincial law. A notice will be posted on web pages and other documents where personal information may be gathered informing individuals that their information is being collected for a specific purpose, outlining that purpose and their rights under the PIPEDA.
- Where personal information exceeding that which is publicly available is gathered on an individual, a request for consent to gather that information will be made. Refusing to give consent may prevent the individual from obtaining access to certain products or services. Where this is the case, a notice will be clearly made indicating the reasons for refusal of service.
- CIC will limit the collection of personal information to that specifically required for the stated purposes.
- Personal formation exceeding that which is publicly available will only be used for the original purpose for which it was obtained. CIC will not sell, lease, lend or otherwise disclose personal information collected for any purpose except where permitted or required by Canadian Federal or Provincial law. Personal information will be retained for a limited period not exceeding five (5) years after which time it shall be securely destroyed.
- Every effort will be made to ensure that the information gathered is accurate and up-to-date as necessary for the purpose. Individuals have the right to request access to the information that is held by CIC, and to make corrections, additions or deletions at any time. A request must be submitted in writing, along with acceptable identification to allow CIC officers to determine that the individual requesting the changes is the individual whose information will be affected. Wherever possible, CIC will provide the means for individuals to securely view and modify their personal information directly.
- CIC will employ suitable security measures to protect personal information from unauthorized use by any individual or organization.
- CIC policies and procedures on collection and use of personal information shall be made publicly available.
- Individuals have the right to free access to their personal information. Anyone who believes that CIC may hold their personal information will be given free access to that information as outlined elsewhere in this policy. Wherever possible, means will be provided to facilitate direct access to personal information by the individual.
- Challenges to this policy or to CIC compliance with this policy and the PIPEDA shall be directed to the individuals responsible for implementation and maintenance of this policy as given in Section I of this policy.
Douglas Nix, C.E.T., Managing Director, Sales and Operations and Principal Consultant
Kimberly Nix, O.C.T., B.Ed., Managing Director, Finance, Data Protection, Marketing and Educational Design
Or write us at:
Compliance InSight Consulting Inc.
145 Deer Ridge Drive,
Kitchener, Ontario N2P 2K9
Phone: +1(519) 650-4753
Email: [email protected]