The Ten Principles of the New Privacy Legislation
- Accountability: An organization is responsible for the personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the legislation’s privacy principles (Privacy Officer).
- Identifying Purposes: The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected
- Consent: The knowledge and consent of the individual is required for the collection, use or disclosure of personal information, except where inappropriate.
- Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
- Limiting Use, Disclosure and Retention: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.
- Accuracy: Personal information shall be accurate, complete and up to date as is necessary for the purposes for which it is to be used.
- Safeguards: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
- Openness: An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information
- Individual Access: Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
- Challenging Compliance: An individual shall be able to address a challenge concerning compliance with the above principles to the privacy officer accountable for the organization’s compliance
What is Personal Information?
Personal information is any information which identifies an individual. Personal information includes information that relates to one’s personal characteristics, their health, their activities, views, and social status. Personal information is different from business-related information (e.g. the name and address of your clinic, and your contact numbers), which is not protected by privacy legislation. Generally, the information the association collects about its members is business-related in nature, and the association itself is non-profit. Should exceptions to the foregoing occur, members would be asked to read and sign the Denturist Association of Canada Member Consent to Personal Information Form.
In the conduct of normal business, the Denturist Association of Canada uses a number of private contractors and agencies (i.e. Administrator, bookkeeper, auditor, lawyers) that may, in the course of their duties, have limited access to personal information we hold about our members. Where possible, we restrict their access to any personal information, and we have their assurance that they follow appropriate privacy principles. Again, the vast majority of this information will be business-related in nature.
Primary Purposes for Collecting Personal Information
The Denturist Association of Canada collects, uses and discloses personal and business-related information in order to:
- Serve the membership and its needs
- To work with outside contractors who conduct business on behalf of the association
- To maintain an accurate registry of licensed Denturists and interns
- To publish and distribute membership lists
- For billing (professional fee) purposes
- To send pertinent information to members (newsletters, meeting announcements, proxy votes and other communications)
- To maintain the web site
- As required in the Act and by-laws
Your personal information can only be used or disclosed for the purposes for which it is obtained, unless a) further consent is obtained; b) except as required by law. Consent may be given verbally.
...about Contract Staff
For people who are contracted to do work for us, our primary purpose for collecting personal information is to have proper contact information, for work-related communication (e.g. sending paycheques and year-end tax receipts), for accurate record keeping and accounting purposes, and as required by law. We will also require your written assurance that any personal information acquired or viewed while performing work for the Denturist Association of Canada will be used only in the appropriate confines of your job description, and will not be disclosed or distributed under any circumstance, except as required by law.
Viewing by Outside Parties or Agencies
Various government agencies (e.g. Canada Customs and Revenue Agency, Information and Privacy Commissioner, Human Rights Commission) have the authority to review our files and interview our staff as part of their mandates.
Release of Information Without Consent
Legal authority to disclose personal information without your consent exists in the following circumstances:To legal counsel
- To comply with a subpoena, warrant or court order
- At the initiative of a specified investigative body relating to law enforcement
- When there is an emergency that threatens the life, health or security of an individual
- Where disclosure is required by law
Protecting Personal Information
We understand the importance of protecting personal information. For that reason, we have taken the following steps:
- Paper information is either under supervision or secured in a locked or restricted area
- Electronic hardware is either under supervision or secured in a locked or restricted area at all times. In addition, passwords and other security safeguards are used on computers.
- Paper information is transmitted through sealed, addressed envelopes or boxes by Canada Post or by reputable courier companies and invididuals.
- Electronic information is transmitted to secure facsimile machines, or is sent via secure computer terminals with up-to-date security features (i.e. firewalls, anti-virus software, encryption)
- External consultants and agencies with access to personal information must enter into a privacy agreement with us.
Retention and Destruction of Personal Information
We need to retain personal information for some time, to ensure that we can answer any questions you or the general public might have about the association and its members., and for our own accountability to external regulatory bodies. The association keeps copies of correspondence for a minimum of seven years, at which time it may, depending on its content, be shredded. In the case of legal documents, minutes, archival records and the like, this information is kept either in the association office, or archived to an outside record storage company and kept indefinitely.
We destroy paper files containing personal information by shredding. We destroy electronic information by deleting it and when the hardware is discarded, we ensure the hard drive is physically destroyed. No credit card information is kept on file in the office for any longer than it takes to process, and any credit card information is shredded.
Access To Your Personal Information
You have the right to see what personal information we hold about you. We reserve the right to charge a reasonable administrative fee for such requests. If there is a problem, you may put your request in writing. If we cannot give you access, we will tell you within 30 days if at all possible, and tell you the reason why we cannot give you access to the information, and when in future it may be made available to you.
If you believe there is a mistake in the information contained in your files, you have the right to ask for it to be corrected. This applies only to factual information, not to any professional or legal opinions formed, or decisions made by any body regulated or appointed by the Denturist Board of Canada. We may ask you to provide documentation that our files are wrong. Where we agree that a mistake has been made, we will make the correction promptly.
Questions About Your Privacy?
The Denturist Association of Canada’s Privacy Officer, can be reached at:
PO Box 46114 RPO Westdale
Winnipeg MB R3R 3S3
Tel: (204) 897-9092/1-800-773-0099
Fax: (204) 895-9595
She will attempt to answer any questions or concerns you might have, and can forward to you the association’s policies related to PIPEDA. If you wish to make a formal complaint about our privacy practices, you may write to our Privacy Officer. She will acknowledge receipt of your complaint, ensure it is investigated promptly and that you are provided with a formal decision, and reasons, in writing.
This policy was developed in accordance with available information about the Personal Information Protection and Electronic Documents Act. It is a complex Act and provides some additional exceptions to the privacy principles that are too detailed to set out herein.
The Information and Privacy Commissioner of Canada oversees the administration of the privacy legislation in the private sector. The federal Information and Privacy Commissioner can be reached at:
112 Kent Street
Ottawa, ON K1A 1H3
Tel: (613) 995-8210
Fax: (613) 947-6850
TTY: (613) 992-9190