POLICY: PRIVACY OF INFORMATION
- PURPOSE and BACKGROUND
Canada Colors and Chemicals Limited (CCC) collects, retains and uses information about its employees, customers, suppliers, contractors, and others with whom it has contact in the course of conducting its business activities.
On January 1, 2004, the federal privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA) came into effect for all commercial enterprises in every Canadian province that does not have similar legislation in force already. This was done in an effort to balance the privacy rights of individuals with reasonable requirements of an organization. PIPEDA governs the collection, use and disclosure of personal information obtained through commercial activities and sets out 10 principles to be observed in protecting this personal information (adopted in the legislation). Where similar legislation already exists in any province, this policy is designed to comply with similar legislation as long as it is considered acceptable in PIPEDA’s view.
CCC believes that it is important not only to comply with PIPEDA and other provincial legislation acceptable to PIPEDA, but also to apply these principles to personal information about its employees.
Caution: Complete confidentiality and security is not yet possible over the Internet. CCC advises you that the Internet is not a secure medium and privacy cannot be absolutely ensured.
This policy applies to all full-time and part-time employees of CCC, whether regular or temporary in employment status, as well as any other individuals, including third parties, that may have access to personal information in their possession.
- POLICY STATEMENT
CCC is committed to maintaining the accuracy, confidentiality, security and privacy of the personal information that is in its possession and that is disclosed to third parties, whether that personal information is about its employees, its customers, its suppliers or any other person(s) with whom it is doing business.
CCC similarly expects all employees to comply with the privacy principles set out in this policy and to work together to satisfy CCC’s privacy obligations. Employees shall not collect, disclose or use personal information without consent, or contravene any section of this policy.
- Personal Information includes any factual or subjective information, recorded or not, that identifies or can be manipulated to identify an individual. This includes information in any form such as a person’s personal e-mail address, credit card numbers, home addresses, identification numbers (e.g. SINs, driver’s license, employee number), age or date of birth, as well as health (e.g. medical records), financial (e.g. salary, credit information) and performance information (e.g. comments and forms in employee files) etc. It generally does not include information normally found on a business card, such as name, title, company, business address, business e-mail address, business telephone or fax number. Nor does it normally include personal information that an individual collects, uses or discloses about another individual strictly for personal, non-commercial uses.
- Commercial Activity is a particular transaction, act or conduct (or a regular course of conduct) "of a commercial character", specifically including the selling, bartering or leasing of donor, membership or other fundraising lists. It is the nature of the activity, not the nature of the organization that counts.
- SUMMARY OF PRIVACY PRINCIPLES
CCC is committed to ensure that the following principles are embraced:
- Accountability: CCC is responsible for personal information in its care, custody and/or control. To this end, CCC is committed to educate its employees on their responsibilities. Furthermore, when we use trusted third parties to act on our behalf, we will ensure compliance to this policy by such third parties. Examples of third parties are organizations that CCC works with in regard to our car insurance, employee benefits and payroll. In addition, the Director, Human Resources has been appointed the Company’s Privacy Officer and is responsible for the organization’s compliance with PIPEDA and other provincial privacy legislation acceptable to PIPEDA.
- Identifying Purpose: Unless the purpose is self-evident, CCC will clearly explain to the individual(s) identified, the purpose(s) for which information is collected, before or at the time of collection.
- Consent: CCC will only record, use or disclose such personal information with the individual’s knowledge and consent except where required and permitted by law. Consent may be express or, in some circumstances, implied, and may be given in writing, oral, electronic or indicated by one’s conduct, such as unquestioned use of a product or service. CCC will also ensure that individuals understand the implications of not providing their consent, and what notice would be required if consent is withdrawn at any point.
- Limiting Collection: CCC will collect personal information only by fair and lawful means, limiting the collection of personal information to only those details necessary for the purpose(s) expressed.
- Limiting Use, Disclosure and Retention: Personal information will only be used for the purposes for which it was collected unless additional consent has been obtained or when it is required or permitted by law. It will be retained only as long as necessary for these purposes or as required by law.
- Accuracy: Personal information will be maintained in as accurate, complete and current form as is necessary to fulfill the purposes for which it was collected.
- Safeguarding: Personal information is protected by physical, procedural and electronic security safeguards appropriate to the type of information collected. Safeguards will vary according to the sensitivity, format, location, amount, distribution and storage of the personal information. They may include locks on physical storage, restricted access, passwords, and employee training.
- Openness: CCC will make information available to individuals concerning the policies and practices that apply to the management of their information.
- Access: Upon request, CCC will inform an individual of the existence, use and disclosure of personal information. Individuals may at any time verify the accuracy and completeness of the information and request that it be amended if appropriate.
- Challenging Compliance: CCC has identified an individual to serve as the contact point for all questions by both internal (i.e. employees) and external individuals with respect to these principles. To this end, all inquiries should be directed to the CCC Privacy Officer: Margo Vanderland, the Director of Human Resources, 416-443-5515, firstname.lastname@example.org.
- All employees, both management and non-management, are responsible for complying with the intent and principles of this policy with respect to personal information to which they have access. Any employee who collects, uses or discloses personal information without consent in contravention of this policy, or violates any other section of this policy, will be subject to discipline, up to and including dismissal.
- CCC’s Privacy Officer is responsible for ensuring that CCC complies with PIPEDA and its 10 Privacy Principles, as well as other provincial privacy legislation acceptable to PIPEDA.
- Responsibility for changes to, and interpretation of, this policy rests with the Director, Human Resources.
Effective December 1, 2004