In carrying out its mandate under both the Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPEDA), LOCAL INSURANCE BROKERS collects limited personal information about individuals as defined by section 3 of the Privacy Act. As guardian of the privacy rights of individuals in Canada under the Privacy Act and PIPEDA, LOCAL INSURANCE BROKERS is committed to respecting the privacy rights of all individuals whose personal information has been collected by LOCAL INSURANCE BROKERS.
This Policy applies to the activities of LOCAL INSURANCE BROKERS in managing personal information that it collects during the course of directing gifts to registered charities and during the course of its regular administrative activities. The Policy is intended to be consistent with the legislative requirements of the Privacy Act.
LOCAL INSURANCE BROKERS is committed to adhering not only to the Privacy Act to which it is subject, but also to the obligations set out in Schedule I of PIPEDA wherever possible and to the extent relevant.
LOCAL INSURANCE BROKERS is committed to protecting the privacy, confidentiality and security of the personal information that it holds by adhering to the requirements of the Privacy Act with respect to the management of personal information. LOCAL INSURANCE BROKERS is equally committed to ensuring that all employees and agents of LOCAL INSURANCE BROKERS uphold these obligations.
LOCAL INSURANCE BROKERS is responsible for the personal information that it collects as a result of its work to direct gifts to “Registered Charities” under the Canada Revenue Agency’s list of Registered Charities, and which it subsequently retains, uses, discloses, and destroys.
LOCAL INSURANCE BROKERS has and will continue to develop and implement policies and practices to ensure that personal information is handled in strict accordance with the Privacy Act. LOCAL INSURANCE BROKERS’s Chief Privacy Officer is designated as responsible for overseeing the implementation of those policies and practices to ensure compliance, including:
- ensuring open, full and timely communication to employees and individuals about LOCAL INSURANCE BROKERS’s policies, practices and expectations with respect to the handling of personal information;
- the establishment of standards for classifying the sensitivity of personal information, to determine the appropriate level of security required for the information;
- ensuring that personal information is safeguarded from improper access, loss, use, disclosure or destruction through;
- the implementation of systems to ensure that only LOCAL INSURANCE BROKERS employees (including temporary staff) whose LOCAL INSURANCE BROKERS responsibilities require access to personal information, are granted access to that information;
- the inclusion of specific confidentiality provisions in contracts or other arrangements with third parties, which require adherence to the Privacy Act as well as to this Policy and internal procedures;
- ensuring procedures are in place under which individuals may request access to their personal information, request correction of their personal information, and file complaints concerning the management of their personal information;
- ensuring procedures are in place under which individuals are notified of an improper collection, retention, use, disclosure or destruction of their personal information; and
- monitoring the degree of compliance with this Policy annually and, where required, initiating action to correct any deficiencies.
Collection of Personal Information
LOCAL INSURANCE BROKERS collects personal information from individuals for various purposes, primarily relating to how a client of a participating LOCAL INSURANCE BROKERS Brokerage wants a “Gift” to be directed. LOCAL INSURANCE BROKERS may also collect personal information for administrative reasons, e.g. to provide individuals with publications or other requested information.
LOCAL INSURANCE BROKERS commits to collecting only personal information which is directly related to an operating program or activity of LOCAL INSURANCE BROKERS. Wherever possible, such information will be collected directly from the individual about whom it pertains. The amount and the type of the information collected will be limited to that necessary to fulfil identified purpose(s).
Information pertains will not be collected through a third party. LOCAL INSURANCE BROKERS will only have information provided directly from the client or its agent, in this case the Brokerage.
LOCAL INSURANCE BROKERS staff collecting personal information on behalf of LOCAL INSURANCE BROKERS will be required to be able to explain to individuals the purpose(s) for which the information is being collected or—if unable to do so—will be required to refer the individual to a designated person within LOCAL INSURANCE BROKERS who is able to explain the purpose(s).
Full descriptions of the types of personal information collected by LOCAL INSURANCE BROKERS, along with the purposes for which LOCAL INSURANCE BROKERS collects each type of information, are available from LOCAL INSURANCE BROKERS.
Wherever possible, LOCAL INSURANCE BROKERS is committed to seeking the consent of individuals prior to the collection of their personal information. The form of consent may vary depending on the circumstances and the type of information being sought.
Consent can be express or implied and can be provided directly by the individual or by an authorized representative, in this case, the Client’s Brokerage. Express consent of individuals is preferable and will be sought whenever possible. Express consent can be given orally, electronically or in writing. Implied consent may be reasonably inferred from an individual’s action or inaction (i.e. providing a name and address in order to receive a publication, providing a name and telephone number in order to obtain a response to a question).
When determining the appropriate form of consent, LOCAL INSURANCE BROKERS will take into account the sensitivity of the personal information at issue, the purposes for which it is collected, and the reasonable expectations of the individual.
Accuracy / Correction of Personal Information
LOCAL INSURANCE BROKERS will not require that individuals utilize the Privacy Act in order to correct their personal information if there is no need to do so (e.g. to update the individual’s address on a mailing list). There will be instances, however, where individuals will be required to do so (e.g. if the Client moves the information will have to be updated).
LOCAL INSURANCE BROKERS staff will be required to direct individuals who wish to formally correct their personal information to LOCAL INSURANCE BROKERS’s Access to Information and Privacy (ATIP) Unit. When in doubt as to whether a formal request for correction is required, LOCAL INSURANCE BROKERS employees must consult their Manager.
Upon receipt of a formal request for the correction of personal information, LOCAL INSURANCE BROKERS’s Administrative Unit will respond to the Client. A copy of the policy and who to contact for any changes will be found on LOCAL INSURANCE BROKERS website at www.localinsurancebrokers.ca
LOCAL INSURANCE BROKERS will make every reasonable effort to ensure that personal information used in a decision-making process which directly affects the individual to whom the information relates is as accurate, up-to-date and complete as possible. LOCAL INSURANCE BROKERS will also make every reasonable effort to ensure that personal information disclosed to third parties is as accurate, up-to-date and complete as possible.
LOCAL INSURANCE BROKERS will update personal information as necessary in order to fulfil the identified purposes either directly by contacting the individual to whom the information relates, or indirectly from other sources if LOCAL INSURANCE BROKERS has the authority to collect such information from a third party.
In most cases, LOCAL INSURANCE BROKERS will rely on the individual to ensure that factual personal information is accurate, up-to-date and complete. If an individual is able to demonstrate that his/her personal information is inaccurate or incomplete, LOCAL INSURANCE BROKERS will amend the information as required. If appropriate, LOCAL INSURANCE BROKERS will send the amended information to third parties to whom the information has been disclosed.
As there will be no opinion data collected by LOCAL INSURANCE BROKERS, correction of opinion is not an issue.
When a challenge regarding the accuracy of personal information is not resolved to an individual’s satisfaction, LOCAL INSURANCE BROKERS will annotate the personal information at issue with a note advising that a correction was requested but that it was not made. An individual has the right to have a document outlining his/her version on the matter included on the appropriate file. Where appropriate LOCAL INSURANCE BROKERS will provide a copy of that document to any person or body who was provided with the information at issue in order that the other person or body is aware of the individual’s version of the matter.
Retention / Destruction of Personal Information
LOCAL INSURANCE BROKERS is responsible for ensuring that all personal information is managed within an established life cycle. In accordance with the Privacy Act personal information used by LOCAL INSURANCE BROKERS to make a decision about a Client’s gift shall be retained for at least seven years after the decision was made. This allows the individual to exercise legal recourse and ensures that the individual has the opportunity to exercise all of the rights afforded him/her under the Privacy Act. (It is to be noted that one of the purposes of this information is the generation of Tax Receipts, and as such, a seven “tax” year life cycle is deemed reasonable.
LOCAL INSURANCE BROKERS will ensure that proper care is taken in the retention, disposal/destruction of personal information in order to prevent its premature disposal and to ensure its timely disposal.
LOCAL INSURANCE BROKERS will develop guidelines and implement procedures with respect to the retention and destruction of personal information.
Use / Disclosure of Personal Information
LOCAL INSURANCE BROKERS will not use personal information without the consent of the individual about whom the information pertains, unless to do so is for the purpose for which the information was originally collected or compiled, is consistent with that purpose, or is for a purpose for which the information may be disclosed to LOCAL INSURANCE BROKERS under section 8(2) of the Privacy Act. LOCAL INSURANCE BROKERS is committed to seeking the consent of individuals whenever possible. LOCAL INSURANCE BROKERS—when using personal information for a new purpose—will document the new purpose.
LOCAL INSURANCE BROKERS will not disclose personal information outside of LOCAL INSURANCE BROKERS without the consent of the individual about whom the information pertains, or unless to do so is permitted by section 8(2) of the Privacy Act. In the case of a permitted disclosure, LOCAL INSURANCE BROKERS will endeavour to disclose only the specific information that is required under the circumstances and, wherever possible, will inform the individual about the disclosure.
Access to personal information within LOCAL INSURANCE BROKERS will be restricted to those within LOCAL INSURANCE BROKERS who need the information in order to carry out their specific job duties (e.g. conduct investigations, answer inquiries, send publications). Those employees will maintain the information in the strictest of confidence and will not provide access to the information to any unauthorized persons. The level of access to personal information will be determined by LOCAL INSURANCE BROKERS on a need-to-know basis which will be included in relevant LOCAL INSURANCE BROKERS policies and guidelines.
LOCAL INSURANCE BROKERS staff will be cautioned to avoid engaging in discussions involving personal information in any area of LOCAL INSURANCE BROKERS premises, or in any public or private area outside of LOCAL INSURANCE BROKERS (e.g. hallways, elevators, restaurants, washrooms, homes) where remarks could be overheard and which could result in the disclosure of personal information. Doing so without a legitimate reason directly related to a current job responsibility will be considered a violation of this Policy and could constitute a violation of the Privacy Act.
All individuals hired under contract or other means, by LOCAL INSURANCE BROKERS, to conduct business for or on behalf of LOCAL INSURANCE BROKERS, will be required to adhere to the provisions of the Privacy Act with respect to the proper handling and protection of personal information as well as to this Policy and internal procedures. Violations of any part of the contractual agreement may result in termination of the contract.
Safeguarding Personal Information
LOCAL INSURANCE BROKERS will protect personal information from loss or theft, unauthorized access, use or disclosure, modification or destruction through appropriate administrative, technical and physical security measures and safeguards, regardless of the format in which the information is held.
The level of safeguards used to protect personal information will vary depending on the sensitivity of the personal information; the amount, distribution and format of the information; and the method of storage. At a minimum, methods of protection will include:
- controlled entry to LOCAL INSURANCE BROKERS premises, staff training on privacy and the protection of personal information, and limiting access to information on a “need-to-know” basis;
- screening and security checks of employees and prospective employees commensurate with the sensitivity of the information those employees will be handling, before they handle such information;
- technical measures such as passwords, audit trails, encryption, firewalls and other technical security safeguards;
- the gathering of the information is intended to be always electronic, however, should it be necessary, physical measures such as locked filing cabinets, restricted access to offices and other areas where personal information is stored.
Access to Personal Information
LOCAL INSURANCE BROKERS staff will be required to direct individuals who wish formal access to their personal information to LOCAL INSURANCE BROKERS’s Administrative Unit. When in doubt as to whether a formal request is required, LOCAL INSURANCE BROKERS employees must consult with Management.
Upon receipt of a formal request under the Privacy Act or the Access to Information Act, LOCAL INSURANCE BROKERS’s Administrative Unit will respond
LOCAL INSURANCE BROKERS will afford individuals a reasonable opportunity to review their personal information, will do so within a reasonable time frame and, if copies are requested, will provide them whenever possible. Explanations for abbreviations and codes will be provided.
Personal information may be unavailable because it has been destroyed, erased or made anonymous in accordance with information retention obligations. To the extent possible, LOCAL INSURANCE BROKERS will inform the individual of the reasons why the personal information no longer exists.
Complaints / Concerns
As it is inappropriate that LOCAL INSURANCE BROKERS investigate its own actions with respect to its administration of the Privacy Act, complaints lodged against LOCAL INSURANCE BROKERS will be sent to an individual mandated to independently investigate such complaints against LOCAL INSURANCE BROKERS.
Such questions or concerns may be brought to the attention of any LOCAL INSURANCE BROKERS employee who is in a position to address the matter. If unable to do so, or where particular circumstances exist, the employee must refer the matter to his/her immediate supervisor or member of management staff. Where an individual is not satisfied with the results of the actions which may have been taken by LOCAL INSURANCE BROKERS to rectify the matter, or with the explanations given, the individual will be informed of his/her right to file a third party analysis and will be provided direction as to how to do so.
Roles and Responsibilities
Employees – it is incumbent upon all employees of LOCAL INSURANCE BROKERS to inform themselves of their obligations under this Policy and the Privacy Act. Employees must report any and all contraventions of the Policy or the Act to their manager or to ATIP.
Managers and Supervisors – along with the responsibilities noted above, managers and supervisors are required to issue instructions to their staff (as necessary) in order to ensure the adherence to this Policy and the Act. They are also required to examine and/or make inquiries into any issues brought to their attention concerning this Policy and the Act. Where and as appropriate, managers and supervisors must notify, work in concert with, or refer certain matters to the Director of HR and the Departmental Security Officer.
LOCAL INSURANCE BROKERS Chief Privacy Officer – LOCAL INSURANCE BROKERS Chief Privacy Officer (CPO) will provide advice and guidance to Senior Management, managers, supervisors and employees of LOCAL INSURANCE BROKERS with respect to the treatment of personal information within LOCAL INSURANCE BROKERS. The CPO will also act as the primary point of contact for individuals seeking information about LOCAL INSURANCE BROKERS’s handling of their personal information or who have concerns about LOCAL INSURANCE BROKERS’s handling of their personal information. For the purposes of this Policy, the CPO is Mr. Rodney LaRocque.
Monitoring & Evaluation
Measuring compliance with this policy will form part of LOCAL INSURANCE BROKERS internal audit program, which will conduct periodic audits within all programs and services of LOCAL INSURANCE BROKERS. The results of internal audits will be reported to the Privacy Commissioner.
Any inquiries regarding this Policy or for further information or concerns about how LOCAL INSURANCE BROKERS manages the personal information that it collects, should be directed to:
Rodney LaRocque is LOCAL INSURANCE BROKERS’s Chief Privacy Officer. He can be reached at email@example.com or 705-671-9586.