Phone - Toronto/GTA: 416-805-9999

Phone - Toll Free: 1-800-749-7549

Products & ServicesContact UsNewsLinksHome
 

 
e-News Bulletin Issue 2 - March 4, 2004

Privacy: An Employee’s Right

[Click here for a printer-friendly version of the article.] [Disclaimer]

With the amount of personal information required by the insurance industry to offer products and services to clients, there is little wonder why the industry has been busy auditing existing practices and preparing for the new requirements under PIPEDA. While many private sector companies have already appointed privacy officers, formalized policies and have procedures in place, some companies may still be in the process of reviewing and updating their practices. To help you, we have summarized some information about privacy and the laws that protect it.

What is Privacy?
The Privacy Commissioner of Canada defines privacy as an individual’s right to maintain control over the uses and circulation of his or her personal information.

What is PIPEDA?
The Personal Information Protection and Electronic Documents Act (“PIPEDA”) is federally enacted legislation which regulates the private sector’s management of personal information. PIPEDA establishes rules governing the collection, use and disclosure of personal information in the course of commercial activities. The law gives individuals the right to access, challenge and make changes to information an organization may have collected about them.

What is the impact of PIPEDA?
PIPEDA has applied to businesses and organizations involved in federal works and undertakings or federally regulated sectors for almost three years. Since January 1, 2004, it applies to all of Ontario’s private sector (including not-for-profit organizations). Provincial privacy legislation has also been passed in the provinces of Quebec and British Columbia, and is pending in Alberta. Although Ontario is currently exploring options, no such legislation is currently proposed.

What is Personal Information?
Under the Act, personal information is broadly defined as information (data) – oral, written or electronic – about an identifiable individual. Personal information includes, but is not limited to, the following:

  • Name, address, telephone number and home e-mail address
  • Age, gender, family and marital status
  • Identification numbers (i.e. Social Insurance Number)
  • Financial and employment information
  • Credit rating, payment records
  • Previous insurance and claims experience
  • Medical and health information

What is not considered Personal Information?
The name, title, business address or business telephone number of an employee of an organization (business card information) is not considered personal information. Any data that has been collected which has all the personal identifiers removed, making it impossible to determine the identity of the person to whom it relates, is also not considered personal information.

What are the compliance requirements?
The privacy code is based on ten principles of fair information practices. They form the ground rules for the collection, use and disclosure of personal information. The ten principles are:

  1. Accountability. An organization is responsible for personal information under its control and must designate a person who is accountable for compliance with the principles.
  2. Identifying Purposes. The reason for collecting personal information must be identified at or before the time the information is gathered.
  3. Consent. A person must have knowledge and consent of the collection, use or disclosure of personal information.
  4. Limiting Collection. The collection of personal information must be limited to the purposes identified by the organization. Information should be collected by fair and lawful means.
  5. Limiting Use, Disclosure and Retention. Personal information must be used for purposes defined, except with consent of the individual or as required by law. Personal information should only be kept as long as required to fulfil the defined purpose.
  6. Accuracy. Personal information should be as accurate, complete and up-to-date as possible.
  7. Safeguards. Personal information must be protected by security safeguards appropriate to the sensitivity of the information.
  8. Openness. Policies and practices relating to the management of personal information should be readily available.
  9. Individual Access. At an individual’s request, they should be informed of the existence, use, and disclosure of their personal information and should be given access to that information. Individuals should be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
  10. Challenging Compliance. An individual is able to address a challenge concerning compliance with the above principles to the designated people accountable for the organization’s compliance.

What is required of private sector companies?
Companies should be familiar with the legislation and the requirements of Schedule 1 – which covers the 10 principles. As well, your company should have an internal process for compliance of the privacy principles which should include the following:

  • A designated privacy officer with responsibility for and resources needed to meet these new requirements
  • An internal audit of your privacy practices, including how you collect, store and disclose personal information
  • A privacy policy with procedures for protecting privacy, obtaining consent and addressing complaints
  • Trained staff on the requirements of the privacy policy and procedures
  • On-going internal audit procedures to ensure continued compliance

A Guide for Businesses and Organizations to Canada’s Personal Information Protection and Electronic Documents Act is available from the Office of the Privacy Commissioner at: www.privcom.gc.ca

How does McGowan Insurance Services Ltd. and your insurance company address Privacy?
The insurance industry handles extraordinary amounts of personal data and as a result, has actively embraced and responded to the legislation. At McGowan Insurance Services Ltd., we have always been aware of and sensitive to the need to protect confidential employee information in the conduct of our business. Our privacy policies and practices have been reviewed and are in compliance with privacy legislation. We will make our policy available on our website in the next few weeks and will update you when it’s online.

In addition, all of the insurance carriers that McGowan Insurance Services Ltd. has relationships with have developed policies and procedures to comply with current legislation. Due to the contractual relationship McGowan Insurance Services Ltd. has with its insurance companies, our adherence to privacy is also guided and governed by their policies.

If you have any questions about the information that McGowan Insurance Services Ltd. or your insurance company has on file or for more information on your insurance company’s privacy policies, please call Don McGowan, Privacy Officer for McGowan Insurance Services Ltd. at 1-800-749-7549.

* Some of the content in this article was edited from a communiqué sent to clients of O’Connor MacLeod Hanna LLP, an Oakville-based law firm.

[Click here for a printer-friendly version of the article.] [Back to Top]

Disclaimer: The opinions and advice in this e-News Bulletin are provided for the general guidance and benefit of McGowan Insurance Services Ltd. customers based on information we believe to be accurate. We cannot guarantee its accuracy or completeness for individual circumstances. While we strive to provide reliable, informative material herein, we cannot account for all industry conditions and legislative changes that occur.