1.01 The Far Northeast Training Board and its employees will take all reasonable steps to maintain the confidentiality of all confidential organizational and personal information.
1.02 The Far Northeast Training Board and its employees will respect and protect the privacy of personal information by complying with the 10 privacy principles required by the Personal Information Protection and Electronic Documents Act (PIPEDA), as follows:
1.04 The Far Northeast Training Board will maintain high standards of physical and electronic security wherever personal information is being handled.
1.05 Employees have a right to understand, access and correct their personal information. Employee personal information collected, used or disclosed will be subject to the same care and conditions as outlined for other personal information.
1.06 The Far Northeast Training Board will collect from individuals only that personal information for which it has obtained consent.
1.07 The Far Northeast Training Board will use personal information only for those purposes for which consent has been obtained.
1.08 The Far Northeast Training Board will maintain its store of personal information in a secure fashion.
2.01 This Statement of Policy and Procedures outlines the Far Northeast Training Board's compliance with privacy legislation, principles and practices.
3.01 This policy applies to all Far Northeast Training Board personnel and volunteers.
3.02 Compliance with the principles outlined in this policy shall be treated as essential for contract compliance with suppliers, consultants and other contracted organizations.
4.01 It is the responsibility of every employee to ensure that privacy of personal information is protected and respected.
4.02 It is the responsibility of the Privacy Officer to:
5.01 All employees will protect and respect confidential and personal information by:
The Far Northeast Training Board will appoint a Privacy Officer whose name and contact information will be publicly available as the point of contact for all inquiries or issues related to privacy of personal information. The Privacy Officer is responsible for:
These 10 principles are summarized from a Model Code for the Protection of Personal Information in the National Standard of Canada, based on Schedule 1 of the PIPEDA legislation. More explicit information can be obtained by referring directly to the Schedule.
An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance. Their identiy should be made known upon request. The individual bears accountability for compliance regardless of who may perform day-to-day processes. The company is responsible for information transferred to a third party for processing and should take steps to provide a comparable level of protection of the information from that third party.
The purposes for which an company is collecting personal information should be identified and documented at or before the time of collection. These purposes should be specified to the individual at or before the time of collection, either verbally or in writing. Care should be taken not to collect information that isn't strictly needed. Should a new purpose arise after this, the consent of the individual is again required before it can be used, unless the use is required by law.
The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where that is inappropriate. in certain circumstances, such as when medical, legal or security reasons make it impossible, personal information can be collected, used or disclosed without the knowledge or consent of the individual. An organization should not, as a condition of sale of a product or service require consent for other uses of the information beyond that required to provide the product or service. In obtaining consent, the reasonable expectations of the individual are also relevant, as for example, an individual should reasonably expect a magazine to contact them for subscription renewals. Consent should not be obtained through any form of deception. An individual may withdraw their consent at any time subject to legal or contractual restrictions and reasonable notice.
The collection of personal information should be limited to that which is necessary for the purposes identified by the company. Information should not be collected indiscriminately. Information should not be collected illegally.
Personal information should not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information should be retained only as long as necessary for the fulfilment of those purposes. Companies should develop documented guidelines for the retention periods for personal information. After the retention period is up, personal information no longer required should be destroyed, erased or made anonymous.
Personal information should be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used. Unless it is required for the original purpose, a company should not routinely update personal information.
Personal information should be protected by security safeguards appropriate to the sensitivity of the information. Safeguards against loss, theft, and unauthorized access, copying, use or modification should all be addressed, including physical measures (e.g. locks, restricted access areas), organizational measures (e.g. security clearances, authorization processes) and technological measures (e.g. passwords, encryption). The nature of the safeguards should vary with the level of sensitivity of the information. Employees should be made aware of the importance of maintaining confidentiality of personal information. Care should be used in the disposal or destruction of personal information.
A company should make readily available to individuals its policies and practices relating to the management of personal information. This should include the name or title and address of the company's Privacy Officer, how to gain access to personal information held by the company, a description of the type of information held and details of what information is made available to related organizations and why.
Upon request, an individual should be informed of the existence, use an disclosure of his or her personal information and be given access to it, within a reasonable timeframe and at limited or no cost to the individual. An individual should be able to challenge the accuracy and completeness of the information and have it amended. Under certain limited circumstances (cost, references to others' personal information, legal, security, competitive proprietary, subject to litigation or client privilege) a company may not be able to provide the information, but these situations should be limited and specific. A company holding a sensitive medical information may choose to make it available through a medical practitioner. It is fair for a company to require specific personal information to validate a person's identity before disclosing. Companies should be able to provide a list of other organizations to which it has disclosed personal information.
An individual should be able to address a challenge concerning compliance with the above principles to the Privacy Officer of the company. Principles and procedures related to this principle should be in place, and the company should be prepared to explain these to individuals. Complaints should be documented, investigated and responded to within a reasonable period.
At Far Northeast Training Board we respect and protect your privacy. This means that:
Personal information is the information that relates to you as an individual. @l Personal information beyond your name and contact information may include any or all of the following: alternative contact information, email correspondence, preferred payment method. We will only requeession cookies" used only for the time you stay on the website each visit. We do have some "persistent cookies" to identify previous visits so that you may be directed to that part of our website that you are most interested in. "Persistent cookies" stay on your computer between visits to the site. If you do not wish to accept cookies, you may choose not to by setting your browser options to inform you when cookies are being sent or to deny cookies altogether. Please note, however, that by not accepting cookies, you may limit the functionality that we can provide to you when you visit our site.
If you have questions or comments about our policy or about the personal information we have about you, you may contact us and we will do our best to answer your questions. Our Privacy Officer can be reached at 1-800-530-9176 or 705-362-5788, or via email firstname.lastname@example.org. You can also write to us at: Far Northeast Training Board, P. O. Box 2198, 1425 Front Street, Hearst, ON, P0L 1N0.