This policy is intended to ensure the operations of Environics Communications comply fully with the requirements of the Personal Information Protection and Electronic Documents Act (the Act). This policy will be updated from time to time if required.
It is expected that all staff respect any personal information that may be gathered and that the security and confidentiality of personal information be of foremost concern. In general, our business does not require the collection or use of personal information beyond basic contact information (personal information under this law does not include details that might appear on a business card such as name, title, address, etc.). This fact lessens the need to have detailed compliance arrangements. Therefore, the practice of not collecting unnecessary personal information should be continued as a primary step. This includes information that may be shared with us by clients.
For clarity, personal information is defined as any factual or subjective information about an identifiable individual. This could include, but is not limited to, things such as age, income, evaluation notes and past employment. The Act applies to outside individuals, and not to employees.
If you are collecting any personal information, consent must be obtained from the individual and you must explain the purpose in using that information. Consent can be explicitly stated, or is implied if a person has voluntarily sent us information (such as a resume). Once obtained, you must ensure the information is kept in a protected place and only used for the original stated purpose. A protected place is either our company network server for electronic data or a locked cabinet or drawer for paper copies. Personal information such as job applicant resumes should not be left out in the open.
Consent is not required for collecting personal information already in your possession prior to January 1st, 2004. However, in order to continue to use or disclose this information, consent is now required.
Once any personal information is no longer required, it should be destroyed using a confidential method, such as electronic file deletion or shredding of
paper. Files should be reviewed regularly so that any outdated information is deleted.
If personal information is maintained, it should be reviewed for fairness and accuracy. If you are not sure, delete it. A part of this policy is the right of people outside of our company to request copies of their personal information in our possession.
Further, if personal information is maintained, it should only be used for the original intent. It should not be shared beyond this purpose unless individual approval has been given.
In addition to the requirements of the Act, all employees of the Company must strictly maintain the confidentiality and privacy interests of clients, the Company, and employees. Client and Company materials (documents, photos, etc.) are not to be used for any purposes outside of your job responsibilities. Photos or records of Client or Company events are also private. The Company’s reputation for trust is very dependent upon our discretion. A breach of confidentiality or privacy is grounds for dismissal. These expectations also continue in place if you leave the company.
If there are questions about this policy or requests for personal information records, they should be directed to Bruce MacLellan (ECI’s designated privacy officer). A fee of $100.00 will be charged to share any files.
Respect for personal privacy benefits everyone in society. This is a policy that we should be glad to support.
Released January 2004. Updated 2014