As of January 1, 2004, under the Personal Information Protection and Electronic Documents Act (PIPEDA), HPSA is required to obtain an individual's consent when they collect, use or disclose the individual's personal information. Under the Act, HPSA must follow a code for the protection of personal information, which consists of 10 principles of fair information practices.
1. Being Accountable
HPSA will comply with all 10 principles of the Personal Information Protection and Electronic Documents Act. The President of HPSA is responsible for ensuring HPSA's compliance with the Act.
Personal information gathered by HPSA is kept in confidence. Our personnel are authorized to access personal information based only on their need to deal with the information for the reason(s) for which it was obtained. Safeguards are in place to ensure that the information is not disclosed or shared more widely than is necessary to achieve the purpose for which it was gathered. We also take measures to ensure the integrity of this information is maintained and to prevent its being lost or destroyed. We collect, use and disclose personal information only for purposes that a reasonable person would consider appropriate in light of the circumstances.
2. Identifying Purposes
HPSA collects personal data in order to maintain contact with individuals with whom it has normal business dealings and to fulfill its mandate. For example, HPSA uses the collected data to:
- Distribute regular business correspondence including newsletters, event notices, meeting notices, membership information, correspondence;
- Contact individuals via mail, e-mail, telephone, fax;
- Identify groups for the purposes of corresponding (such as categories of memberships)
- Maintain records of correspondence;
- Analyze and improve its services and benefits;
3. Obtaining Consent
HPSA considers consent to be an expression of permission to collect and use information for the purpose of providing services, benefits, and information. HPSA has procedures in place to inform individuals of the purposes for collecting and using personal information, and for obtaining consent to collect and use personal information. Consent may be provided in the form of a written or oral expression of consent or the withdrawal of consent. HPSA obtains consent in person, and/or by mail, internet, telephone, or fax.
4. Limiting Collection
Personal information is any information that can be used to distinguish, identify or contact a specific individual. Certain information is excluded under the Act: information contained on the business card of an employee of an organization and certain publicly available information, such as that published in public directories. Where an individual uses his or her home contact information as business contact information as well, we consider that the contact information provided is business contact information, and is not therefore subject to protection as personal information.
HPSA collects personal information only for purposes that a reasonable person would consider appropriate in light of the circumstances. For example, HPSA collects e-mail addresses so that we can provide services via the internet. HPSA does not collect information that is extraneous to the efficient operation of the Association. HPSA does not collect information on behalf of third parties.
5. Limiting Use, Disclosure and Retention
HPSA only collects personal information for the purpose of maintaining contact and providing services and benefits to business associates. Personal information is retained for as long as HPSA has a business relationship with the individual. When consent is withdrawn, HPSA deletes the information from its database.
6. Being Accurate
HPSA endeavours to keep records as up-to-date as possible to ensure that it is able to fulfill the intended purposes for which the data are collected. Data is obtained directly from the individual, individuals authorized to provide updated data, publicly available directories, and other sources as appropriate. Data is reviewed and updated on an annual basis and throughout the year as updated data is identified.
7. Using Appropriate Safeguards
Personal data is stored on an electronic database in the HPSA office. A User ID and password is required to access the database. The database is backed up according to technological protocols. HPSA's office and the building in which it is housed are locked outside of normal business hours.
Contact information is defined as information necessary to identify the business relationship of the individual and to contact the individual, such as name, telephone number, and e-mail address. Contact information is stored on handheld devices belonging to, and secured by, senior HPSA employees.
8. Being Open
9. Giving Individuals Access
Individuals may contact the HPSA office to review their personal information records. Correspondence should be sent to the Executive Director at firstname.lastname@example.org or tel.: 1-613-723-7282. Someone will be available to answer questions about the requested information. HPSA will correct incorrect information on a timely basis, usually within 48 hours of notice. There are no costs or charges associated with the correction of information.
10. Challenging Compliance