Law Firm Compliance: Key Privacy Considerations for Lawyers and Law Firms in Ontario

Size: px
Start display at page:

Download "Law Firm Compliance: Key Privacy Considerations for Lawyers and Law Firms in Ontario"

Transcription

1 PRIVACY COMPLIANCE ISSUES FOR LAW FIRMS IN ONTARIO By Sara A. Levine 1 Presented at Law Firm Compliance: Key Privacy Considerations for Lawyers and Law Firms in Ontario Ontario Bar Association, May 6, of Fasken Martineau DuMoulin LLP. This paper expresses the personal views of the author and does not necessarily reflect the position of Fasken Martineau DuMoulin or its clients.

2 This paper addresses certain issues that may arise for lawyers and law firms in Ontario in the context of ensuring compliance with the Personal Information Protection and Electronic Document Act (Canada) (the "PIPEDA"). This paper is not intended to present a comprehensive picture of the issues and challenges presented by this new legislation; rather it attempts to highlight particular issues arising as a result of the tension between our traditional duties and modes of practice and the requirements of the statute. 1. Overview of the Legislation The PIPEDA regulates private sector organizations in respect of the collection, use and disclosure of personal information by the organization in the course of commercial activity. Pursuant to the PIPEDA, an organization must obtain the informed consent of the subject individual prior to collecting, using or disclosing his or her personal information in the course of commercial activity. The PIPEDA provides that, subject to certain exceptions, an organization shall not collect, use or disclose an individual s personal information in the course of a commercial activity without that individual s prior knowledge and consent. Although agency law principles arguably raise issues with respect to the application of some privacy law obligations to lawyers, there is little doubt that in most contexts, a law firm is engaged in commercial activities when providing services or otherwise operating its business. Further, the organization may only collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances. While the impact of this requirement is not further explored in this paper, law firms should be cognizant that it may have implications for the extent to which they use personal information for purposes other than the provision of services, and ask the question: regardless Privacy Compliance Issues for law Firms in Ontario

3 Page 3 of whether we may rely on a consent, is it appropriate in the circumstances to use or disclose this personal information for this purpose? The PIPEDA also imposes a number of administrative obligations on organizations, the first of which is to designate an individual to oversee the firm s privacy compliance (generally referred to as the Chief Privacy Officer ). The Chief Privacy Officer must ensure that the organization establishes, and trains its employees to apply, policies and procedures to ensure that it, among other things: limits the collection of personal information to what is necessary to fulfil the identified purposes; limits use and disclosure of personal information to those purposes for which it has consent or are otherwise permitted by law; limits the disclosure to persons in the organization who need to know the personal information; retains the personal information only so long as is necessary; maintains the accuracy of the personal information; and establishes and maintains security measures against loss, theft, unauthorized access, disclosure, copying, use and modification. The organization must also make public its privacy polices and practices, ensure that an individual may generally within 30 days of a request obtain access to the personal information it has about him or her, and must receive and respond to complaints made by individuals regarding compliance with the legislation.

4 Page 4 The PIPEDA does not apply to information about an organization s employees that is collected, used or disclosed by the organization for employment purposes. Provincial privacy legislation does apply to the collection, use and disclosure of personal information for employment purposes. Accordingly, national law firms must be mindful of the impact of provincial privacy laws on their national privacy policies and practices. Provincial privacy legislation is not discussed in detail in this paper, but it should not be forgotten that Quebec, 2 British Columbia 3 and Alberta 4 each has enacted private sector privacy legislation. Quebec s law has been declared substantially similar" to the PIPEDA and, at the time of writing, the necessary Orders-in-Council to declare B.C. s and Alberta s statutes to be substantially similar have been proposed. When those Orders come into force, organizations to which those Acts apply will be exempt from the PIPEDA within the respective province. In addition, Manitoba, Saskatchewan and Alberta have health sector privacy legislation and Ontario s Bill 31, the Personal Health Information Protection Act, is expected to come into force on January 1, The other provinces do not currently have any generally applicable private sector privacy legislation, and it is expected that they will not enact their own legislation but simply rely on the PIPEDA. 2 An Act respecting the protection of personal information in the private sector, R.S.Q. c. P Personal Information Protection Act, S.B.C. 2003, c Personal Information Protection Act, S.A. 2003, p. P-6.5

5 Page 5 2. Key Definitions Personal information is broadly defined in s. 2 of the PIPEDA as any information about an identifiable individual, with the exception of the name, title, business address or telephone number of an employee of an organization. This includes, but is not limited to, an individual s address, gender, age, ethnic origin, race, ID numbers, financial and credit information, personal health information, shareholdings, criminal records, family status, sexuality, relationships, religious affiliations, employment history, education, personal habits, personal interests and personal history. Obviously, all of these types of information can be found in retainers, s, memos, letters, agreements, wills, trust documents, opinions, pleadings, releases and other documents, and the drafts of any such documents. Departments within a firm, such as accounting, marketing, corporate services and human resources will also contain significant amounts of personal information. An individual s name need not be attached to the information in order for it to qualify as personal information. If it can be linked with identifying information, it will be personal information. Conversely, personal data that has been anonymized" or stripped of any personal identifiers, will not be personal information. Commercial activity is defined in s. 2 as any particular transaction, act or conduct or a regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists.

6 Page 6 An organization is defined to include a partnership and a person. Obviously, then, based on the sheer breadth of these definitions, the PIPEDA has the potential to impose significant restrictions on the ability of lawyers and law firms to deal with personal information. 3. The Difference between the Right to Privacy and the Duty of Confidentiality The basic premise of the PIPEDA is that organizations have a duty to protect personal information and individuals have a corresponding right to control how the organization handles their personal information. Therefore, regardless of who generated the personal information, the subject individual has the right to control what a law firm does with it, to have access to it upon request, and to have it corrected, subject to limited exceptions. It is this right of control that distinguishes the right to privacy from the duty of confidentiality the obligation of an individual to keep confidential any information communicated in circumstances of confidence. Now, the duty of confidence is incorporated into this broader obligation to protect personal information. This broader duty raises two issues for lawyers. First, PIPEDA mandates protection of all the information the organization has about any identifiable individual, located anywhere in the firm. Accordingly, non-clients now are owed duties in respect of their personal information that a lawyer collects, uses and discloses. All lawyers are familiar with their fundamental fiduciary

7 Page 7 obligations to their clients, but the PIPEDA s imposition of these broader obligations - especially to non-clients - is new. Secondly, the security obligations under PIPEDA require organizations to use safeguards that are appropriate to the sensitivity of the information. These safeguards must protect information against loss or theft, and also against unauthorized access, disclosure, copying, use or modification. More sensitive information should be safeguarded by a higher level of protection. Safeguards include physical measures such as locked filing cabinets, and organizational measures such as limiting access on a need to know basis. 5 The impact of the security obligations on law firms is unresolved and the matter of some debate. In the context of a law firm, which is in the business of providing advice in respect of sensitive personal matters, how is the notion of sensitivity applied to limit access to personal information? When a document contains sensitive personal information, can different members of a law firm utilize it as a precedent? When a research memorandum sets out the particular client s facts in detail including personal information, must access to the memo thereafter be strictly limited? Is use of the document also use of the personal information? How does a law firm engage in the cost-effective provision of service, thereby increasing access to justice, if privacy laws are applied to create what may amount to walls around each client file or matter? How is lawyer training accomplished when young lawyers may not have access to existing research memoranda for reference purposes? How can a law firm effectively supervise, or administer its billing and 5 PIPEDA, clause 4.7.3

8 Page 8 accounting functions, if access to sensitive personal information is strictly limited? In a profession in which the sharing of confidences among partners and associates is a common-law presumption, the tension between these duties and obligations poses real challenges. 4. Access Rights and Privilege The PIPEDA requires organizations to put into place policies and procedures to enable an individual to request from the organization, and with certain limited exceptions, to be provided, access to the personal information about that individual. The PIPEDA contains detailed provisions requiring organizations to disclose to the individual, generally within 30 days of receipt of the written request, any personal information about the individual that the organization has in its possession. These access provisions present very specific problems for lawyers. First, locating all the personal information of an individual may be difficult, depending on the nature of the file or the location of the records. In addition, with limited exceptions, clients are entitled to have access to most of the contents of the client file in any event, but now, non-clients may also be granted access to information in a file, in certain circumstances. What this means for the administration of access requests is uncertain. Access may only be refused for very limited reasons including (per subsection 9(3)(a)) when the information is solicitor-client privileged (but note, there is no statutory exception for litigation or work product privilege, raising issues about the extent of the privilege exception). In light of the

9 Page 9 limits placed on solicitor-client privilege by the Courts in recent years, the question of whether a particular piece of information is solicitor-client privileged is not straightforward. There is also an exception to the right of access if the information is generated in the course of a formal dispute resolution process (ss. 9(3)(d)), but outside the litigation context this exception may provide little assistance. A law firm also possesses a great deal of personal information that is not client-related. For example, personal information includes the information stored on the marketing database, and in employee files (for example, resumes and other information about individuals the firm considered hiring but ultimately did not hire, or information regarding former employees). An individual s right of access extends to the information located in these files as well. 5. General Issues with Respect to the Personal Information Held by a Law Firm The PIPEDA governs a law firm in respect of the personal information it collects, uses and discloses for its own business purposes and in respect of the personal information it collects from its client or on their behalf, to use or disclose in the course of the retainer. A law firm collects from clients and others, personal information that is about clients, non-clients, adverse parties, third parties, witnesses, employees of clients, experts and consultants relied upon by clients, and sometimes personal information about opposing counsel. Such personal information is often located in a number of places. Paper files contain a great deal of personal information about a potentially very large number of identifiable individuals. Personal information about clients and

10 Page 10 others will also be held in electronic form in the documents prepared by lawyers and clerks in the course of the retainer. Further, many lawyers use a customer relationship management database, to collect personal information on clients and others for use by the lawyers in their client development and management activities. Research memoranda may be retained to be used as reference material. A precedents database may also be used to keep and categorize useful precedents. The effect of PIPEDA on these areas should not be overlooked. In the next section of this paper the potential impact of privacy law on the major departments in a law firm is briefly discussed. Regardless of the size of a law firm, the principles of the following discussion remain the same. Information Technology: This is obviously the department with overall responsibility for the way in which much of the information held by a law firm is stored. For the IT department, the major issues will be limiting access to information those individuals who need to know the information to carry out their job function, and developing other security safeguards such as the use of anonymizing technology and operational safeguards. For example, a hierarchy of roles or functions may be assigned, with roles assigned levels or degrees of access. Access may also be limited by department, with walls established between the professionals and their assistants, and the staff who have access to accounting information or human resources information, but not to client information. Passwords, firewalls and secure encryption may also be utilized. Laptops, handheld devices and wireless networking also raise security issues.

11 Page 11 Website: The firm website must also be considered. If personal information is collected through the website, the appropriate procedures will be required. Cookies are frequently used on websites in order to facilitate better utilization of the site by the user. Cookies often collect personal information, which raises privacy issues. For example, in a finding of the Privacy Commissioner of Canada, the use by an airline of permanent and temporary cookies on its website to permanently collect language and country of choice and temporarily collect name, mileage balance, country code and language preference amounted to a collection under the Act. Because the website was coded in such a way that a user could not proceed until the cookie had been stored, a user who had configured his browser to disable cookies could not access the site. The Commissioner found that because the denial of access to the site amounted to a requirement to provide, as a condition of the provision of service, more personal information than was necessary, the organization was in breach of the Act. 6 Human Resources: While the PIPEDA does not apply in respect of employee information, HR departments often contain a great deal of personal information related to prospective employees (i.e., applicants), past employees and partners. Such personal information is subject to the PIPEDA. And, in any event, provincial legislation does apply to to personal information about employees in B.C., Alberta, and Quebec and, accordingly, law firms with offices in those provinces will have to treat such information in accordance with the applicable legislation. 6 PIPED Act Case Summary #162

12 Page 12 Administration: Often an administration department is responsible for third party contracts with service providers, some of which provide services that involve personal information. Accordingly, those contracts will need to be examined to ensure compliance. For example, closed client files are frequently stored in off-site storage, provided by a third party storage company. Mail rooms, copying services and other administrative matters may be outsourced. Where personal information is transferred by a law firm to a third party service provider for processing, the law firm remains responsible for ensuring a comparable level of protection while the information is being processed. Accordingly, those departments must be assessed and the agreements with these service providers will have to be reviewed and updated. Billing and Accounting: Time dockets contain details of the work done on the client s behalf, and client information includes financial and accounts receivable status, record of payments and other financial information. Where this information is about an identifiable individual, it will be personal information. The ways in which such personal information is collected, used and disclosed for accounting purposes must be assessed and the contracts with any third party providers such as systems providers or contract accounting professionals must be examined and updated. In addition, a law firm may wish to consider its policies with respect to, for example, file naming conventions and conflict searches, which may raise issues relating to the security obligations and the "need to know" principle. Marketing: Client databases are often maintained by a marketing department. Contact information and other client details (such as family status, number of children, interests or

13 Page 13 education) may be added to the database in an ad-hoc manner whenever instructions are received from any lawyer or staff member. Frequently law firms communicate with clients for marketing purposes through , newsletters or legal updates. These communications may use personal information (i.e., personal addresses, interests or preferences). An assessment of the number and types of databases maintained for marketing purposes, and the information contained therein, should be undertaken. Corporate Services: Many law firms maintain corporate records on behalf of clients. These records contain personal information about shareholders, officers and directors. This information may reside on a database, and may also be contained in paper files in a corporate records department. The nature and extent of such information will require assessment and the appropriate procedures should be addressed. 6. Balancing Legal Requirements and Business Goals At the foundation of all privacy legislation is the requirement that an organization must obtain the informed consent of the individual prior to collecting, using or disclosing his or her personal information. A large proportion of the personal information held by a law firm is obviously about clients. But an equally large proportion is about non-client third parties: relatives or business associates of individual clients, adverse parties, witnesses, officers or employees of clients, experts and consultants, and various other third parties, many of whom might ordinarily never know that the law firm has such personal information. The administrative obligations imposed

14 Page 14 by the legislation require all organizations, including law firms, to ensure that safeguards appropriate to the sensitivity of the information are implemented to prevent unauthorized access, use, disclosure, modification or destruction of the personal information in its possession. It remains to be seen how the PIPEDA will be applied to law firms, in light of the unique nature of the work that lawyers do and the central function lawyers fulfil within the justice system. There is no doubt, however, that the application of privacy laws to lawyers in private practice is going to change the way we all do business.

The Manitoba Child Care Association PRIVACY POLICY

The Manitoba Child Care Association PRIVACY POLICY The Manitoba Child Care Association PRIVACY POLICY BACKGROUND The Manitoba Child Care Association is committed to comply with the legal obligations imposed by the federal government's Personal Information

More information

3. Consent for the Collection, Use or Disclosure of Personal Information

3. Consent for the Collection, Use or Disclosure of Personal Information PRIVACY POLICY FOR RENNIE MARKETING SYSTEMS Our privacy policy includes provisions of the Personal Information Protection Act (BC) and the Personal Information Protection and Electronic Documents Act (Canada),

More information

Personal Information Protection and Electronic Documents Act (PIPEDA)

Personal Information Protection and Electronic Documents Act (PIPEDA) Introduction Personal Information Protection and Electronic Documents Act (PIPEDA) Policy and The Insurance Brokers Association of Alberta is committed to respect the privacy rights of individuals by ensuring

More information

Doing Business. A Practical Guide. casselsbrock.com. Canada. Dispute Resolution. Foreign Investment. Aboriginal. Securities and Corporate Finance

Doing Business. A Practical Guide. casselsbrock.com. Canada. Dispute Resolution. Foreign Investment. Aboriginal. Securities and Corporate Finance About Canada Dispute Resolution Forms of Business Organization Aboriginal Law Competition Law Real Estate Securities and Corporate Finance Foreign Investment Public- Private Partnerships Restructuring

More information

Taking care of what s important to you

Taking care of what s important to you A v i v a C a n a d a I n c. P r i v a c y P o l i c y Taking care of what s important to you Table of Contents Introduction Privacy in Canada Definition of Personal Information Privacy Policy: the ten

More information

THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK

THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK REVISED August 2004 PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK Introduction

More information

Boys and Girls Clubs of Kawartha Lakes B: Administration B4: Information Management & Policy: Privacy & Consent Technology

Boys and Girls Clubs of Kawartha Lakes B: Administration B4: Information Management & Policy: Privacy & Consent Technology Effective: Feb 18, 2015 Executive Director Replaces: 2010 Policy Page 1 of 5 REFERENCE: HIGH FIVE 1.4.3, 2.2.4, 2.5.3, PIDEDA POLICY: Our Commitment Boys and Girls Clubs of Kawartha Lakes (BGCKL) and the

More information

Credit Union Code for the Protection of Personal Information

Credit Union Code for the Protection of Personal Information Introduction Canada is part of a global economy based on the creation, processing, and exchange of information. The technology underlying the information economy provides a number of benefits that improve

More information

Cloud Computing: Privacy and Other Risks

Cloud Computing: Privacy and Other Risks December 2013 Cloud Computing: Privacy and Other Risks by George Waggott, Michael Reid and Mitch Koczerginski, McMillan LLP Introduction While the benefits of outsourcing organizational data storage to

More information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information INTRODUCTION Privacy legislation establishes legal privacy rights for individuals and sets enforceable

More information

Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005

Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005 Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad Toronto, Ontario June 14, 2005 Outsourcing Update: New Contractual Options and Risks Lisa K. Abe June 14, 2005

More information

PROTECTION OF PERSONAL INFORMATION

PROTECTION OF PERSONAL INFORMATION PROTECTION OF PERSONAL INFORMATION Definitions Privacy Officer - The person within the Goderich Community Credit Union Limited (GCCU) who is responsible for ensuring compliance with privacy obligations,

More information

ADMINISTRATIVE MANUAL Policy and Procedure

ADMINISTRATIVE MANUAL Policy and Procedure ADMINISTRATIVE MANUAL Policy and Procedure TITLE: Privacy NUMBER: CH 100-100 Date Issued: April 2010 Page 1 of 7 Applies To: Holders of CDHA Administrative Manual POLICY 1. In managing personal information,

More information

PRIVACY POLICY. Last updated February 2, 2009 INTRODUCTION

PRIVACY POLICY. Last updated February 2, 2009 INTRODUCTION PRIVACY POLICY Last updated February 2, 2009 INTRODUCTION This Privacy Policy explains how personal information about you may be collected, used, or disclosed by the Canadian Education and Research Institute

More information

PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation )

PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation ) PRIVACY POLICY (Initially adopted by the Board of Directors on November 16, 2007) PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation ) The Corporation is committed to controlling the collection,

More information

TEACHERS ACT [SBC 2011] Chapter 19. Contents PART 1 - DEFINITIONS

TEACHERS ACT [SBC 2011] Chapter 19. Contents PART 1 - DEFINITIONS [SBC 2011] Chapter 19 Contents 1 Definitions PART 1 - DEFINITIONS PART 2 COMMISSIONER AND DIRECTOR OF CERTIFICATION 2 Appointment of commissioner 3 Commissioner s power to delegate 4 Recommendations about

More information

Personal Information Protection Act. Information Sheet 5: 1. Personal Employee Information

Personal Information Protection Act. Information Sheet 5: 1. Personal Employee Information Personal Information Protection Act Information Sheet 5 Introduction The Personal Information Protection Act (PIPA) governs the collection, use, disclosure, retention and protection of personal information

More information

SUBJECT: VOYAGEUR TRANSPORTATION CORPORATE POLICIES/PROCEDURES TITLE: PRIVACY OF PERSONAL HEALTH INFORMATION

SUBJECT: VOYAGEUR TRANSPORTATION CORPORATE POLICIES/PROCEDURES TITLE: PRIVACY OF PERSONAL HEALTH INFORMATION SUBJECT: VOYAGEUR PAGE 1 1.0 PURPOSE: 1.1 To establish and document a policy which defines Voyageur s commitment to the protection of an individual s personal health information in the course of providing

More information

PERSONAL INFORMATION PRIVACY POLICY FOR EMPLOYEES AND VOLUNTEERS [ABC SCHOOL]

PERSONAL INFORMATION PRIVACY POLICY FOR EMPLOYEES AND VOLUNTEERS [ABC SCHOOL] [Insert Date of Policy] PERSONAL INFORMATION PRIVACY POLICY FOR EMPLOYEES AND VOLUNTEERS of [ABC SCHOOL] Address Independent schools in British Columbia are invited to adopt or adapt some or all of this

More information

PRIVACY POLICY. Effective: January 1, 2014 Revised: March 19, 2015. Privacy Policy Page 1 of 7

PRIVACY POLICY. Effective: January 1, 2014 Revised: March 19, 2015. Privacy Policy Page 1 of 7 PRIVACY POLICY Effective: January 1, 2014 Revised: March 19, 2015 Privacy Policy Page 1 of 7 WAJAX CORPORATION PRIVACY POLICY GENERAL POLICY Privacy Overview Wajax Corporation (Wajax) and its business

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

INSTITUTE FOR SAFE MEDICATION PRACTICES CANADA

INSTITUTE FOR SAFE MEDICATION PRACTICES CANADA INSTITUTE FOR SAFE MEDICATION PRACTICES CANADA PRIVACY IMPACT ASSESSMENT (PIA) ON ANALYZE-ERR AND CURRENT DATA HANDLING OPERATIONS VERSION 3.0-2 JULY 11, 2005 PREPARED IN CONJUNCTION WITH: ISMP Canada

More information

Index All entries in the index reference page numbers.

Index All entries in the index reference page numbers. Index All entries in the index reference page numbers. A Audit of organizations, 37-38, Access to personal information 162-163 by individual, 22, 31, 151-154 B assistance by organization, Biometrics, 123-125

More information

NORTHWESTEL CODE OF FAIR INFORMATION PRACTICES. Effective January 1, 2001

NORTHWESTEL CODE OF FAIR INFORMATION PRACTICES. Effective January 1, 2001 NORTHWESTEL CODE OF FAIR INFORMATION PRACTICES Effective January 1, 2001 The Northwestel Code of Fair Practices complies fully with the Personal Protection and Electronic Documents Act and incorporates

More information

GeneralTerms. andconditions

GeneralTerms. andconditions LSTariffs GeneralTerms andconditions General Terms and Conditions Introduction Welcome to LSS Tariffs, the guide to how the Legal Services Society compensates lawyers for their work on legal aid referrals.

More information

Information Governance Policy

Information Governance Policy Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its

More information

Questions and answers for custodians about the Personal Health Information Privacy and Access Act (PHIPAA)

Questions and answers for custodians about the Personal Health Information Privacy and Access Act (PHIPAA) Questions and answers for custodians about the Personal Health Information Privacy and Access Act (PHIPAA) This document provides answers to some frequently asked questions about the The Personal Health

More information

Cultural Human Resources Council (CHRC) Personal Information Protection and Electronic Documents Act (PIPEDA) Privacy Policy

Cultural Human Resources Council (CHRC) Personal Information Protection and Electronic Documents Act (PIPEDA) Privacy Policy Cultural Human Resources Council (CHRC) Personal Information Protection and Electronic Documents Act (PIPEDA) Privacy Policy September 2004 1.0 INTRODUCTION... 3 2.0 CHRC POLICY STATEMENT... 3 3.0 PRIVACY

More information

Lobbying the Government of Canada: Disclosure and Ethics

Lobbying the Government of Canada: Disclosure and Ethics Lobbying the Government of Canada: Disclosure and Ethics FM Panelists: Guy Giorno, Sean Morley Guest Panelist: Timothy Hutzul, Director, Legal Services, Aecon Group Inc. Toronto Fasken Martineau Symposium

More information

AlixPartners, LLP. General Data Protection Statement

AlixPartners, LLP. General Data Protection Statement AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection

More information

British Columbia Personal Information Protection Act. Frequently Asked Questions:

British Columbia Personal Information Protection Act. Frequently Asked Questions: British Columbia Personal Information Protection Act Frequently Asked Questions: (Further queries may be sent to Bob Stewart at the B.C. Conference Archives.) (1) What is the Personal Information Protection

More information

CIHI Submission: 2011 Prescribed Entity Review

CIHI Submission: 2011 Prescribed Entity Review pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health

More information

PRIVACY POLICY. Consent

PRIVACY POLICY. Consent PRIVACY POLICY car2go N.A. LLC and car2go Canada Ltd. (collectively, car2go ) recognize the importance of protecting your personal information. We take the protection of your personal information seriously

More information

The Winnipeg Foundation Privacy Policy

The Winnipeg Foundation Privacy Policy The Winnipeg Foundation Privacy Policy The http://www.wpgfdn.org (the Website ) is operated by The Winnipeg Foundation (the Foundation ). The Winnipeg Foundation Privacy Policy Foundation is committed

More information

Privacy Impact Assessment Of the. Office of Inspector General Information Technology Infrastructure Systems

Privacy Impact Assessment Of the. Office of Inspector General Information Technology Infrastructure Systems Privacy Impact Assessment Of the Office of Inspector General Information Technology Infrastructure Systems Program or application name: Office of Inspector General Information Technology Infrastructure

More information

Cloud Computing Contracts. October 11, 2012

Cloud Computing Contracts. October 11, 2012 Cloud Computing Contracts October 11, 2012 Lorene Novakowski Karam Bayrakal Covering Cloud Computing Cloud Computing Defined Models Manage Cloud Computing Risk Mitigation Strategy Privacy Contracts Best

More information

Taking care of what s important to you

Taking care of what s important to you National Home Warranty Group Inc. Privacy Policy Taking care of what s important to you Table of Contents Introduction Privacy in Canada Definition of Personal Information Privacy Policy: the ten principles

More information

Ottawa Valley Veterinary Professional Corporation. Personal Information Policy

Ottawa Valley Veterinary Professional Corporation. Personal Information Policy Ottawa Valley Veterinary Professional Corporation Personal Information Policy Introduction The Personal Information Protection and Electronics Documents Act ( PIPEDA ) is a federal legislation which came

More information

Insurance Journal. Defending Until the End When Does the Duty to. Volume 1, Issue 3 Editor Keoni Norgren. May 1, 2013

Insurance Journal. Defending Until the End When Does the Duty to. Volume 1, Issue 3 Editor Keoni Norgren. May 1, 2013 Insurance Journal May 1, 2013 In this Issue Volume 1, Issue 3 Editor Keoni Norgren Defending Until the End When Does the Duty to Defend End? Cyber Liability Laws in Canada Dolden Wallace Folick Welcomes

More information

SASKATCHEWAN OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER INVESTIGATION REPORT F-2012 003. Saskatchewan Workers Compensation Board

SASKATCHEWAN OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER INVESTIGATION REPORT F-2012 003. Saskatchewan Workers Compensation Board Date: August 29, 2012 File No.: 2008/101 SASKATCHEWAN OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER INVESTIGATION REPORT F-2012 003 Saskatchewan Workers Compensation Board Summary: The Commissioner

More information

Overview. Definition of a Standard. Purpose of the Privacy Standard

Overview. Definition of a Standard. Purpose of the Privacy Standard PURPOSE The Privacy Standard sets the foundation for all guidelines, policies and procedure within the toolkit. It is expected that this Privacy Standard will be used in its entirety and will not be rewritten

More information

COMPLYING WITH THE PERSONAL HEALTH INFORMATION ACT

COMPLYING WITH THE PERSONAL HEALTH INFORMATION ACT COMPLYING WITH THE PERSONAL HEALTH INFORMATION ACT The Personal Health Information Act, S.N.S. 2010, c.41 (referred to as PHIA or the Act ) was passed by the Nova Scotia government on December 10, 2010.

More information

We will not collect, use or disclose your personal information without your consent, except where required or permitted by law.

We will not collect, use or disclose your personal information without your consent, except where required or permitted by law. HSBC Privacy Notice HSBC's Privacy Principles HSBC Bank Canada is a subsidiary of HSBC Holdings plc which, together with its subsidiaries and affiliates, is one of the world s largest banking and financial

More information

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.

More information

9. PRIVACY COMPLIANCE

9. PRIVACY COMPLIANCE 9. PRIVACY COMPLIANCE Overview 9.1 Privacy Compliance Reviews This chapter covers privacy compliance reviews; privacy considerations when planning or implementing new or modified programs, information

More information

Privacy 101: A Guide to Privacy Legislation for Fundraising Professionals and Not-For-Profit Organizations in Canada (Version I)

Privacy 101: A Guide to Privacy Legislation for Fundraising Professionals and Not-For-Profit Organizations in Canada (Version I) Privacy 101: A Guide to Privacy Legislation for Fundraising Professionals and Not-For-Profit Organizations in Canada (Version I) This guide was prepared by a cross-sector working group representing: Association

More information

Personal Information Protection Act ( PIPA ) Privacy-Proofing Your Retail Business Tips for Protecting Customers Personal Information 1

Personal Information Protection Act ( PIPA ) Privacy-Proofing Your Retail Business Tips for Protecting Customers Personal Information 1 Personal Information Protection Act ( PIPA ) Tips for Protecting Customers Personal Information 1 More than ever before, retailers have to be prepared to deal with customers who ask questions about the

More information

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY Oana Dolea 7 th Annual Leg@l.IT Conference March 26th, 2013 Montreal, Canada INTRODUCTION Mobile e-commerce vs. E-commerce Mobile e-commerce:

More information

Federation of Law Societies of Canada. Ottawa, November 26, 2013

Federation of Law Societies of Canada. Ottawa, November 26, 2013 Submission to the Standing Senate Committee on Banking, Trade and Commerce in Respect of Bill C-4 (a second Act to implement certain provisions of the budget tabled in Parliament on March 21, 2013 and

More information

Privacy Policy. 30 January 2015

Privacy Policy. 30 January 2015 Privacy Policy 30 January 2015 Table of Contents 1 Overview 3 Purpose 3 Scope 3 2 Collection 3 What information do we collect? 3 What if you do not give us the information we request? 4 3 Use of information

More information

Human Resources Policy documents. Data Protection Policy

Human Resources Policy documents. Data Protection Policy Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and

More information

PRIVACY LAW. In an age of social media, cloud computing, global networks. and international data flows, incidents involving data security

PRIVACY LAW. In an age of social media, cloud computing, global networks. and international data flows, incidents involving data security Doing Business in Canada 1 O: PRIVACY LAW THE ROCKIES Canada s most visited mountain range, the Rockies, is an international destination for sports, sightseeing and escape from the daily grind. Privacy

More information

Personal Information Protection and Electronic Documents Act

Personal Information Protection and Electronic Documents Act PIPEDA Self-Assessment Tool Personal Information Protection and Electronic Documents Act table of contents Why this tool is needed... 3 How to use this tool... 4 PART 1: Compliance Assessment Guide Principle

More information

College of DuPage Information Technology. Information Security Plan

College of DuPage Information Technology. Information Security Plan College of DuPage Information Technology Information Security Plan April, 2015 TABLE OF CONTENTS Purpose... 3 Information Security Plan (ISP) Coordinator(s)... 4 Identify and assess risks to covered data

More information

National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada

National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada Introduction National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada This Privacy Policy describes the manner in which the National Association of Pharmacy

More information

Carriers Insurance Brokers Pty. Limited

Carriers Insurance Brokers Pty. Limited Our Privacy Policy At Carriers Insurance Brokers Pty. Limited, ABN 66 001 609 936, we are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian

More information

Protecting your privacy

Protecting your privacy Protecting your privacy Table of Contents Answering your questions about privacy Your privacy... 1 Your consent... 1 Answering your questions about privacy... 2 About cookies... 9 Behavioural Advertising/Online

More information

PIPEDA and Online Backup White Paper

PIPEDA and Online Backup White Paper PIPEDA and Online Backup White Paper The cloud computing era has seen a phenomenal growth of the data backup service industry. Backup service providers, by nature of their business, are compelled to collect

More information

PUBLIC INTEREST DISCLOSURE (WHISTLEBLOWER PROTECTION) ACT

PUBLIC INTEREST DISCLOSURE (WHISTLEBLOWER PROTECTION) ACT Province of Alberta Statutes of Alberta, Current as of June 1, 2013 Office Consolidation Published by Alberta Queen s Printer Alberta Queen s Printer 7 th Floor, Park Plaza 10611-98 Avenue Edmonton, AB

More information

OFFICE OF HUMAN RESOURCES (OHR) 1650 Bedford Ave, Brooklyn, NY (718) (PHONE) (718) (FAX) Website Privacy Policy

OFFICE OF HUMAN RESOURCES (OHR) 1650 Bedford Ave, Brooklyn, NY (718) (PHONE) (718) (FAX) Website Privacy Policy The CUNY Information Security Office has provided a resource http://security.cuny.edu/ for CUNY Information Security policies, advisories and awareness information. The following policy applies to users

More information

CHARITY LAW BULLETIN NO. 302

CHARITY LAW BULLETIN NO. 302 CHARITY LAW BULLETIN NO. 302 FEBRUARY 27, 2013 EDITOR: TERRANCE S. CARTER GOING MOBILE: LEGAL CONSIDERATIONS FOR MOBILE APP DEVELOPMENT By Colin J. Thurston * A. INTRODUCTION Canadian charities and not-for-profit

More information

ChangeIt Privacy Policy - Canada

ChangeIt Privacy Policy - Canada ChangeIt Privacy Policy - Canada 1. Policy on Privacy of Personal Information Formulating Change Inc. ( FCI, we, us or our ) is committed to protecting the privacy and security of your Personal Information

More information

CANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS. White Paper

CANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS. White Paper CANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS White Paper Table of Contents Addressing compliance with privacy laws for cloud-based services through persistent encryption and key ownership... Section

More information

Data Protection Policy.

Data Protection Policy. Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data

More information

PERSONAL HEALTH INFORMATION PROTECTION ACT, 2004: AN OVERVIEW FOR HEALTH INFORMATION CUSTODIANS

PERSONAL HEALTH INFORMATION PROTECTION ACT, 2004: AN OVERVIEW FOR HEALTH INFORMATION CUSTODIANS PERSONAL HEALTH INFORMATION PROTECTION ACT, 2004: AN OVERVIEW FOR HEALTH INFORMATION CUSTODIANS Note: This document provides a general overview of the Personal Health Information Protection Act, 2004,

More information

DISASTER RECOVERY INSTITUTE CANADA WEBSITE PRIVACY POLICY (DRIC) UPDATED APRIL 2004

DISASTER RECOVERY INSTITUTE CANADA WEBSITE PRIVACY POLICY (DRIC) UPDATED APRIL 2004 DISASTER RECOVERY INSTITUTE CANADA (DRIC) UPDATED APRIL 2004 This website privacy policy is intended to provide DRIC website visitors with information about how DRIC treats private and personal information

More information

VIDEO SURVEILLANCE GUIDELINES

VIDEO SURVEILLANCE GUIDELINES VIDEO SURVEILLANCE GUIDELINES Introduction Surveillance of public spaces has increased rapidly over recent years. This growth is largely attributed to the significant advances in surveillance technology

More information

Ausgrid Privacy Policy

Ausgrid Privacy Policy Ausgrid Privacy Policy Ausgrid is responsible for the safe and reliable supply of electricity to homes and businesses throughout Sydney, the Hunter and the Central Coast. Its network is made up of more

More information

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),

More information

Conducting Surveys: A Guide to Privacy Protection. Revised January 2007 (updated to reflect A.R. 186/2008)

Conducting Surveys: A Guide to Privacy Protection. Revised January 2007 (updated to reflect A.R. 186/2008) Conducting Surveys: A Guide to Privacy Protection Revised January 2007 (updated to reflect A.R. 186/2008) ISBN 978-0-7785-6101-9 Produced by: Access and Privacy Service Alberta 3rd Floor, 10155 102 Street

More information

THE QUÉBEC PRIVATE SECURITY ACT

THE QUÉBEC PRIVATE SECURITY ACT AUGUST 2010 THE QUÉBEC PRIVATE SECURITY ACT AND ITS APPLICATION TO ELECTRONIC SECURITY FIRMS Construction, Engineering, Surety and Fidelity Group CONSTRUCTION LAW BULLETIN www.blgcanada.com In 2004 the

More information

MCOLES Information and Tracking Network. Security Policy. Version 2.0

MCOLES Information and Tracking Network. Security Policy. Version 2.0 MCOLES Information and Tracking Network Security Policy Version 2.0 Adopted: September 11, 2003 Effective: September 11, 2003 Amended: September 12, 2007 1.0 POLICY STATEMENT The Michigan Commission on

More information

Insurance Adjusters Council Code of Conduct

Insurance Adjusters Council Code of Conduct Insurance Adjusters Council Code of Conduct TABLE OF CONTENTS INTRODUCTION... 1 EXECUTIVE SUMMARY... 2 INTERPRETATION... 4 CODE OF CONDUCT PRINCIPLES... 6 1. INTEGRITY AND TRUSTWORTHINESS... 6 2. GOOD

More information

Disclosure is the action of making new or secret information known.

Disclosure is the action of making new or secret information known. /PURPOSE OF POLICY Pty Limited (Momentum) is required and committed to comply with the Australian Privacy Principles (APPs) in the Privacy Act 1998 (Cth) (Privacy Act). The APPs regulate the manner in

More information

The kinds of personal information we collect and hold vary depending on the services we are providing, but generally can include:

The kinds of personal information we collect and hold vary depending on the services we are providing, but generally can include: ABN 47 001 768 190 AFSL 244526 Our Privacy Policy At Capital Insurance Brokers, we are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian

More information

Office of the Information and Privacy Commissioner Province of British Columbia Order No. 16-1994 July 8, 1994

Office of the Information and Privacy Commissioner Province of British Columbia Order No. 16-1994 July 8, 1994 Office of the Information and Privacy Commissioner Province of British Columbia Order No. 16-1994 July 8, 1994 INQUIRY RE: A Request for Access to Records of the Insurance Corporation of British Columbia

More information

GUIDANCE FOR EMPLOYED BARRISTERS. Part 1. General

GUIDANCE FOR EMPLOYED BARRISTERS. Part 1. General GUIDANCE FOR EMPLOYED BARRISTERS Part 1. General 1.1 This guidance has been issued by the Professional Standards Committee, the Professional Conduct and Complaints Committee and the Employed Barristers

More information

University of Liverpool Online Programmes - Privacy Policy for Visitors and Students

University of Liverpool Online Programmes - Privacy Policy for Visitors and Students University of Liverpool Online Programmes - Privacy Policy for Visitors and Students PLEASE NOTE: The following privacy terms relate to the University of Liverpool s online programmes and not The University

More information

Assume that the following clause was included in the retainer agreement between SK Firm LLP and the Corporation (the Relieving Clause ):

Assume that the following clause was included in the retainer agreement between SK Firm LLP and the Corporation (the Relieving Clause ): ETHICAL SCENARIO #3 I. FACT PATTERN A Saskatchewan law firm ( SK Firm LLP ) acts on behalf of an out of province (e.g. national) corporation (the Corporation ). SK Firm LLP s role has been solely to file

More information

SCOTIA DEALER ADVANTAGE RETAIL FINANCING PROGRAM DEALER AGREEMENT

SCOTIA DEALER ADVANTAGE RETAIL FINANCING PROGRAM DEALER AGREEMENT SCOTIA DEALER ADVANTAGE RETAIL FINANCING PROGRAM DEALER AGREEMENT This Agreement executed on by Scotia Dealer Advantage Inc ( SDA ) and (the Dealer ). (Dealership Legal Name) WHEREAS the Dealer carries

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review

More information

Protecting Personal Information. A Workbook for Non-Profit Organizations Discussion Draft, March 2010

Protecting Personal Information. A Workbook for Non-Profit Organizations Discussion Draft, March 2010 Protecting Personal Information A Workbook for Non-Profit Organizations Discussion Draft, March 2010 The Office of the Information and Privacy Commissioner of Alberta and Access and Privacy, Service Alberta,

More information

Satisfaction of principles In order to meet the requirements of the principles, Team Bees will:

Satisfaction of principles In order to meet the requirements of the principles, Team Bees will: Data Protection Policy Introduction. Team Bees is required to maintain certain personal data about living individuals for the purposes of satisfying operational and legal obligations. Team Bees recognises

More information

ORDER P-660. Appeal P-9400005. Workers' Compensation Board

ORDER P-660. Appeal P-9400005. Workers' Compensation Board ORDER P-660 Appeal P-9400005 Workers' Compensation Board ORDER On March 28, 1994, the undersigned was appointed Inquiry Officer and received a delegation of the power and duty to conduct inquiries and

More information

Information, Statistics and Tips from the Lawyers Insurance Fund

Information, Statistics and Tips from the Lawyers Insurance Fund FAMILY LAW BASICS 2014 UPDATE PAPER 10.1 Information, Statistics and Tips from the Lawyers Insurance Fund These materials were prepared by Edna M. Ritchie of the Lawyers Insurance Fund, Law Society of

More information

A Privacy Handbook for Lawyers PIPEDA AND YOUR PRACTICE

A Privacy Handbook for Lawyers PIPEDA AND YOUR PRACTICE A Privacy Handbook for Lawyers PIPEDA AND YOUR PRACTICE Table of Contents Introduction...1 Privacy Issues in Managing a Law Practice...6 Privacy issues in Civil Litigation...16 Conclusion...26 Endnotes...28

More information

PIPA and Strata Corporations: Frequently Asked Questions

PIPA and Strata Corporations: Frequently Asked Questions PIPA and Strata Corporations: Frequently Asked Questions Introduction This FAQ is intended to accompany the Privacy Guidelines for Strata Corporations and Strata Agents (https://www.oipc.bc.ca/guidance-documents/1455)

More information

Personal Information Protection Act. Information Sheet 12: 1. Service Providers Outside Canada: Notification, Policies and Practices

Personal Information Protection Act. Information Sheet 12: 1. Service Providers Outside Canada: Notification, Policies and Practices : Notification, Policies and Practices Personal Information Protection Act Information Sheet 12 Introduction Organizations in Alberta operate in an increasingly global business environment. Large and small

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection

More information

Information Management and Protection Policy

Information Management and Protection Policy Document Title: Information Management and Protection Policy Document Type: Policy No. Of Pages (11) Scope: Government of Newfoundland and Labrador and Public Bodies supported by the Office of the Chief

More information

Data Compliance. And. Your Obligations

Data Compliance. And. Your Obligations Information Booklet Data Compliance And Your Obligations What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection

More information

PLEASE NOTE. For more information concerning the history of this Act, please see the Table of Public Acts.

PLEASE NOTE. For more information concerning the history of this Act, please see the Table of Public Acts. PLEASE NOTE This document, prepared by the Legislative Counsel Office, is an office consolidation of this Act, current to January 1, 2009. It is intended for information and reference purposes only. This

More information

What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER

What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER INFORMATION AND PRIVACY COMMISSIONER/ONTARIO Table of Contents What is a privacy breach?...1

More information

APPOMENSE HOPE FOR AFRICA PRIVACY POLICY

APPOMENSE HOPE FOR AFRICA PRIVACY POLICY APPOMENSE HOPE FOR AFRICA PRIVACY POLICY Appomense Hope for Africa respects your privacy Appomense Hope for Africa understands the importance of protecting personal information we receive from supporters

More information

Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates. Reference Manual

Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates. Reference Manual Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates Guidelines on Requirements and Good Practices For Protecting Personal Health Information Disclaimer

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection

More information

M&T BANK CANADIAN PRIVACY POLICY

M&T BANK CANADIAN PRIVACY POLICY M&T BANK CANADIAN PRIVACY POLICY At M&T Bank, we are committed to safeguarding your personal information and maintaining your privacy. This has always been a priority for us and this is why M&T Bank (

More information

Data Protection Policy

Data Protection Policy 1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The

More information

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY Version 3.0 DATA PROTECTION ACT 1998 POLICY CONTENTS 1. INTRODUCTION... 3 2. PROVISIONS OF THE ACT... 4 3. SCOPE... 4 4. GENERAL POLICY STATEMENT...

More information

An Executive Overview of GAPP. Generally Accepted Privacy Principles

An Executive Overview of GAPP. Generally Accepted Privacy Principles An Executive Overview of GAPP Generally Accepted Privacy Principles Current Environment One of today s key business imperatives is maintaining the privacy of your customers personal information. As business

More information