Accompass and personal information
At Accompass, since so much of our business is based on understanding and analyzing information about groups of employees, we carefully reviewed the federal privacy legislation effective January 1, 2004. This was of primary importance to us because handling employee data is an integral part of our service as we work with clients and insurers in providing comprehensive group benefit and retirement plans to employee groups. Usually, we don’t acquire or examine the personal data of a single individual. Nonetheless, from time-to-time, we are, indeed, the recipients of individuals’ private information.
When we find ourselves in the position of handling private and personal information, we proceed very carefully. Protecting privacy, diligently monitoring our own use of information, and communicating with discretion — both in print and verbally — is fundamental to how we at Accompass handle sensitive information.
Processes are in place
We have internal systems in place intended to protect private data. These procedures range from ensuring proper consents are provided, to frequent shredding of sensitive material and using encryption software for our email communication. All Accompass employees incorporate these practices into their work processes.
Adhering to the standards for protection
Canada’s new federal privacy legislation is based on the Canadian Standards Association’s Model Code for the Protection of Personal Information, which was recognized as a standard for privacy protection in 1996. Canadian legislation now requires adherence to these standards. And at Accompass, we are pleased to state that these 10 principles reflect the spirit in which we have always managed personal information and in which we will continue to do so.
The 10 principles of the Model Code for the Protection of Personal Information are:
Accountability – Ensuring there is a person or persons accountable for the organization’s compliance with privacy criteria.
Identifying Purposes – Identifying, before or at the time information is collected, the purpose for collecting personal information.
Consent – Acquiring an individual’s consent for the use or disclosure of personal information, except when inappropriate.
Limiting Collection – Collecting personal information is limited to only what is necessary for the organization’s stated purposes and shall be collected by fair and lawful means.
Limiting Use, Disclosure and Retention – Personal information is not to be used or disclosed for purposes other than the stated business purposes, for which it was collected, except with the individual’s consent or as required by law. Personal information shall be retained only as long as is necessary to fulfill the organization’s stated business purposes.
Accuracy – Personal information shall be accurate, complete and up-to-date as much as necessary for the organization’s stated business purposes.
Safeguards – Personal information is to be protected by security safeguards appropriate to the sensitivity of the information.
Openness – An organization shall make readily available information about its policies and practices regarding the management of personal information.
Individual Access – Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual must be able to challenge the accuracy and completeness of the information and have it amended if appropriate.
Challenging Compliance – An individual may challenge an organization’s compliance with these principles.
If you have any specific questions or comments about our privacy compliance, please feel free to contact Michael Worb at 416-969-8588 who, in keeping with the requirement for accountability, is the Privacy Officer for Accompass.