Personal information must be:
Collected with consent and for a reasonable purpose,
Used and disclosed for the limited purpose for which it was collected,
Accessible for inspection and correction, and stored securely.
Sensitive personal information is obviously protected by this legislation, such as
Health and medical history,
Racial or ethnic origin,
Trade union membership,
Personal information does not include the name, business title, business address, or business telephone of any employee. This is information which would reasonably be expected to appear on a business card or letterhead.
Also, a customer who directly discloses personal information through chat rooms, bulletin boards or other public online forums must take responsibility for reviewing the privacy statements of the Web sites chosen to link to from Mascons’ Internet services.
These Principles are based upon the Model Code for the Protection of Personal Information
1.1 Accountability for Mascons’ compliance with this Policy rests with the designated individual, even though other individuals within the organization may be responsible for the day-to-day collection and processing of personal information. Other individuals within the organization may be delegated to act on behalf of the designated individual.
1.2 The identity of the individual designated to oversee Mascons’ compliance with this Policy shall be made known to employees and shall be made available to customers upon request.
1.3 Mascon shall use contractual or other means to provide comparable protection of personal information that has been provided to third parties for processing.
1.4 Mascon shall implement policies and practices to give effect to this Policy, including:
implementing procedures to protect personal information;
establishing procedures to receive and respond to complaints and inquiries;
training staff and providing staff information about Mascons’ policies and practices, and
developing information to explain Mascons’ policies and procedures.
2. Identifying the purposes for personal information collection
The purposes for which personal information is collected shall be identified by Mascon at or before the time the information is collected.
2.1 Mascon collects personal information only for the following purposes:
To establish an account and maintain relations with customers in order to provide service to them;
To understand a customer’s needs and determine eligibility for products and services;
To be able to recommend products and services to customers;
To establish creditworthiness of customers;
To develop new products and services or enhance and market available products and services;
To manage and develop Mascons’ business and operation, including personnel and employment matters, and
To meet legal and regulatory requirements.
Personal information of customers and employees will not be used for any other purpose without their consent.
2.2 The purposes for which Mascon collects personal information will be specified and Mascon will state these purposes in a way to allow an individual to understand how the information will be used or disclosed in order that the consent provided is meaningful.
2.3 Should Mascon propose to use personal information for a purpose not previously identified, the new purpose shall be identified and documented prior to the new use. Unless the new purpose is required by law, the consent of the customer or employee is required before the information can be used for that purpose.
2.4 Persons collecting personal information shall, if requested to do so, explain to customers and employees the purposes for which the information is being collected.
The knowledge and consent of customers and employees are required before or when Mascon collects, uses or discloses personal information, except where inappropriate. Mascon shall make reasonable efforts when obtaining consent to ensure that customers and employees understand how personal information will be used and disclosed by Mascon.
3.1 Typically, Mascon will seek consent for the use or disclosure of the information at the time of collection. In certain circumstances, consent with respect to use or disclosure may be sought after the information has been collected, but before use.
3.2 Personal information may be collected by Mascon without a customer’s or employee’s knowledge or consent in instances where legal, medical or security reasons might make it impossible or impractical to seek consent. For example, when personal information is being collected for the detection or prevention of fraud, seeking consent might defeat the purpose of collecting the information.
3.3 Mascon shall ensure that individuals will be advised of the purposes for which the personal information will be used. To make the consent informed, the purposes must be stated so that an individual can reasonably understand how the information will be used or disclosed.
3.4 Mascon shall not, as a condition of providing service, require a customer to consent to the collection, use or disclosure of personal information beyond that necessary to provide the service.
3.5 In obtaining consent, the reasonable expectations of the individual are also relevant. Consent can be implied as given at the time customers request services and use products and services or, in the case of employees, by the acceptance of employment or benefits, allowing Mascon to collect, use and disclose personal information for all identified purposes.
3.6 The way in which Mascon seeks consent may vary, depending upon the circumstances and the type of information. In determining the form of consent required, Mascon shall take into account the sensitivity of the information. Mascon will generally seek express consent when the information is likely to be considered sensitive. Implied consent is generally appropriate when the information is less sensitive.
3.7 Customers may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice, by contacting Mascon at email@example.com. Mascon shall inform the customer of the implications of such withdrawal.
4. Limiting the collection of personal information
The collection of personal information by Mascon shall be limited to that which is necessary for the purposes identified by Mascon. Information shall be collected by fair and lawful means.
4.1 Mascon shall collect only the amount and type of personal information necessary to fulfill the purposes identified by Mascon to customers and employees.
4.2 Mascon shall not mislead or deceive customers or employees about the purposes for which personal information is being collected.
5. Limiting use, disclosure and retention of personal information
Personal information shall not be used or disclosed by Mascon for purposes other than those for which it was collected except with the consent of the customer or employee, or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.
5.1 If personal information is to be used for a new purpose, Mascon shall document this purpose.
5.2 Mascon shall keep personal information only as long as it remains necessary or relevant for the identified purposes or as required by law. Personal information that has been used to make a decision about a customer or an employee shall be retained long enough to allow the individual access to the information after the decision has been made and to permit any recourse under this Policy and applicable privacy legislation and any other legislative requirements with respect to retention periods.
5.3 Personal information that is no longer required to fulfill the identified purposes shall be destroyed, erased, or made anonymous. Mascon shall develop guidelines and implement procedures to govern the destruction of personal information.
5.4 Mascon may disclose a customer’s personal information to:
Another company or individual for the development, enhancement, marketing or provision of any of Mascons’ products or services;
An agent used by Mascon to evaluate the customer’s creditworthiness or to collect the customer’s account;
A credit reporting agency;
A public authority or agent of a public authority, if in the reasonable judgment of Mascon, it appears that there is imminent danger to life or property which could be avoided or minimized by disclosure of the information; and A third part or parties, where the customer consents to such disclosure or disclosure is required by law.
5.5 Mascon may disclose personal information about its employees:
For normal personnel and benefits administration;
In the context of providing references regarding current or former employees in response to requests from prospective employers; or
Where disclosure is required by law.
5.6 Only those employees or agents of Mascon with a need to know for business purposes or whose duties reasonably so require, are granted access to personal information about customers and employees.
6. Accuracy of personal information
Mascon shall, to the best of its ability, ensure that personal information in its possession is as accurate, complete, and up-to-date as necessary for the purposes for which it is to be used.
6.1 The extent to which the personal information shall be accurate, complete and up-to-date will depend upon use of the information by Mascon, taking into account the interests of the customer or employee. Information shall be sufficiently accurate, complete, and up-to-date so as to minimize the possibility that inappropriate information may be used to make a decision about the customer or employee.
6.2 Mascon shall not routinely update personal information where such updated information is not needed to fulfill the purposes for which it is collected.
6.3 Personal information that is used on an on-going basis, including information that is disclosed to third parties, shall be updated by Mascon to ensure accuracy unless limits to the requirements for accuracy are clearly set out.
Mascon shall protect personal information with security safeguards appropriate to the sensitivity of the information.
7.1 The security safeguards shall protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held.
7.2 The nature of the safeguards will vary depending on the sensitivity of the information that has been collected, the amount, distribution and format of the information, and the method of storage. More sensitive information will be safeguarded by a higher level of protection.
7.3 The methods of protection include:
physical measures, for example, locked filing cabinets and restricted access to offices;
organizational measures, for example, security clearances and limiting access on a “need to know” basis; and
technological measures, for example, the use of passwords and encryption.
7.4 Mascon shall make its employees aware of the importance of maintaining the confidentiality of personal information.
7.5 Mascon shall take care in the disposal or destruction of personal information to prevent unauthorized parties from gaining access to the information.
8. Openness about policies and practices
Mascon shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
8.1 Mascon shall be open about its policies and practices with respect to the management of personal information. Customers and employees shall be able to acquire information about Mascons’ policies and practices without unreasonable effort. This information shall be made available in a form that is generally understandable. This information is available by writing to Mascon to the attention of the Privacy Officer.
8.2 The information made available by Mascon shall include:
the name, title and address of the individual who is accountable for Mascons’ policies and practices and to whom complaints or inquiries can be forwarded;
the means of gaining access to personal information held by Mascon;
a description of the type of personal information held by Mascon, including a general account of its use;
a copy of any documents that describe Mascons’ policies, standards or practices; and e. what personal information is made available to related organizations, including subsidiaries, affiliates or agents.
9. Individual access to personal information
Upon request, and unless prohibited by law, Mascon shall inform customers and employees of the existence, use and disclosure of their personal information and provide access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
9.1 Upon request, Mascon shall inform a customer or employee whether or not the company holds personal information about them, and should indicate the source of this information. Mascon shall allow an individual access to this information. Mascon may, however, choose to make sensitive medical information available through a medical practitioner. In addition, Mascon shall provide an account of the use that has been made or is being made of this information and an account of the third parties to which it has been disclosed.
9.2 A customer or employee may be required to provide sufficient information to Mascon to permit it to provide an account of the existence, use and disclosure of personal information. The information provided to Mascon shall only be used for this purpose.
9.3 In providing an account of third parties to which it has disclosed personal information, Mascon shall attempt to be as specific as possible. When it is not possible to provide a list of the organizations to which it has disclosed information, Mascon shall provide a list of organizations to which it may have disclosed information.
9.4 Mascon shall respond to an individual’s request within a reasonable time and at minimal or no cost. The requested information shall be provided or made available in a form that is generally understandable.
9.5 When a customer or employee successfully demonstrates the inaccuracy or incompleteness of personal information, Mascon shall amend the information as required. Where appropriate, the amended information shall be transmitted to third parties having access to the information in question.
9.6 When a challenge is not resolved to the satisfaction of the customer or employee, Mascon shall record the substance of the unresolved challenge in the personal information relating to the customer or employee. Where appropriate, the existence of the unresolved challenge shall be transmitted to third parties having access to the information in question.
10. Challenging compliance
A Mascon customer or employee shall be able to address a challenge concerning compliance with the above principles to the designated individual accountable for Mascons’ compliance.
10.1 Mascon shall put procedures in place to receive and respond to complaints or inquiries about its policies and practices relating to the handling of personal information. The complaint process should be easily accessible and simple to use.
10.2 Mascon shall inform individuals who lodge complaints of the existence of its complaint procedures. A customer can contact the Cable Television Standards Council (CTSC) if not satisfied with the response from Mascon. In the event the CTSC is not able to resolve the issue, the customer can bring the matter to the attention of the Office of the Privacy Commissioner.
10.3 Mascon shall investigate all complaints. If a complaint is found to be justified, it shall take appropriate measures, including amending its policies and practices, if necessary.
10.4 Employees also have recourse to the Office of the Privacy Commissioner if they consider Mascon has not responded satisfactorily to their complaint or inquiry.
11. Contact information
Cable Television Standards Council
1910 – 350 Albert Street
Web site: http://ctsc.ca (complaints may be submitted online)
Privacy Commissioner of Canada
112 Kent Street
Ottawa , ON
E-mail: firstname.lastname@example.org (complaints must be submitted in writing)
Web site: http://www.privcom.gc.ca
Last revision: November 1, 2012