April 18th, 2013
In carrying out its mandate under both the Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPEDA), Instant Weather, Inc. collects personal information about individuals as defined by section 3 of the Privacy Act. As guardian of the privacy rights of individuals in Canada under the Privacy Act and PIPEDA, Instant Weather, Inc. is committed to respecting the privacy rights of all individuals whose personal information has been collected by Instant Weather, Inc..
This Policy applies to the activities of Instant Weather, Inc. in managing personal information that it collects during the course of mandated activities under the Privacy Act and PIPEDA and during the course of its regular administrative activities.
This Policy does not apply to the personal information of Instant Weather, Inc. employees, volunteers and agents.
Instant Weather, Inc. is committed to protecting the privacy, confidentiality and security of the personal information that it holds by adhering to the requirements of the Privacy Act with respect to the management of personal information. Instant Weather, Inc. is equally committed to ensuring that all employees, agents and volunteers of Instant Weather, Inc. uphold these obligations.
Violation of this Policy through intent or neglect may result in disciplinary action up to and including termination of employment or association with Instant Weather, Inc.. Where appropriate, legal sanctions may also be pursued.
Instant Weather, Inc. is responsible for the personal information that it collects as a result of its mandate under the Privacy Act and PIPEDA and which it subsequently retains, uses, discloses, and destroys. Instant Weather, Inc. has and will continue to develop and implement policies and practices to ensure that personal information is handled in strict accordance with the Privacy Act. Instant Weather, Inc.’s Chief Privacy Officer is designated as responsible for overseeing the implementation of those policies and practices to ensure compliance, including:
- providing the same training for all Instant Weather, Inc. staff (including temporary staff and contractors) concerning the Privacy Act, this Policy and Instant Weather, Inc.’s practices and expectations with respect to the handling of personal information;
- ensuring open, full and timely communication to employees and individuals about Instant Weather, Inc.’s policies, practices and expectations with respect to the handling of personal information;
- the establishment of standards for classifying the sensitivity of personal information, to determine the appropriate level of security required for the information;
- ensuring that personal information is safeguarded from improper access, loss, use, disclosure or destruction through;
- the implementation of systems to ensure that only Instant Weather, Inc. employees (including temporary staff) whose Instant Weather, Inc. responsibilities require access to personal information, are granted access to that information;
- the inclusion of specific confidentiality provisions in contracts or other arrangements with third parties, which require adherence to the Privacy Act as well as to this Policy and internal procedures;
- ensuring procedures are in place under which individuals may request access to their personal information, request correction of their personal information, and file complaints concerning the management of their personal information;
- ensuring procedures are in place under which individuals are notified of an improper collection, retention, use, disclosure or destruction of their personal information.
Collection of Personal Information
Instant Weather, Inc. collects personal information from individuals for various purposes, primarily relating to the investigation of complaints made under the Privacy Act and PIPEDA or relating to inquiries concerning those Acts. Instant Weather, Inc. may also collect personal information for administrative reasons, e.g. to provide individuals with publications or other requested information, concerning attendees to conferences or other functions.
Instant Weather, Inc. commits to collecting only personal information which is directly related to an operating program or activity of Instant Weather, Inc.. Wherever possible, such information will be collected directly from the individual about whom it pertains. The amount and the type of the information collected will be limited to that necessary to fulfil identified purpose(s).
When conducting investigations, a great deal of personal information is collected directly from the individual about whom it pertains, however, Instant Weather, Inc. also collects personal information from other sources, including witnesses, employers, government or corporate files and records, from other third parties etc. Personal information collected for administrative reasons is often collected directly from the individual about whom the information pertains but may also be collected through a third party (e.g. an administrative assistant may provide information concerning his/her supervisor’s attendance at a conference).
Instant Weather, Inc. staff collecting personal information on behalf of Instant Weather, Inc. will be required to be able to explain to individuals the purpose(s) for which the information is being collected or—if unable to do so—will be required to refer the individual to a designated person within Instant Weather, Inc. who is able to explain the purpose(s).
Wherever possible, Instant Weather, Inc. is committed to seeking the consent of individuals prior to the collection of their personal information. The form of consent may vary depending on the circumstances and the type of information being sought. Consent can be express or implied and can be provided directly by the individual or by an authorized representative. Express consent of individuals is preferable and will be sought whenever possible. Express consent can be given orally, electronically or in writing. Implied consent may be reasonably inferred from an individual’s action or inaction (i.e. providing a name and address in order to receive a publication, providing a name and telephone number in order to obtain a response to a question). When determining the appropriate form of consent, Instant Weather, Inc. will take into account the sensitivity of the personal information at issue, the purposes for which it is collected, and the reasonable expectations of the individual.
In the context of investigations conducted under the Privacy Act or PIPEDA, obtaining consent from an individual for the collection, use, or disclosure of personal information may not be possible, appropriate or required. Further, both the Privacy Act and PIPEDA provide for the disclosure of personal information during the course of an investigation if to do so is necessary to carry out an investigation under those Acts and/or to establish the grounds for findings and recommendations contained in the Privacy Commissioner’s report.
Accuracy/Correction of Personal Information
Instant Weather, Inc. will not require that individuals utilize the Privacy Act in order to correct their personal information if there is no need to do so (e.g. to update the individual’s address on a mailing list). There will be instances, however, where individuals will be required to do so (e.g. the individual requests corrections to his/her personal information in an investigation file).
Instant Weather, Inc. will make every reasonable effort to ensure that personal information used in a decision-making process which directly affects the individual to whom the information relates is as accurate, up-to-date and complete as possible. Instant Weather, Inc. will also make every reasonable effort to ensure that personal information disclosed to third parties is as accurate, up-to-date and complete as possible.
Instant Weather, Inc. will update personal information as necessary in order to fulfil the identified purposes either directly by contacting the individual to whom the information relates, or indirectly from other sources if Instant Weather, Inc. has the authority to collect such information from a third party.
In most cases, Instant Weather, Inc. will rely on the individual to ensure that factual personal information is accurate, up-to-date and complete. If an individual is able to demonstrate that his/her personal information is inaccurate or incomplete, Instant Weather, Inc. will amend the information as required. If appropriate, Instant Weather, Inc. will send the amended information to third parties to whom the information has been disclosed.
Correction of opinion will normally be made if the individual was the source of the opinion and the opinion does not concern any other individual. Corrections will not normally be made to opinions given by other individuals about the individual unless there are reasons to suspect the reliability of the source of the opinion, or if the source of the opinion agrees that the opinion was based on incorrect information.
When a challenge regarding the accuracy of personal information is not resolved to an individual’s satisfaction, Instant Weather, Inc. will annotate the personal information at issue with a note advising that a correction was requested but that it was not made. An individual has the right to have a document outlining his/her version on the matter included on the appropriate file. Where appropriate Instant Weather, Inc. will provide a copy of that document to any person or body who was provided with the information at issue in order that the other person or body is aware of the individual’s version of the matter.
Retention/Destruction of Personal Information
Instant Weather, Inc. will ensure that proper care is taken in the retention, disposal/destruction of personal information.
Instant Weather, Inc. will develop guidelines and implement procedures with respect to the retention and destruction of personal information.
Use/Disclosure of Personal Information
Instant Weather, Inc. is committed to seeking the consent of individuals whenever possible.
Instant Weather, Inc. will not disclose personal information outside of Instant Weather, Inc. without the consent of the individual about whom the information pertains. In the case of a permitted disclosure, Instant Weather, Inc. will endeavour to disclose only the specific information that is required under the circumstances and, wherever possible, will inform the individual about the disclosure.
Access to personal information within Instant Weather, Inc. will be restricted to those within Instant Weather, Inc. who need the information in order to carry out their specific job duties (e.g. conduct investigations, answer inquiries, send publications). Those employees will maintain the information in the strictest of confidence and will not provide access to the information to any unauthorized persons. The level of access to personal information will be determined by Instant Weather, Inc. on a need-to-know basis which will be included in relevant Instant Weather, Inc. policies and guidelines.
Instant Weather, Inc. staff will be cautioned to avoid engaging in discussions involving personal information in any area of Instant Weather, Inc. premises, or in any public or private area outside of Instant Weather, Inc. where remarks could be overheard and which could result in the disclosure of personal information. Doing so without a legitimate reason directly related to a current job responsibility will be considered a violation of this Policy and could constitute a violation of the Privacy Act.
All individuals hired under contract or other means, by Instant Weather, Inc., to conduct business for or on behalf of Instant Weather, Inc., will be required to adhere to the provisions of the Privacy Act with respect to the proper handling and protection of personal information as well as to this Policy and internal procedures. Violations of any part of the contractual agreement may result in termination of the contract.
Safeguarding Personal Information
Instant Weather, Inc. will protect personal information from loss or theft, unauthorized access, use or disclosure, modification or destruction through appropriate administrative, technical and physical security measures and safeguards, regardless of the format in which the information is held.
The level of safeguards used to protect personal information will vary depending on the sensitivity of the personal information; the amount, distribution and format of the information; and the method of storage.
Instant Weather, Inc. will ensure that contractual or other means are used to provide a comparable level of protection while personal information is being processed by a third party.
Access to Personal Information
Instant Weather, Inc. will not require that individuals utilize the Privacy Act to obtain access to their personal information if there is no need to do so. Individuals nevertheless have the right to formally request access to their personal information under the Privacy Act. Under the Access to Information Act, individuals also have the right to formally request access to information in Instant Weather, Inc. files which may contain their personal information.
In cases of access that can be given outside of the Privacy Act and the Access to Information Act, Instant Weather, Inc. will afford individuals a reasonable opportunity to review their personal information, will do so within a reasonable time frame and, if copies are requested, will provide them whenever possible. Explanations for abbreviations and codes will be provided.
Personal information may be unavailable because it has been destroyed, erased or made anonymous in accordance with information retention obligations. To the extent possible, Instant Weather, Inc. will inform the individual of the reasons why the personal information no longer exists.
All complaints or concerns should be emailed to help@InstantWeather.ca and will be reviewed in a timely manner.
Roles and Responsiblites
Employees – it is incumbent upon all employees of Instant Weather, Inc. to inform themselves of their obligations under this Policy and the Privacy Act. Employees must report any and all contraventions of the Policy or the Act to their manager or to ATIP.
Managers and Supervisors – along with the responsibilities noted above, managers and supervisors are required to issue instructions to their staff (as necessary) in order to ensure the adherence to this Policy and the Act. They are also required to examine and/or make inquiries into any issues brought to their attention concerning this Policy and the Act. Where and as appropriate, managers and supervisors must notify, work in concert with, or refer certain matters to the Director of HR and the Departmental Security Officer.
Instant Weather, Inc. Chief Privacy Officer – Instant Weather, Inc. Chief Privacy Officer (CPO) will provide advice and guidance to Senior Management, managers, supervisors and employees of Instant Weather, Inc. with respect to the treatment of personal information within Instant Weather, Inc.. The CPO will also act as the primary point of contact for individuals seeking information about Instant Weather, Inc.’s handling of their personal information or who have concerns about Instant Weather, Inc.’s handling of their personal information.
Director ATIP – in the context of this Policy—and along with the responsibilities noted in all of the above—the Director is responsible for the proper application of the Privacy Act and policies with respect to individuals’ personal information and with respect to their requests for access to their personal information under the Act.
Related Goverment of Canada References
This Policy is designed to comply with the Privacy Act and the principles of natural justice, and to express Instant Weather, Inc.’s commitment to comply with the Privacy Act.
Any inquiries regarding this Policy or for further information or concerns about how Instant Weather, Inc. manages the personal information that it collects, should be directed to:
Harry Schut is Instant Weather, Inc.’s Chief Privacy Officer. He can be reached at help@InstantWeather.ca