FAR NORTHEAST TRAINING BOARD (FNETB)
PRIVACY POLICY

1 POLICY

1.01 The Far Northeast Training Board and its employees will take all reasonable steps to maintain the confidentiality of all confidential organizational and personal information.

1.02 The Far Northeast Training Board and its employees will respect and protect the privacy of personal information by complying with the 10 privacy principles required by the Personal Information Protection and Electronic Documents Act (PIPEDA), as follows:

  1. Accountability
  2. Identifying purpose
  3. Consent
  4. Limiting collection
  5. Limiting use, disclosure and retention
  6. Accuracy
  7. Safeguards
  8. Openness
  9. Individual access
  10. Challenging compliance

1.03 The Far Northeast Training Board will maintain a privacy policy for distribution to members, clients and other interested parties, and will post this policy on its website. The policy will include references to:

  1. Restrictions placed on that disclosure.
  2. Time limits for holding personal information collected and the commitment to destroying unneeded information.
  3. The process by which individuals may access their personal information.

1.04 The Far Northeast Training Board will maintain high standards of physical and electronic security wherever personal information is being handled.

1.05 Employees have a right to understand, access and correct their personal information. Employee personal information collected, used or disclosed will be subject to the same care and conditions as outlined for other personal information.

1.06 The Far Northeast Training Board will collect from individuals only that personal information for which it has obtained consent.

1.07 The Far Northeast Training Board will use personal information only for those purposes for which consent has been obtained.

1.08 The Far Northeast Training Board will maintain its store of personal information in a secure fashion.

2. PURPOSE

2.01 This Statement of Policy and Procedures outlines the Far Northeast Training Board's compliance with privacy legislation, principles and practices.

3. SCOPE

3.01 This policy applies to all Far Northeast Training Board personnel and volunteers.

3.02 Compliance with the principles outlined in this policy shall be treated as essential for contract compliance with suppliers, consultants and other contracted organizations.

4. RESPONSIBILITY

4.01 It is the responsibility of every employee to ensure that privacy of personal information is protected and respected.

4.02 It is the responsibility of the Privacy Officer to:

  1. Develop and maintain both internal and external privacy policies.
  2. Ensure that systems and processes are in place to support the policies.
  3. Act as an expert resource on privacy within the organization.
  4. Act as a point of contact on privacy issues.

5. PROCEDURES

5.01 All employees will protect and respect confidential and personal information by:

  1. Taking all reasonable steps to secure and protect information, as follows:
    1. Electronic records of personal information will be subject to limited access by authorized personnel in the performance of their duties.
    2. Printed records of personal information, when they are not under the control of authorized personnel, will be kept in a secure location.
  2. Disclosing to individuals that personal information is being collected and directing them to the privacy policy.
  3. Destroying the information when it is no longer required. Personal information will be destroyed two years after it is no longer required.

5.02 Appointment and Responsibilities of the Privacy Officer

The Far Northeast Training Board will appoint a Privacy Officer whose name and contact information will be publicly available as the point of contact for all inquiries or issues related to privacy of personal information. The Privacy Officer is responsible for:

  1. Development and maintenance of the Far Northeast Training Board's privacy policies both for the public and for employee records.
  2. Thorough review of the Far Northeast Training Board's collection, use and disclosure of personal information to ensure that only required information is dealt with.
  3. Communication of the privacy policy for the public to the public and to all employees, including necessary employee training.
  4. Communication of the privacy policy for employee information to all employees, including necessary management training.
  5. Acting as an expert resource for the organization on matters relating to privacy of personal information.
  6. Ensuring that the organization's systems and procedures meet all legal compliance requirements and also a standard of excellence for respect of personal information.
  7. Documenting and analyzing all complaints regarding the use, retention or disclosure of personal information.
  8. Instituting changes to the policy and related procedures he or she deems necessary6 in order to respect the principles of this policy.

5.02 Detailed guidelines

  1. Personal information may be collected without knowledge or consent only in the following circumstances:
    1. In the event of an emergency that threatens the life, health or security of an individual.
    2. If there are reasonable grounds to believe that the information could be useful to investigate the contravention of a law.
    3. The collection is in the interest of the individual and consent cannot be obtained in a timely way.
    4. The collection of the information with the individual's knowledge or consent would compromise the availability or accuracy of the information and the collection is required to investigate the contravention of a law.
  2. Personal information may be disclosed without knowledge or consent only in the following circumstances:
    1. In the event of an emergency that threatens the life, health or security of an individual.
    2. To a lawyer representing the Far Northeast Training Board.
    3. To collect a debt owed to the Far Northeast Training Board by the individual or organization.
    4. To a government institution that has indicated that disclosure is required on a
    5. matter relating to national security or the conduct of international affairs.
    6. The information is publicly available.
    7. If required by law.
    8. For other circumstances listed in subsection (7(3) of PIPEDA.
  3. Requests from an individual to provide information about their personal information being collected, used or disclosed by the Far Northeast Training Board will be answered within 10 working days. No fee will be charged for this service.
  4. If an individual withdraws consent for the use of personal information, the Far Northeast Training Board will take all necessary steps to cease the Far Northeast Training Board's use of the information within 20 working days.

ATTACHMENT A

Ten Principles for the Protection of Personal Information

These 10 principles are summarized from a Model Code for the Protection of Personal Information in the National Standard of Canada, based on Schedule 1 of the PIPEDA legislation. More explicit information can be obtained by referring directly to the Schedule.

Principle 1 - Accountability

An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance. Their identiy should be made known upon request. The individual bears accountability for compliance regardless of who may perform day-to-day processes. The company is responsible for information transferred to a third party for processing and should take steps to provide a comparable level of protection of the information from that third party.

Principle 2 - Identifying Purposes

The purposes for which an company is collecting personal information should be identified and documented at or before the time of collection. These purposes should be specified to the individual at or before the time of collection, either verbally or in writing. Care should be taken not to collect information that isn't strictly needed. Should a new purpose arise after this, the consent of the individual is again required before it can be used, unless the use is required by law.

Principle 3 - Consent

The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where that is inappropriate. in certain circumstances, such as when medical, legal or security reasons make it impossible, personal information can be collected, used or disclosed without the knowledge or consent of the individual. An organization should not, as a condition of sale of a product or service require consent for other uses of the information beyond that required to provide the product or service. In obtaining consent, the reasonable expectations of the individual are also relevant, as for example, an individual should reasonably expect a magazine to contact them for subscription renewals. Consent should not be obtained through any form of deception. An individual may withdraw their consent at any time subject to legal or contractual restrictions and reasonable notice.

Principle 4 - Limiting Collection

The collection of personal information should be limited to that which is necessary for the purposes identified by the company. Information should not be collected indiscriminately. Information should not be collected illegally.

Principle 5 - Limiting Use, Disclosure and Retention

Personal information should not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information should be retained only as long as necessary for the fulfilment of those purposes. Companies should develop documented guidelines for the retention periods for personal information. After the retention period is up, personal information no longer required should be destroyed, erased or made anonymous.

Principle 6 - Accuracy

Personal information should be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used. Unless it is required for the original purpose, a company should not routinely update personal information.

Principle 7 - Safeguards

Personal information should be protected by security safeguards appropriate to the sensitivity of the information. Safeguards against loss, theft, and unauthorized access, copying, use or modification should all be addressed, including physical measures (e.g. locks, restricted access areas), organizational measures (e.g. security clearances, authorization processes) and technological measures (e.g. passwords, encryption). The nature of the safeguards should vary with the level of sensitivity of the information. Employees should be made aware of the importance of maintaining confidentiality of personal information. Care should be used in the disposal or destruction of personal information.

Principle 8 - Openness

A company should make readily available to individuals its policies and practices relating to the management of personal information. This should include the name or title and address of the company's Privacy Officer, how to gain access to personal information held by the company, a description of the type of information held and details of what information is made available to related organizations and why.

Principle 9 - Individual Access

Upon request, an individual should be informed of the existence, use an disclosure of his or her personal information and be given access to it, within a reasonable timeframe and at limited or no cost to the individual. An individual should be able to challenge the accuracy and completeness of the information and have it amended. Under certain limited circumstances (cost, references to others' personal information, legal, security, competitive proprietary, subject to litigation or client privilege) a company may not be able to provide the information, but these situations should be limited and specific. A company holding a sensitive medical information may choose to make it available through a medical practitioner. It is fair for a company to require specific personal information to validate a person's identity before disclosing. Companies should be able to provide a list of other organizations to which it has disclosed personal information.

Principle 10 - Challenging Compliance

An individual should be able to address a challenge concerning compliance with the above principles to the Privacy Officer of the company. Principles and procedures related to this principle should be in place, and the company should be prepared to explain these to individuals. Complaints should be documented, investigated and responded to within a reasonable period.

ATTACHMENT B

FAR NORTHEAST TRAINING BOARD (FNETB) - PRIVACY POLICY FOR WEBSITE

At Far Northeast Training Board we respect and protect your privacy. This means that:

  • With your consent, we will gather only the minimum personal information necessary to provide you with current information about our activities and services
  • We will not sell, exchange, lend or make available to other organizations any personal information that you have provided to us
  • We keep all personal information confidential and we have safeguards to protect that information whether it is in print, electronic or other form
  • We will make available to you upon request, your personal information that we have on file and we will correct, amend or delete information at your request.

Personal information

Personal information is the information that relates to you as an individual. @l Personal information beyond your name and contact information may include any or all of the following: alternative contact information, email correspondence, preferred payment method. We will only requeession cookies" used only for the time you stay on the website each visit. We do have some "persistent cookies" to identify previous visits so that you may be directed to that part of our website that you are most interested in. "Persistent cookies" stay on your computer between visits to the site. If you do not wish to accept cookies, you may choose not to by setting your browser options to inform you when cookies are being sent or to deny cookies altogether. Please note, however, that by not accepting cookies, you may limit the functionality that we can provide to you when you visit our site.

Contact us

If you have questions or comments about our policy or about the personal information we have about you, you may contact us and we will do our best to answer your questions. Our Privacy Officer can be reached at 1-800-530-9176 or 705-362-5788, or via email [email protected]. You can also write to us at: Far Northeast Training Board, P. O. Box 2198, 1425 Front Street, Hearst, ON, P0L 1N0.

Far Northeast Training Board
Funded in part by Ontario, Canada

Sign Up

or

Do you need help or have trouble signing up? Contact Us:
[email protected]   |   705-362-5788   |   800-530-9176