We regard our members' privacy as one of our most important values. As you may be concerned about what we do with your personal and financial information, we want you to know how we protect our member information as we service your account.
PIPEDA’s 10 fair information principles form the ground rules for the collection, use and disclosure of personal information, as well as for providing access to personal information. They give individuals control over how their personal information is handled in the private sector.
In addition to these principles, PIPEDA states that any collection, use or disclosure of personal information must only be for purposes that a reasonable person would consider appropriate in the circumstances.
The OPC has determined that the following purposes would generally be considered inappropriate by a reasonable person (i.e., no-go zones):
This section sets out organizations’ responsibilities for each of the 10 fair information principles. It outlines how to fulfill these responsibilities and offers some tips.
An organization is responsible for personal information under its control. It must appoint someone to be accountable for its compliance with these fair information principles.
The purposes for which the personal information is being collected must be identified by the organization before or at the time of collection.
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
The collection of personal information must be limited to that which is needed for the purposes identified by the organization. Information must be collected by fair and lawful means.
Unless the individual consents otherwise or it is required by law, personal information can only be used or disclosed for the purposes for which it was collected. Personal information must only be kept as long as required to serve those purposes.
Personal information must be as accurate, complete, and up-to-date as possible in order to properly satisfy the purposes for which it is to be used.
Personal information must be protected by appropriate security relative to the sensitivity of the information.
An organization must make detailed information about its policies and practices relating to the management of personal information publicly and readily available.
Upon request, an individual must be informed of the existence, use, and disclosure of their personal information and be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
An individual shall be able to challenge an organization’s compliance with the above principles. Their challenge should be addressed to the person accountable for the organization’s compliance with PIPEDA, usually their Chief Privacy Officer.
If you have a privacy concern, the Office of the Privacy Commissioner of Canada (OPC) is here to help. However, not all privacy issues fall under the laws we oversee—the Privacy Act and the Personal Information Protection and Electronic Documents Act. In fact, there are a number of laws in Canada that relate to privacy rights, and there are various government organizations and agencies responsible for overseeing compliance with these laws. See our Overview of Privacy Legislation in Canada web page for more information.