Condominium Management Regulatory Authority of Ontario Access and Privacy Policy

Similar documents
ACCESS AND PRIVACY POLICY

Policy To Protect Personal Information

Nestlé Canada Inc. Privacy Policies and Practices April 13, 2012

The Local Authority Freedom of Information and Protection of Privacy Act

Individual Rights (Data Privacy) Policy

FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY BYLAW

The Freedom of Information and Protection of Privacy Act

B I L L. No. 30 An Act to amend The Freedom of Information and Protection of Privacy Act

STORAGE TANK SYSTEM MANAGEMENT REGULATION

Definitions The following terms have these meanings in this Policy: a. Act Personal Information Protection and Electronic Documents Act;

ARTICLE VII RECORDS REQUEST TO INSPECT PUBLIC RECORDS.

Canadian Anti-Doping Program Privacy and Personal Information Policy. processed by the CCES in the course of administrating and implementing the CADP.

BILL NO. 42. Health Information Act

Telekom Austria Group Standard Data Processing Agreement

NEWFOUNDLAND AND LABRADOR OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER

ACCESSING GOVERNMENT INFORMATION IN. British Columbia

AIA Australia Limited

3RD SESSION, 41ST LEGISLATURE, ONTARIO 67 ELIZABETH II, Bill 14. An Act with respect to the custody, use and disclosure of personal information

Privacy Policy. This Privacy Policy sets out the Law Society's policies in relation to the management of Personal Information.

Privacy Law Template. Prepared for The Alberta First Nations Information Governance Centre. By Krista Yao

2017 REVIEW OF THE FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT (FIPPA) COMMENTS FROM MANITOBA OMBUDSMAN

The Health Information Protection Act

JW PLASTIC SURGERY. Terms of Service

Interstate Commission for Adult Offender Supervision

2.16 Freedom of Information and Protection of Privacy Act

PROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013

Privacy Policy. Cabcharge will only collect personal information which is necessary for the operation of its business.

TERMS OF USE AND LICENSE AGREEMENT BUCKEYE CABLEVISION, INC. Buckeye Remote Record. (Effective as of November 15, 2013) PLEASE READ CAREFULLY

The Youth Drug Detoxification and Stabilization Act

Model Business Associate Agreement

HIPAA BUSINESS ASSOCIATE AGREEMENT. ( BUSINESS ASSOCIATE ) and is effective as of ( Effective Date ). RECITALS

CITY OF VANCOUVER BRITISH COLUMBIA

DATA MATCHING AGREEMENTS ACT 1 B I L L

Georgia Computer System Protection Act

Memorandum of Understanding. between. HM Land Registry. and. Solicitors Regulation Authority (SRA)

Last revised: 6 April 2018 By using the Agile Manager Website, you are agreeing to these Terms of Use.

VILLAGE OF CASNOVIA FREEDOM OF INFORMATION ACT PROCEDURES AND GUIDELINES (THE PROCEDURES ) I. INTRODUCTION

FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT

NEWFOUNDLAND AND LABRADOR OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER

PERSONAL INFORMATION PROTECTION ACT

Unsolicited Proposal Policy

QRME Australian Privacy Principles (APP) Policy

THE FREEDOM OF INFORMATION ACT, Arrangement of Sections PART I PRELIMINARY

MDP LABS SERVICES AGREEMENT

Telecommunications Information Privacy Code 2003

ELECTRONIC COMMUNICATIONS AND TRANSACTIONS ACT, ACT NO. 25 OF 2002 [ASSENTED TO 31 JULY 2002] [DATE OF COMMENCEMENT: 30 AUGUST 2002]

DATA SHARING AND PROCESSING

Federal Act on Data Protection (FADP) Section 1: Aim, Scope and Definitions

FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY POLICY

Health Information Privacy Code 1994

WESTJET AIRLINES LTD. ("WestJet" or the "Corporation") AUDIT COMMITTEE CHARTER

MANITOBA FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY RESOURCE MANUAL

ASSOCIATION OF PROFESSIONAL ENGINEERS AND GEOSCIENTISTS OF BRITISH COLUMBIA,

OFFICE OF THE INFORMATION & PRIVACY COMMISSIONER for Prince Edward Island. Order No. PP Re: Elections PEI. March 15, 2019

EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE. Directorate C: Fundamental rights and Union citizenship Unit C.3: Data protection

FREEDOM OF INFORMATION ACT POLICIES AND PROCEDURES

FREEDOM OF INFORMATION ACT POLICY

HEALTH INFORMATION ACT

FREEDOM OF INFORMATION ACT PROCEDURES AND GUIDELINES

TUCOWS.INFO domain APPLICATION SERVICE TERMS OF USE

Legal Aid Ontario. Privacy policy

Exhibit A. Registration Agreement

PRIVACY MANAGEMENT PLAN

Table of Content. Acronym of the Project Consortium Agreement, version., YYYY-MM-DD

Form of Registration Agreement

AUDIT COMMITTEE CHARTER

SCHNEIDER GROUP OOO POLICY OF THE COMPANY REGARDING TO THE PERSONAL DATA PROCESSING

Supplier Portal Terms of Use

Document Retention and Archival Policy

Title 17-A: MAINE CRIMINAL CODE

Terms of Use. 1. Limited Use

PERSONAL INFORMATION PROTECTION ACT

University of Wollongong

DRAFT ENFORCEMENT RULES OF THE PERSONAL DATA PROTECTION ACT

PMI MEMBER ETHICAL STANDARDS MEMBER CODE OF ETHICS

RECORDS RETENTION IN THE MONTANA LEGISLATURE

DOCUMENT RETENTION AND ARCHIVAL POLICY

PRIVACY POLICY DOT DM Corporation Commonwealth of Dominica cctld (.dm)

CHAPTER I. Definitions

RENDIA, INC. SOFTWARE LICENSE AGREEMENT

A guide to the new privacy landscape for the Commonwealth Government

INVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC DRAFT CODE OF PRACTICE

Exhibit A. Registration Agreement

THE PRIVACY ACT OF 1974 (As Amended) Public Law , as codified at 5 U.S.C. 552a

Mandate of the Environmental, Health and Safety Committee

March 2016 INVESTOR TERMS OF SERVICE

IRB RELIANCE EXCHANGE PORTAL AGREEMENT

Model Data Processing Agreement (GDPR)

(i) the data provided in the domain name registration application is true, correct, up to date and complete,

European College of Business and Management Data Protection Policy

SAMPLE FORMS - CONTRACTS DATA REQUEST AND RELEASE PROCESS NON-DISCLOSURE AGREEMENT, Form (See Attached Form)

2ND SESSION, 41ST LEGISLATURE, ONTARIO 66 ELIZABETH II, Bill 114. An Act to provide for Anti-Racism Measures

Annex 1: Standard Contractual Clauses (processors)

Policy Title: FOIA Procedures and Guidelines Policy 104 Number:

Subpart A General Provisions

License Agreement. 1.4 Named User License A Named User License is a license for one (1) Named User to access the Software.

Rule 8400 Rules of Practice and Procedure GENERAL Introduction Definitions General Principles

PRIVACY POLICY. 1. OVERVIEW MEGT is committed to protecting privacy and will manage personal information in an open and transparent way.

STATOIL BINDING CORPORATE RULES - PUBLIC DOCUMENT

GOLD FIELDS LIMITED. ( GFI or the Company ) AUDIT COMMITTEE. ( the Committee ) TERMS OF REFERENCE

Transcription:

Condominium Management Regulatory Authority of Ontario Access and Privacy Policy 1.0 Purpose and Scope The purpose of this Policy is to set out how the Condominium Management Regulatory Authority of Ontario (CMRAO) will effectively protect and provide access to personal information and records held by it. In carrying out its mandate, the CMRAO will comply with all applicable privacy legislation. 2.0 Definitions a. Personal information means any information about a recognizable individual that is recorded in any form. This does not include the name, title, contact information or designation of an individual that identifies the individual in a business, professional or official capacity; b. Authority or CMRAO means the Condominium Management Regulatory Authority of Ontario; c. Delegated Provisions means all provisions of the Act except for Part II and VII; d. the Act refers to the Condominium Management Services Act, 2015; and e. Record means any record of information, however recorded, whether in printed form, film, by electronic means, or otherwise in the custody and control of the CMRAO for administration of the Act. 3.0 Collection, Use and Disclosure of Personal Information 3.1 Collecting Personal Information (a) The Authority will collect personal information only where it is required for its legitimate purposes in the administration of the Delegated Provisions. Personal information shall be collected only by lawful means. Regulatory functions which may require the collection of personal information include, but are not limited to: a. Issuance or renewal of a license; b. Information requests or complaints; and c. Inspections and investigations. (b) Subject to subsection 3.1(c), personal information will be collected with written consent directly from the person to whom it relates, not from a third party, and the purpose of the collection and how personal information will be used will be explained at or before the time the information is collected. (c) Subsection 3.1(b) may not apply to information that is being collected as part of an inspection, investigation or response to a complaint. 1

3.2 Using and Disclosing Personal Information (a) The Authority must have the written consent of the individual to whom the personal information relates before it can be used, or disclosed to a third party for a purpose other than that for which it was collected, except as set out in section (c) below. (b) In addition, third party access to personal information should only be provided where it can be demonstrated that the third party has put in place means to protect personal information which are comparable to those of the Authority. If personal information is made available to a third party on an ongoing basis, any revised information will be regularly provided. (c) Personal information that has been collected by the Authority in accordance with this Policy may be used or disclosed without the consent of the individual only in the following circumstances: a. For the purpose of conducting an inspection or an investigation; or b. If the information is necessary to respond to an emergency. 3.3 Protecting Personal Information The Authority recognizes the importance of protecting the personal information and records in its care. To prevent the unauthorized disclosure, use, copying or modification of personal information in the custody and under the control of the CMRAO, access to such information shall be restricted using appropriate security mechanisms. The Authority will: a. Take reasonable steps to prevent theft, loss or misuse of personal information and records, and protect them from unauthorized access, modification or destruction; b. Implement physical and organizational protections for paper records; c. Enable passwords and other technological protections for electronic records; d. Take reasonable steps to ensure that personal information held by the Authority is accurate and up-to-date, based upon the information provided to it; and e. Ensure that all employees, the Board of Directors and all consultants or contract workers employed by the Authority have received adequate training to comply with this Policy. 4.0 Retention and Destruction of Personal Information and Records 4.1 Retention of Personal Information and Records The Authority will retain information for as long as is necessary to fulfill the purpose for which it was collected or for its use in accordance with this Policy, and for 12 months thereafter in order to provide an opportunity for the individual to access their own personal information. A record of personal information may be retained beyond this time period in the following circumstances: 2

a. Another law requires or authorizes the retention; b. The record is reasonably required for the future regulatory actions of the Authority; or c. The record is transferred to storage or archives for historical research or permanent preservation, provided it is made anonymous of personal information as described in Section 4.2. 4.2 Destruction of Personal Information and Records Any records that are retained for historical research or permanent preservation must be made anonymous. For all records that have fulfilled the purposes for which they were collected or further use and are not to be further retained, the record will be destroyed in a manner that is appropriate given its medium: a. A paper record of personal information, and all copies, shall be shredded before it is destroyed; b. Electronic data containing personal information shall be deleted from hardware that hosted the data; and c. Before hardware that hosted electronic data is discarded or destroyed, all electronic data containing personal information shall be deleted. 5.0 Access to Information 5.1 Accessing Own Personal Information The Authority will confirm the existence of, and provide an individual access to, their own personal information held by the Authority, except where such access and disclosure would: a. constitute an unjustified invasion of another individual s personal privacy, unless that individual consents to the release and disclosure of the information; b. violate a legally recognized privilege; c. violate intellectual property law; or d. compromise ongoing inspection and enforcement activities of the Authority. To request such access, the individual must submit a request in writing to the Access and Privacy Officer of the Authority. The Authority will, in the normal course, respond to such a request within 5 business days and at no cost, unless such response involves the review of a large number of records or meeting the request would unreasonably interfere with the operations of the Authority. 5.2 Corrections, Updates or Completeness of Personal Information Where an individual disagrees with the accuracy of their personal information on file with the Authority, the individual has the right to challenge its accuracy and demand its amendment. 3

Following the confirmation of proof of identity and upon request of any corrections or updates by an individual, the Authority shall amend the individual s personal information on file with the Authority to reflect either: a. the requested change; or b. if requested by the individual, a statement of disagreement if an amendment was requested but not made to be attached to the information and the individual s file, which must also be transmitted to any third parties with access to the information. Amendments to the personal information or records shall be made as soon as practicable, but no later than 30 days from the time that the Authority makes the determination to amend the personal information or record. 5.3 Public Access to Records The Authority will provide public access to records in its possession unless the release of information would: a. constitute an unjustified invasion of personal privacy; b. violate a legally recognized privilege; c. compromise ongoing inspection and enforcement activities of the Authority; d. reasonably be expected to threaten the life, health or security of an individual; e. involve information that is the substance of deliberations by the Authority s Board of Directors and its committees, including but not limited to agenda, minutes, policy options and analysis, internal advice, proprietary information and advice to government; f. involve commercial, proprietary, technical or financial information related to an individual or commercial enterprise who has supplied the records to the Authority in confidence, if disclosure would result in undue loss or gain, prejudice a competitive position, or interfere with contractual or other negotiations of such individual or commercial enterprise; or g. violate provisions of the Act. To request such access, a member of the public must submit a request in writing to the Access and Privacy Officer of the Authority. The Authority will, in the normal course, respond to such a request within 5 business days and at no cost, unless such response involves the review of a large number of records or meeting the request would unreasonably interfere with the operations of the Authority. 5.4 Remedies for Access Requests If an individual who requested access to information is not satisfied with the Authority s response, the requester may ask the Authority to review the decision. This request for review must be in writing, addressed to the Registrar, and must describe what aspect of the response the requester wishes to have reviewed. A final decision on the request will be provided within 30 days of receipt of the review request. If the Authority is unable to respond within 30 days, the Authority shall advise the requester of the date a response can be expected. 4

6.0 Administration 6.1 Access and Privacy Officer and Complaints The Authority shall designate an Access and Privacy Officer who is responsible for the Authority s compliance with this Policy and for responding to requests for access to information. The name and contact information for this individual will be made available on the Authority s website. The Authority will investigate all complaints relating to this Access and Privacy Policy, and will act accordingly based on the results of the investigation. Questions or comments on this Policy may be addressed to the Access and Privacy Officer. 6.2 Review This Policy will be reviewed at regular intervals by the senior officers or Board of Directors of the Authority to ensure that it continues to serve its intended purpose. This may include reviewing: a. procedures in place to protect personal information; b. the effectiveness of procedures for handling complaints relating to this Policy; c. the effectiveness of procedures for addressing information requests; and d. any other amendments that should be made to improve the operation of this Policy and the protection of personal information. The Authority will submit any amendments to this Access and Privacy Policy to the Minister of Government and Consumer Services for approval. Approved on: January 16, 2018 Reviewed on: Reviewed on: 5

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback