The Hearing Foundation of Canada is a national non-profit organization dedicated to eliminating the devastating effects of hearing loss on Canadians by promoting prevention, early diagnosis, leading edge medical research and successful intervention. The Foundation operates in a manner that is consistent with all relevant legislation.
The Foundation is responsible for safeguarding all personal information in its possession or custody, including personal information that has been transferred to a third party for processing (e.g., to a consulting firm or individual who is acting on behalf of the Foundation ). This includes situations where the actions undertaken on the Foundation’s behalf are carried out voluntarily or without charge.
The Foundation’s policy and practices for the protection of personal information follow the guidelines established by the Canadian Standards Association, Imagine Canada and other accepted industry standards.
Definition of Personal Information
The Foundation defines personal information as any information that can be used to distinguish, identify or contact a specific individual. Exceptions include business contact information and publicly available information such as name, address and telephone numbers as published in telephone directories. Where an individual uses his or her home contact information as business contact information, the Foundation considers such information not to be subject to protection as personal information.
This policy does not cover aggregated data from which the identity of an individual cannot be determined.
All personal information collected by the Foundation will be used only for purposes that are defined and explained in advance to the individual, and that use or disclosure for any other purposes will only be undertaken after the informed consent of the individual.
Principle 1- Accountability
The Foundation’s Executive Director is responsible for the personal information under its control or custody even though other individuals within the Foundation may be responsible for the day-to-day collection and processing of personal information.
This includes the responsibility to:
- Maintain adequate policies and practices;
- Monitor compliance with the established policies and practices;
- Respond to real or potential privacy breaches; and
- Respond to questions and concerns, and to requests to access personal information.
- Physical measures, such as locked filing cabinets and restricted access to offices;
- Organizational measures, such as security clearances and limiting access to personal information on a “need-to-know” basis, and
- Technological measures, such as the used of passwords, encryption and protection of data –integrity.
- Prohibitive cost;
- Contains references to other individuals;
- Cannot be disclosed for legal, security, or commercial proprietary reasons; and
- Subject to solicitor-client or litigation privilege.
Principle 2 – Identifying the Purpose
The Foundation will identify the purposes for which personal information is collected at or before the time the information is collected.
Principle 3 – Consent and Notice
The Foundation will obtain the informed consent of individuals before or when it collects, uses or discloses personal information, except where authorized by law.
Individuals can give consent in many ways and the form of the consent sought by the Foundation may vary, depending upon the circumstances and the type of information. In determining the form of consent to use the Foundation will take into account the sensitivity of the personal information.
The Foundation will not, as a condition of the supply of a product or service, require an individual to consent to the collection, use or disclosure of personal information beyond that required to fulfill the explicitly specified and legitimate purposes of the Foundation.
An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. The Foundation will inform the individual of the implications of such withdrawal of consent.
Principle 4 – Limiting Collection
The Foundation will limit the collection of personal information necessary for the purposes identified by the Foundation. Information shall be collected by fair and lawful means.
Principle 5 – Limiting Use, Disclosure and Retention
The Foundation will not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as permitted by law. Personal information will be retained only as long as necessary for the fulfillment of those purposes.
Principle 6 – Accuracy
The Foundation will keep personal information as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
Principle 7 – Safeguards
The Foundation will protect personal information with safeguards appropriate to the sensitivity of the information. The methods of protection shall include:
Principle 8 – Openness
The Foundation will make readily available to individuals specific information about its policies and practices relating to the management of personal information in its custody and control.
Principle 9 – Individual Access
Upon written request, and subject to exemptions stipulated by law, the Foundation will inform an individual of the existence, use, and disclosure of his or her Personal Information and person will be given access to that information. An individual may challenge the accuracy and completeness of the information and have it amended as appropriate.
Exceptions to the access requirement will be limited and specific, and include:
Principle 10 – Response to Concerns and Suggestions
An individual shall be able to address a challenge concerning compliance with the above principles to a designated individual.
The Foundation will investigate all complaints and take appropriate measures, including, if necessary, amending its policies and practices.
Inquiries or concerns are to be sent to the Foundation’s Chief Privacy Officer, Andrea Swinton, at firstname.lastname@example.org.