|
Purpose
MASHA values and respects personal information provided by individuals. We recognize our duty to maintain personal information as private and confidential. Also, we recognize our duty not to use such information for any type of personal gain. We will only use personal information for identified purposes.
Definition
Personal Information – identifying information about an individual including age, name, ID numbers, income, ethnic origin, opinions, evaluations, comments, social status, WSIB claim number.
Individual – any person who directly or indirectly provides his or her personal information to MASHA.
Disclosure – release of information to anyone internal or external to MASHA.
Identified purposes – purposes for which the collected information will be used as outlined in “Identified Purposes and Consent”.
Privacy Officer – the assigned Privacy Officer is the Manager Support Services.
Scope
This policy applies to information gathered on individuals, directly or indirectly, during training, consulting, gathering of client data or during attendance at any other MASHA function.
This policy applies to written, verbal and electronic information.
Responsibilities
Employees will be responsible to adhere to this policy, protect personal information they have access to, follow established safeguarding practices and procedures and reporting breaches of this policy to their Supervisor or Manager.
Supervisors and Managers will be responsible to implement adequate security safeguards and ensuring they are adhered to.
The Privacy Officer is responsible for monitoring and responding to third party requests for personal information and responding to enquiries and challenges with respect to compliance of this policy.
Accountability
MASHA is responsible for personal information under its control and has designated the Manager Support Services to oversee MASHA’s compliance with this policy.
Identifying Purposes and Consent
Where personal information about an individual has been obtained indirectly, i.e. from someone other than the individual, the information collected will be used for the following purposes:
- collection of data for accident/incident databases to research causes of workplace injuries and diseases;
- mailing of MASHA products and information;
- collection of data for training databases to track individual’s training records;
- preparation of consulting reports.
Where personal information about an individual has been obtained directly, MASHA will notify the individuals that the information collected will be used for the following purposes:
- mailing of MASHA products and information;
- collection of data in MASHA training databases to track individual’s training records.
MASHA may seek consent from an individual to disclose information for a use not listed above.
Individuals may withdraw implied consent at any time by contacting the MASHA Privacy Officer and by providing reasonable notice.
Limiting Collection and Use
The collection of personal information shall be limited to that which is necessary for the purposes identified by MASHA.
Personal information shall not be used or disclosed for purposes other than those for which it was collected. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.
Accuracy
Personal information shall be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.
Safeguarding
MASHA will develop and maintain security safeguards for personal information against theft, loss, unauthorized access, disclosure, copying, use or modification.
Openness
MASHA will make available to employees its policies and procedures relating to the management of personal information.
Individual Access
Upon request to the Privacy Officer, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
MASHA will respond to each request within two weeks of the request. If MASHA cannot respond to the request within this time frame, an alternative time frame will be communicated to the individual.
If the individual identifies information that is inaccurate, MASHA will update the information within 30 days, once the inaccuracy has been verified.
Enquiries and Challenges
An individual shall address a challenge concerning compliance of this policy to the Privacy Officer.
The enquiry or challenge will be responded to within 30 days. If the complainant is not satisfied with the outcome, an independent Mediator will be retained by MASHA to assist the parties to arrive at a resolution, as soon as possible. |
Home · Site Map · Admin
