1. Our Commitment to Privacy
NORAC strives to protect and respect the personal information of its business partners and customers in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA). Collecting, using, and disclosing business and personal information in an appropriate, responsible, and ethical manner is fundamental to NORAC’s daily operations.
Personal information is defined as any identifying information about an individual or group of individuals, including name, date of birth, address, phone number, e-mail address, social insurance/security number, nationality, gender, health history, financial data, credit card numbers, bank account numbers, assets, debts, liabilities, payment records, credit records, loan records, opinions, and personal views.
Business information refers to: business name, business address, business telephone number, name(s) of owner(s), executive officer(s), and director(s), job titles, business registration numbers, and financial status. Business information is treated and handled with the same level of confidentiality, privacy, and respect as personal information.
3. Policy Statement
- NORAC assumes full accountability for the personal information within its possession and control. This organization has appointed Ashlee Strelioff, VP of Finance and Operations as custodian of all privacy matters and legal compliance with privacy laws.
- NORAC obtains personal information directly from the individual to which the information belongs. Individuals are entitled to know how NORAC uses personal information and we will limit the use of any personal information collected only to what is needed for those stated purposes. NORAC will obtain individual consent if personal information is to be used for any other purpose. NORAC will not use that information without the consent of the individual.
- NORAC will retain personal information only for the duration it is needed for conducting business. Once personal information is no longer required, it will be destroyed in a safe and secure manner. However, certain laws may require that certain personal information be kept for a specified amount of time. Where this is the case, the law will supersede this policy.
- NORAC vows to protect personal information with the appropriate security measures, physical safeguards, and electronic precautions. NORAC maintains personal information through a combination of paper and electronic files. Where required by law or disaster recovery/business continuity policies, older records may be stored in a secure, offsite location.
- Access to personal information will be authorized only for the employees and other agents of NORAC who require the information to perform their job duties, and to those otherwise authorized by law.
- NORAC’s computer and network systems are secured by complex passwords. Only authorized individuals may access secure systems and databases.
- Routers and servers connected to the Internet are protected by a firewall, and are further protected by virus attacks or “snooping” by sufficient software solutions.
- Personal information is not transferred to volunteers, summer students, interns, or other non-paid staff by e-mail or any other electronic format unless required to perform specific tasks.
- In most instances, NORAC will grant individuals access to their personal information upon presentation of a written request and satisfactory identification. If an individual finds errors of fact with his/her personal information, please notify NORAC as soon as possible to make the appropriate corrections. Should NORRAC deny an individual’s request for access to his/her personal information, NORAC will advise in writing of the reason for such a refusal. The individual may then challenge the decision.
- NORAC may use personal information without the individual’s consent under particular circumstances. These situations include, but are not limited to: NORAC is under obligation by law to disclose personal information in order to adhere to the requirements of an investigation of the contravention of a regional or federal law, under the purview of the appropriate authorities. An emergency exists that threatens an individual’s life, health, or personal security. The personal information is for in-house statistical study or research. The personal information is already publicly available. Disclosure is required to investigate a breach of contract.
3.1 Specific Phone Call Recording Policy
Each staff member of NORAC must comply with PIPEDA when recording phone calls, whether they are initiated by the customer or by NORAC. All telephone calls received or initiated by NORAC office phones in North America have the ability to be recorded. Telephone calls to and from NORAC’s technical and customer support staff are automatically recorded, but the call recording software can be turned off by all staff at any time. Each staff person as well as his/her manager has the ability to review their own calls.
The purpose of the call being recorded is for training and quality assurance purposes. Recorded calls are kept for a period of 3 years before being deleted. Protecting the privacy and confidentiality of personal information collected during these telephone calls is high priority for NORAC.
The following steps must always be taken when recording a conversation:
- The individual must be informed that the conversation is being recorded at the beginning of the call.
- For incoming calls this is being done through an automated recording.
- For outgoing calls this must be done manually, by the calling NORAC employee.
- The individual must be clearly advised of the real purpose of the call. NORAC collects and uses personal information solely for the purpose of quality assurance and training purposes.
- The call may only be recorded with the individual’s consent. Consent may be expressed or implied and is obtained when the individual proceeds, knowing the conversation is being recorded and the purpose of the recording, thereby authorizing NORAC to collect, use, and disclose the individual’s personal or business information for the purposes stated. If the collected information is going to be used for another purpose that it originally collected for, consent must be obtained again.
- Individuals should be assured that collected information will be protected by specific safeguards, including measures such as restricted access to electronic files.
- If the caller or called objects to the recording, the NORAC staff person can provide the individual with meaningful alternatives, such as not taping the call.