INTRODUCTION – Centre for Study of Insurance Operations (CSIO) is the legal and beneficial owner and licensor of insurance standards, forms, resources and tools, and also provides access to CSIOnet and offers various services to CSIO members.
COLLECTING INFORMATION – CSIO ordinarily collects the name, title, business address, business telephone or business e-mail address of an employee of an organization, i.e., the identifying information normally conveyed on a business card. Such so-called business information is not defined as personal information subject to the Personal Information Protection and Electronic Documents Act (PIPEDA), the federal statute that has governed collection and use of personal information since it took effect January 1, 2004. If CSIO were to begin collecting personal information, it would become subject to PIPEDA. The association would then adopt measures required by that law to ensure complete protection of personal information.
PURPOSE OF COLLECTING INFORMATION – CSIO’s primary use of information collected is for communication purposes, keeping CSIO members abreast of industry changes, standard and forms releases, business activities and educational initiatives.
CONSENT TO COLLECTION OF INFORMATION – Standard wording consenting to CSIO’s collection and use of information is used on all CSIO application and registration forms and records compiled in connection with other ongoing or occasional CSIO activities. This wording consents to the distribution of lists of conference or event registrants, including names and organizational affiliations of both members and non-members.
CONFIDENTIALITY OF MEMBERSHIP LIST – The CSIO membership list is never shared with, rented by or sold to any person or organization for any purpose. From time to time, CSIO members receive notices of events held by other organizations operating in the insurance field. Such notices are invariably transmitted by CSIO itself, not by the originating organization. Moreover, it is CSIO policy not to accept and distribute commercial solicitations to its own members.
HANDLING OF FINANCIAL INFORMATION – CSIO may record financial information in processing payment for access to services and event fees. Such records are in due time shredded or otherwise destroyed so that no permanent record of such information is kept on file.
PRIVACY OFFICER – The Privacy Officer responsible for overseeing the implementation of CSIO’s privacy policy is Catherine Smola, 416-360-1773, csmola@csio.com. Information held by CSIO is safeguarded by standard office security measures, computer system virus protection, computer passwords, locked file cabinets, confidentiality requirements signed by all staff and other measures. The Privacy Officer is responsible for training and supervising staff to ensure compliance with CSIO’s privacy policy as well as for conducting periodic privacy audits. The Privacy Officer will conduct a privacy impact assessment of any new information system or of any significant change in existing information systems.
INQUIRIES AND COMPLAINTS – CSIO will respond to inquiries and complaints respecting its handling of information about members and other persons in accordance with PIPEDA. Complaints of inaccuracy, which are solicited in writing, will be investigated promptly and action will be taken to correct any breaches of privacy. If the complainant is not satisfied by the action taken, the complaint will be referred for consideration by the board.