Showcase Smiles Privacy Policy
Effective Date
August 18, 2014
Policy Objectives
In carrying out its mandate under both the Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPEDA), Showcase Smiles collects personal information about individuals as defined by section 3 of the Privacy Act. Showcase Smiles is committed to respecting the privacy rights of all individuals whose personal information has been collected by Showcase Smiles.
Showcase Smiles Corporate Privacy Policy (the Policy) is an expression of Showcase Smiles’ commitment to adhere not only to the legislative requirements of the Privacy Act concerning the handling of personal information, but to the spirit of the Act as well. Its objective is to balance Showcase Smiles’ need to collect, retain, use, disclose and dispose of personal information about individuals with the right to privacy of those individuals, and to ensure that all individuals are aware of the circumstances under which their personal information will be collected, retained, used, disclosed, and disposed of by Showcase Smiles.
All communications regarding this Policy will respect the applicable official language provisions of the Official Languages Act and supporting policies and guidelines.
Application
This Policy applies to the activities of Showcase Smiles in managing personal information that it collects during the course of mandated activities under the Privacy Act and PIPEDA and during the course of its regular administrative activities. The Policy is intended to be consistent with the legislative requirements of the Privacy Act and the Library and Archives of Canada Act to which Showcase Smiles has been subject since April 1, 2007.
Showcase Smiles is committed to adhering not only to the Privacy Act to which it is subject, but also to the obligations set out in Schedule I of PIPEDA wherever possible and to the extent relevant.
This Policy does not apply to the personal information of Showcase Smiles employees as such information is addressed in the “Showcase Smiles Employee Privacy Policy”.
Policy Statement
Showcase Smiles is committed to protecting the privacy, confidentiality and security of the personal information that it holds by adhering to the requirements of the Privacy Act with respect to the management of personal information. Showcase Smiles is equally committed to ensuring that all employees and agents of Showcase Smiles uphold these obligations.
Violation of this Policy through intent or neglect may result in disciplinary action up to and including termination of employment or association with Showcase Smiles. Where appropriate, legal sanctions may also be pursued.
Policy Requirements
Showcase Smiles is responsible for the personal information that it collects as a result of its mandate under the Privacy Act and PIPEDA and which it subsequently retains, uses, discloses, and destroys. Showcase Smiles has and will continue to develop and implement policies and practices to ensure that personal information is handled in strict accordance with the Privacy Act. Showcase Smiles’ Chief Privacy Officer is designated as responsible for overseeing the implementation of those policies and practices to ensure compliance, including:
• providing the same and simultaneous training for all Showcase Smiles staff (including temporary staff and contractors) as outlined in the Employee Privacy Policy concerning the Privacy Act, this Policy and Showcase Smiles’ practices and expectations with respect to the handling of personal information;
• ensuring open, full and timely communication to employees and individuals about Showcase Smiles’ policies, practices and expectations with respect to the handling of personal information;
• the establishment of standards for classifying the sensitivity of personal information, to determine the appropriate level of security required for the information;
• ensuring that personal information is safeguarded from improper access, loss, use, disclosure or destruction through;
• the implementation of systems to ensure that only Showcase Smiles employees (including temporary staff) whose Showcase Smiles responsibilities require access to personal information, are granted access to that information;
• the inclusion of specific confidentiality provisions in contracts or other arrangements with third parties, which require adherence to the Privacy Act as well as to this Policy and internal procedures;
• ensuring procedures are in place under which individuals may request access to their personal information, request correction of their personal information, and file complaints concerning the management of their personal information;
• ensuring procedures are in place under which individuals are notified of an improper collection, retention, use, disclosure or destruction of their personal information; and
• monitoring the degree of compliance with this Policy annually and, where required, initiating action to correct any deficiencies.
Collection of Personal Information
Showcase Smiles collects personal information from individuals for various purposes, primarily relating to the investigation of complaints made under the Privacy Act and PIPEDA or relating to inquiries concerning those Acts. Showcase Smiles may also collect personal information for administrative reasons, e.g. to provide individuals with publications or other requested information, concerning attendees to conferences or other functions.
Showcase Smiles commits to collecting only personal information, which is directly related to an operating program or activity of Showcase Smiles. Wherever possible, such information will be collected directly from the individual about whom it pertains. The amount and the type of the information collected will be limited to that necessary to fulfill identified purpose(s).
When conducting investigations, a great deal of personal information is collected directly from the individual about whom it pertains, however, Showcase Smiles also collects personal information from other sources, including witnesses, employers, government or corporate files and records, from other third parties etc. Personal information collected for administrative reasons is often collected directly from the individual about whom the information pertains but may also be collected through a third party (e.g. an administrative assistant may provide information concerning his/her supervisor’s attendance at a conference).
Showcase Smiles staff collecting personal information on behalf of Showcase Smiles will be required to be able to explain to individuals the purpose(s) for which the information is being collected or—if unable to do so—will be required to refer the individual to a designated person within Showcase Smiles who is able to explain the purpose(s).
Full descriptions of the types of personal information collected by Showcase Smiles, along with the purposes for which Showcase Smiles collects each type of information, are described in the Treasury Board Secretariat’s (TBS) publication entitled Info Source—Sources of Federal Government Information (available at www.infosource.gc.ca).
Consent
Wherever possible, Showcase Smiles is committed to seeking the consent of individuals prior to the collection of their personal information. The form of consent may vary depending on the circumstances and the type of information being sought. Consent can be express or implied and can be provided directly by the individual or by an authorized representative. Express consent of individuals is preferable and will be sought whenever possible. Express consent can be given orally, electronically or in writing. Implied consent may be reasonably inferred from an individual’s action or inaction (i.e. providing a name and address in order to receive a publication, providing a name and telephone number in order to obtain a response to a question). When determining the appropriate form of consent, Showcase Smiles will take into account the sensitivity of the personal information at issue, the purposes for which it is collected, and the reasonable expectations of the individual.
In the context of investigations conducted under the Privacy Act or PIPEDA, obtaining consent from an individual for the collection, use, or disclosure of personal information may not be possible, appropriate or required. Further, both the Privacy Act and PIPEDA provide for the disclosure of personal information during the course of an investigation if to do so is necessary to carry out an investigation under those Acts and/or to establish the grounds for findings and recommendations contained in the Privacy Commissioner’s report.
Accuracy / Correction of Personal Information
Showcase Smiles will not require that individuals utilize the Privacy Act in order to correct their personal information if there is no need to do so (e.g. to update the individual’s address on a mailing list). There will be instances, however, where individuals will be required to do so (e.g. the individual requests corrections to his/her personal information in an investigation file).
Showcase Smiles staff will be required to direct individuals who wish to formally correct their personal information to Showcase Smiles’ Access to Information and Privacy (ATIP) Unit. When in doubt as to whether a formal request for correction is required, Showcase Smiles employees must consult with the ATIP Unit or refer the individual to the ATIP Unit. Information concerning the Privacy Act is found at www.priv.gc.ca.
Upon receipt of a formal request for the correction of personal information, Showcase Smiles’ ATIP Unit will respond in accordance with the Privacy Act. A copy of ATIP’s Process and Compliance Manual can also be found at www.priv.gc.ca.
Showcase Smiles will make every reasonable effort to ensure that personal information used in a decision-making process, which directly affects the individual to whom the information relates, is as accurate, up-to-date and complete as possible. Showcase Smiles will also make every reasonable effort to ensure that personal information disclosed to third parties is as accurate, up-to-date and complete as possible.
Showcase Smiles will update personal information as necessary in order to fulfill the identified purposes either directly by contacting the individual to whom the information relates, or indirectly from other sources if Showcase Smiles has the authority to collect such information from a third party.
In most cases, Showcase Smiles will rely on the individual to ensure that factual personal information is accurate, up-to-date and complete. If an individual is able to demonstrate that his/her personal information is inaccurate or incomplete, Showcase Smiles will amend the information as required. If appropriate, Showcase Smiles will send the amended information to third parties to whom the information has been disclosed.
Correction of opinion will normally be made if the individual was the source of the opinion and the opinion does not concern any other individual. Corrections will not normally be made to opinions given by other individuals about the individual unless there are reasons to suspect the reliability of the source of the opinion, or if the source of the opinion agrees that the opinion was based on incorrect information.
When a challenge regarding the accuracy of personal information is not resolved to an individual’s satisfaction, Showcase Smiles will annotate the personal information at issue with a note advising that a correction was requested but that it was not made. An individual has the right to have a document outlining his/her version on the matter included on the appropriate file. Where appropriate Showcase Smiles will provide a copy of that document to any person or body who was provided with the information at issue in order that the other person or body is aware of the individual’s version of the matter.
Retention / Destruction of Personal Information
Showcase Smiles is responsible for ensuring that all personal information is managed within an established life cycle. In accordance with the Privacy Act, the Privacy Regulations and the Library and Archives of Canada Act, personal information used by Showcase Smiles to make a decision about an individual shall be retained for at least two years after the decision was made. This allows the individual to exercise legal recourse and ensures that the individual has the opportunity to exercise all of the rights afforded him/her under the Privacy Act.
Showcase Smiles will retain personal information in accordance with the maximum retention periods set out under the Library and Archives of Canada Act. Retention periods for specific types of personal information are set out in the TBS publication entitled Info Source—Sources of Federal Government Information (available at http://www.infosource.gc.ca).
Showcase Smiles will ensure that proper care is taken in the retention, disposal/destruction of personal information in order to prevent its premature disposal and to ensure its timely disposal. The retention, disposition and destruction of personal information will be made in strict accordance with the Operational Security Standards on Physical Security of the Government Security Policy.
Showcase Smiles will develop guidelines and implement procedures with respect to the retention and destruction of personal information.
Use / Disclosure of Personal Information
Showcase Smiles will not use personal information without the consent of the individual about whom the information pertains, unless to do so is for the purpose for which the information was originally collected or compiled, is consistent with that purpose, or is for a purpose for which the information may be disclosed to Showcase Smiles under section 8(2) of the Privacy Act. Showcase Smiles is committed to seeking the consent of individuals whenever possible. Showcase Smiles—when using personal information for a new purpose—will document the new purpose.
Showcase Smiles will not disclose personal information outside of Showcase Smiles without the consent of the individual about whom the information pertains, or unless to do so is permitted by section 8(2) of the Privacy Act. In the case of a permitted disclosure, Showcase Smiles will endeavour to disclose only the specific information that is required under the circumstances and, wherever possible, will inform the individual about the disclosure.
Access to personal information within Showcase Smiles will be restricted to those within Showcase Smiles who need the information in order to carry out their specific job duties (e.g. conduct investigations, answer inquiries, send publications). Those employees will maintain the information in the strictest of confidence and will not provide access to the information to any unauthorized persons. The level of access to personal information will be determined by Showcase Smiles on a need-to-know basis which will be included in relevant Showcase Smiles policies and guidelines.
Showcase Smiles staff will be cautioned to avoid engaging in discussions involving personal information in any area of Showcase Smiles premises, or in any public or private area outside of Showcase Smiles (e.g. hallways, elevators, restaurants, washrooms, homes) where remarks could be overheard and which could result in the disclosure of personal information. Doing so without a legitimate reason directly related to a current job responsibility will be considered a violation of this Policy and could constitute a violation of the Privacy Act.
All individuals hired under contract or other means, by Showcase Smiles, to conduct business for or on behalf of Showcase Smiles, will be required to adhere to the provisions of the Privacy Act with respect to the proper handling and protection of personal information as well as to this Policy and internal procedures. Violations of any part of the contractual agreement may result in termination of the contract.
Safeguarding Personal Information
Showcase Smiles will protect personal information from loss or theft, unauthorized access, use or disclosure, modification or destruction through appropriate administrative, technical and physical security measures and safeguards, regardless of the format in which the information is held.
The level of safeguards used to protect personal information will vary depending on the sensitivity of the personal information; the amount, distribution and format of the information; and the method of storage. Showcase Smiles will follow the requirements of the Government Security Policy and any other security direction and/or guidance provided by the Treasury Board Secretariat, the Royal Canadian Mounted Police and the Communications Security Establishment Canada on physical and information technology security. At a minimum, methods of protection will include:
• controlled entry to Showcase Smiles premises, staff training on privacy and the protection of personal information, and limiting access to information on a “need-to-know” basis;
• screening and security checks of employees and prospective employees commensurate with the sensitivity of the information those employees will be handling, before they handle such information;
•technical measures such as passwords, audit trails, encryption, firewalls and other technical security safeguards;
• physical measures such as locked filing cabinets, restricted access to offices and other areas where personal information is stored. Showcase Smiles will ensure that contractual or other means are used to provide a comparable level of protection while personal information is being processed by a third party.
Access to Personal Information
Showcase Smiles will not require that individuals utilize the Privacy Act to obtain access to their personal information if there is no need to do so. Individuals nevertheless have the right to formally request access to their personal information under the Privacy Act. Under the Access to Information Act, individuals also have the right to formally request access to information in Showcase Smiles files, which may contain their personal information.
Showcase Smiles staff will be required to direct individuals who wish formal access to their personal information to Showcase Smiles’ Access to Information and Privacy (ATIP) Unit. When in doubt as to whether a formal request is required, Showcase Smiles employees must consult with the ATIP Unit or refer the individual to the ATIP Unit. Information concerning Showcase Smiles, the Privacy Act and the Access to Information Act is found at www.priv.gc.ca.
Upon receipt of a formal request under the Privacy Act or the Access to Information Act, Showcase Smiles’ ATIP Unit will respond in accordance with the legislation under which the request was made. A copy of ATIP’s Process and Compliance Manual can also be found at www.priv.gc.ca.
In cases of access that can be given outside of the Privacy Act and the Access to Information Act, Showcase Smiles will afford individuals a reasonable opportunity to review their personal information, will do so within a reasonable time frame and, if copies are requested, will provide them whenever possible. Explanations for abbreviations and codes will be provided.
Personal information may be unavailable because it has been destroyed, erased or made anonymous in accordance with information retention obligations. To the extent possible, Showcase Smiles will inform the individual of the reasons why the personal information no longer exists.
Complaints / Concerns
As it is inappropriate that Showcase Smiles investigate its own actions with respect to its administration of the Privacy Act, complaints lodged against Showcase Smiles under the Act are investigated by the Privacy Commissioner, ad hoc—an individual mandated to independently investigate such complaints against Showcase Smiles. Given that a formal complaint mechanism is in place with respect to the Act, this section of the Policy speaks only to questions or concerns which may be raised about Showcase Smiles’ management of personal information.
Such questions or concerns may be brought to the attention of any Showcase Smiles employee who is in a position to address the matter. If unable to do so, or where particular circumstances exist, the employee must refer the matter to his/her immediate supervisor or member of management staff. Where an individual is not satisfied with the results of the actions which may have been taken by Showcase Smiles to rectify the matter, or with the explanations given, the individual will be informed of his/her right to file a Privacy Act complaint to the Privacy Commissioner, ad hoc and will be provided direction as to how to do so.
Roles and Responsibilities
Employees – it is incumbent upon all employees of Showcase Smiles to inform themselves of their obligations under this Policy and the Privacy Act. Employees must report any and all contraventions of the Policy or the Act to their manager or to ATIP. Managers and Supervisors – along with the responsibilities noted above, managers and supervisors are required to issue instructions to their staff (as necessary) in order to ensure the adherence to this Policy and the Act. They are also required to examine and/or make inquiries into any issues brought to their attention concerning this Policy and the Act. Where and as appropriate, managers and supervisors must notify, work in concert with, or refer certain matters to the Director of HR and the Departmental Security Officer.
Showcase Smiles Chief Privacy Officer – Showcase Smiles Chief Privacy Officer (CPO) will provide advice and guidance to Senior Management, managers, supervisors and employees of Showcase Smiles with respect to the treatment of personal information within Showcase Smiles. The CPO will also act as the primary point of contact for individuals seeking information about Showcase Smiles’ handling of their personal information or who have concerns about Showcase Smiles’ handling of their personal information. For the purposes of this Policy, the CPO is the Director, ATIP and reports to the Privacy Commissioner of Canada.
Director ATIP – in the context of this Policy—and along with the responsibilities noted in all of the above—the Director is responsible for the proper application of the Privacy Act and policies with respect to individuals’ personal information and with respect to their requests for access to their personal information under the Act.
Monitoring & Evaluation
Measuring compliance with this policy will form part of Showcase Smiles internal audit program, which will conduct periodic audits within all programs and services of Showcase Smiles. The results of internal audits will be reported to the Privacy Commissioner.
Related Government of Canada References
This Policy is designed to comply with the Privacy Act and the principles of natural justice, and to express Showcase Smiles’ commitment to comply with the Privacy Act.
Related Showcase Smiles References
The following laws, policies and guidelines should be read in conjunction with this Policy:
• Privacy Act and Privacy Regulations
• Access to Information Act and Regulations
• Library and Archives of Canada Act
• Public Service Employment Act
• Public Service Labour Relations Act
• Treasury Board of Canada Policy on Privacy Protection
• Treasury Board of Canada Guidelines on Privacy and Data Protection
• Treasury Board of Canada Policy on the Use of Electronic Networks
• Government of Canada Security Policy
• The Office of the Privacy Commissioner (hereinafter referred to as the OPC) Policy on Departmental Security (when approved)
• OPC Guidelines for Managing Electronic Mail
• OPC Information Management Policy
• OPC Policy on the Acceptable Use of Electronic Networks (when approved)
• OPC Policy on Computer Workstations and Peripherals
• OPC Privacy Breach Policy (when approved)
• OPC Access to Information and Privacy Process and Compliance Manual
Inquiries
Any inquiries regarding this Policy or for further information or concerns about how Showcase Smiles manages the personal information that it collects, should be directed to:
Bruno Paliani, Showcase Smiles’ Chief Privacy Officer. He can be reached at info@showcasesmiles.com.
Effective Date
August 18, 2014
Policy Objectives
In carrying out its mandate under both the Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPEDA), Showcase Smiles collects personal information about individuals as defined by section 3 of the Privacy Act. Showcase Smiles is committed to respecting the privacy rights of all individuals whose personal information has been collected by Showcase Smiles.
Showcase Smiles Corporate Privacy Policy (the Policy) is an expression of Showcase Smiles’ commitment to adhere not only to the legislative requirements of the Privacy Act concerning the handling of personal information, but to the spirit of the Act as well. Its objective is to balance Showcase Smiles’ need to collect, retain, use, disclose and dispose of personal information about individuals with the right to privacy of those individuals, and to ensure that all individuals are aware of the circumstances under which their personal information will be collected, retained, used, disclosed, and disposed of by Showcase Smiles.
All communications regarding this Policy will respect the applicable official language provisions of the Official Languages Act and supporting policies and guidelines.
Application
This Policy applies to the activities of Showcase Smiles in managing personal information that it collects during the course of mandated activities under the Privacy Act and PIPEDA and during the course of its regular administrative activities. The Policy is intended to be consistent with the legislative requirements of the Privacy Act and the Library and Archives of Canada Act to which Showcase Smiles has been subject since April 1, 2007.
Showcase Smiles is committed to adhering not only to the Privacy Act to which it is subject, but also to the obligations set out in Schedule I of PIPEDA wherever possible and to the extent relevant.
This Policy does not apply to the personal information of Showcase Smiles employees as such information is addressed in the “Showcase Smiles Employee Privacy Policy”.
Policy Statement
Showcase Smiles is committed to protecting the privacy, confidentiality and security of the personal information that it holds by adhering to the requirements of the Privacy Act with respect to the management of personal information. Showcase Smiles is equally committed to ensuring that all employees and agents of Showcase Smiles uphold these obligations.
Violation of this Policy through intent or neglect may result in disciplinary action up to and including termination of employment or association with Showcase Smiles. Where appropriate, legal sanctions may also be pursued.
Policy Requirements
Showcase Smiles is responsible for the personal information that it collects as a result of its mandate under the Privacy Act and PIPEDA and which it subsequently retains, uses, discloses, and destroys. Showcase Smiles has and will continue to develop and implement policies and practices to ensure that personal information is handled in strict accordance with the Privacy Act. Showcase Smiles’ Chief Privacy Officer is designated as responsible for overseeing the implementation of those policies and practices to ensure compliance, including:
• providing the same and simultaneous training for all Showcase Smiles staff (including temporary staff and contractors) as outlined in the Employee Privacy Policy concerning the Privacy Act, this Policy and Showcase Smiles’ practices and expectations with respect to the handling of personal information;
• ensuring open, full and timely communication to employees and individuals about Showcase Smiles’ policies, practices and expectations with respect to the handling of personal information;
• the establishment of standards for classifying the sensitivity of personal information, to determine the appropriate level of security required for the information;
• ensuring that personal information is safeguarded from improper access, loss, use, disclosure or destruction through;
• the implementation of systems to ensure that only Showcase Smiles employees (including temporary staff) whose Showcase Smiles responsibilities require access to personal information, are granted access to that information;
• the inclusion of specific confidentiality provisions in contracts or other arrangements with third parties, which require adherence to the Privacy Act as well as to this Policy and internal procedures;
• ensuring procedures are in place under which individuals may request access to their personal information, request correction of their personal information, and file complaints concerning the management of their personal information;
• ensuring procedures are in place under which individuals are notified of an improper collection, retention, use, disclosure or destruction of their personal information; and
• monitoring the degree of compliance with this Policy annually and, where required, initiating action to correct any deficiencies.
Collection of Personal Information
Showcase Smiles collects personal information from individuals for various purposes, primarily relating to the investigation of complaints made under the Privacy Act and PIPEDA or relating to inquiries concerning those Acts. Showcase Smiles may also collect personal information for administrative reasons, e.g. to provide individuals with publications or other requested information, concerning attendees to conferences or other functions.
Showcase Smiles commits to collecting only personal information, which is directly related to an operating program or activity of Showcase Smiles. Wherever possible, such information will be collected directly from the individual about whom it pertains. The amount and the type of the information collected will be limited to that necessary to fulfill identified purpose(s).
When conducting investigations, a great deal of personal information is collected directly from the individual about whom it pertains, however, Showcase Smiles also collects personal information from other sources, including witnesses, employers, government or corporate files and records, from other third parties etc. Personal information collected for administrative reasons is often collected directly from the individual about whom the information pertains but may also be collected through a third party (e.g. an administrative assistant may provide information concerning his/her supervisor’s attendance at a conference).
Showcase Smiles staff collecting personal information on behalf of Showcase Smiles will be required to be able to explain to individuals the purpose(s) for which the information is being collected or—if unable to do so—will be required to refer the individual to a designated person within Showcase Smiles who is able to explain the purpose(s).
Full descriptions of the types of personal information collected by Showcase Smiles, along with the purposes for which Showcase Smiles collects each type of information, are described in the Treasury Board Secretariat’s (TBS) publication entitled Info Source—Sources of Federal Government Information (available at www.infosource.gc.ca).
Consent
Wherever possible, Showcase Smiles is committed to seeking the consent of individuals prior to the collection of their personal information. The form of consent may vary depending on the circumstances and the type of information being sought. Consent can be express or implied and can be provided directly by the individual or by an authorized representative. Express consent of individuals is preferable and will be sought whenever possible. Express consent can be given orally, electronically or in writing. Implied consent may be reasonably inferred from an individual’s action or inaction (i.e. providing a name and address in order to receive a publication, providing a name and telephone number in order to obtain a response to a question). When determining the appropriate form of consent, Showcase Smiles will take into account the sensitivity of the personal information at issue, the purposes for which it is collected, and the reasonable expectations of the individual.
In the context of investigations conducted under the Privacy Act or PIPEDA, obtaining consent from an individual for the collection, use, or disclosure of personal information may not be possible, appropriate or required. Further, both the Privacy Act and PIPEDA provide for the disclosure of personal information during the course of an investigation if to do so is necessary to carry out an investigation under those Acts and/or to establish the grounds for findings and recommendations contained in the Privacy Commissioner’s report.
Accuracy / Correction of Personal Information
Showcase Smiles will not require that individuals utilize the Privacy Act in order to correct their personal information if there is no need to do so (e.g. to update the individual’s address on a mailing list). There will be instances, however, where individuals will be required to do so (e.g. the individual requests corrections to his/her personal information in an investigation file).
Showcase Smiles staff will be required to direct individuals who wish to formally correct their personal information to Showcase Smiles’ Access to Information and Privacy (ATIP) Unit. When in doubt as to whether a formal request for correction is required, Showcase Smiles employees must consult with the ATIP Unit or refer the individual to the ATIP Unit. Information concerning the Privacy Act is found at www.priv.gc.ca.
Upon receipt of a formal request for the correction of personal information, Showcase Smiles’ ATIP Unit will respond in accordance with the Privacy Act. A copy of ATIP’s Process and Compliance Manual can also be found at www.priv.gc.ca.
Showcase Smiles will make every reasonable effort to ensure that personal information used in a decision-making process, which directly affects the individual to whom the information relates, is as accurate, up-to-date and complete as possible. Showcase Smiles will also make every reasonable effort to ensure that personal information disclosed to third parties is as accurate, up-to-date and complete as possible.
Showcase Smiles will update personal information as necessary in order to fulfill the identified purposes either directly by contacting the individual to whom the information relates, or indirectly from other sources if Showcase Smiles has the authority to collect such information from a third party.
In most cases, Showcase Smiles will rely on the individual to ensure that factual personal information is accurate, up-to-date and complete. If an individual is able to demonstrate that his/her personal information is inaccurate or incomplete, Showcase Smiles will amend the information as required. If appropriate, Showcase Smiles will send the amended information to third parties to whom the information has been disclosed.
Correction of opinion will normally be made if the individual was the source of the opinion and the opinion does not concern any other individual. Corrections will not normally be made to opinions given by other individuals about the individual unless there are reasons to suspect the reliability of the source of the opinion, or if the source of the opinion agrees that the opinion was based on incorrect information.
When a challenge regarding the accuracy of personal information is not resolved to an individual’s satisfaction, Showcase Smiles will annotate the personal information at issue with a note advising that a correction was requested but that it was not made. An individual has the right to have a document outlining his/her version on the matter included on the appropriate file. Where appropriate Showcase Smiles will provide a copy of that document to any person or body who was provided with the information at issue in order that the other person or body is aware of the individual’s version of the matter.
Retention / Destruction of Personal Information
Showcase Smiles is responsible for ensuring that all personal information is managed within an established life cycle. In accordance with the Privacy Act, the Privacy Regulations and the Library and Archives of Canada Act, personal information used by Showcase Smiles to make a decision about an individual shall be retained for at least two years after the decision was made. This allows the individual to exercise legal recourse and ensures that the individual has the opportunity to exercise all of the rights afforded him/her under the Privacy Act.
Showcase Smiles will retain personal information in accordance with the maximum retention periods set out under the Library and Archives of Canada Act. Retention periods for specific types of personal information are set out in the TBS publication entitled Info Source—Sources of Federal Government Information (available at http://www.infosource.gc.ca).
Showcase Smiles will ensure that proper care is taken in the retention, disposal/destruction of personal information in order to prevent its premature disposal and to ensure its timely disposal. The retention, disposition and destruction of personal information will be made in strict accordance with the Operational Security Standards on Physical Security of the Government Security Policy.
Showcase Smiles will develop guidelines and implement procedures with respect to the retention and destruction of personal information.
Use / Disclosure of Personal Information
Showcase Smiles will not use personal information without the consent of the individual about whom the information pertains, unless to do so is for the purpose for which the information was originally collected or compiled, is consistent with that purpose, or is for a purpose for which the information may be disclosed to Showcase Smiles under section 8(2) of the Privacy Act. Showcase Smiles is committed to seeking the consent of individuals whenever possible. Showcase Smiles—when using personal information for a new purpose—will document the new purpose.
Showcase Smiles will not disclose personal information outside of Showcase Smiles without the consent of the individual about whom the information pertains, or unless to do so is permitted by section 8(2) of the Privacy Act. In the case of a permitted disclosure, Showcase Smiles will endeavour to disclose only the specific information that is required under the circumstances and, wherever possible, will inform the individual about the disclosure.
Access to personal information within Showcase Smiles will be restricted to those within Showcase Smiles who need the information in order to carry out their specific job duties (e.g. conduct investigations, answer inquiries, send publications). Those employees will maintain the information in the strictest of confidence and will not provide access to the information to any unauthorized persons. The level of access to personal information will be determined by Showcase Smiles on a need-to-know basis which will be included in relevant Showcase Smiles policies and guidelines.
Showcase Smiles staff will be cautioned to avoid engaging in discussions involving personal information in any area of Showcase Smiles premises, or in any public or private area outside of Showcase Smiles (e.g. hallways, elevators, restaurants, washrooms, homes) where remarks could be overheard and which could result in the disclosure of personal information. Doing so without a legitimate reason directly related to a current job responsibility will be considered a violation of this Policy and could constitute a violation of the Privacy Act.
All individuals hired under contract or other means, by Showcase Smiles, to conduct business for or on behalf of Showcase Smiles, will be required to adhere to the provisions of the Privacy Act with respect to the proper handling and protection of personal information as well as to this Policy and internal procedures. Violations of any part of the contractual agreement may result in termination of the contract.
Safeguarding Personal Information
Showcase Smiles will protect personal information from loss or theft, unauthorized access, use or disclosure, modification or destruction through appropriate administrative, technical and physical security measures and safeguards, regardless of the format in which the information is held.
The level of safeguards used to protect personal information will vary depending on the sensitivity of the personal information; the amount, distribution and format of the information; and the method of storage. Showcase Smiles will follow the requirements of the Government Security Policy and any other security direction and/or guidance provided by the Treasury Board Secretariat, the Royal Canadian Mounted Police and the Communications Security Establishment Canada on physical and information technology security. At a minimum, methods of protection will include:
• controlled entry to Showcase Smiles premises, staff training on privacy and the protection of personal information, and limiting access to information on a “need-to-know” basis;
• screening and security checks of employees and prospective employees commensurate with the sensitivity of the information those employees will be handling, before they handle such information;
•technical measures such as passwords, audit trails, encryption, firewalls and other technical security safeguards;
• physical measures such as locked filing cabinets, restricted access to offices and other areas where personal information is stored. Showcase Smiles will ensure that contractual or other means are used to provide a comparable level of protection while personal information is being processed by a third party.
Access to Personal Information
Showcase Smiles will not require that individuals utilize the Privacy Act to obtain access to their personal information if there is no need to do so. Individuals nevertheless have the right to formally request access to their personal information under the Privacy Act. Under the Access to Information Act, individuals also have the right to formally request access to information in Showcase Smiles files, which may contain their personal information.
Showcase Smiles staff will be required to direct individuals who wish formal access to their personal information to Showcase Smiles’ Access to Information and Privacy (ATIP) Unit. When in doubt as to whether a formal request is required, Showcase Smiles employees must consult with the ATIP Unit or refer the individual to the ATIP Unit. Information concerning Showcase Smiles, the Privacy Act and the Access to Information Act is found at www.priv.gc.ca.
Upon receipt of a formal request under the Privacy Act or the Access to Information Act, Showcase Smiles’ ATIP Unit will respond in accordance with the legislation under which the request was made. A copy of ATIP’s Process and Compliance Manual can also be found at www.priv.gc.ca.
In cases of access that can be given outside of the Privacy Act and the Access to Information Act, Showcase Smiles will afford individuals a reasonable opportunity to review their personal information, will do so within a reasonable time frame and, if copies are requested, will provide them whenever possible. Explanations for abbreviations and codes will be provided.
Personal information may be unavailable because it has been destroyed, erased or made anonymous in accordance with information retention obligations. To the extent possible, Showcase Smiles will inform the individual of the reasons why the personal information no longer exists.
Complaints / Concerns
As it is inappropriate that Showcase Smiles investigate its own actions with respect to its administration of the Privacy Act, complaints lodged against Showcase Smiles under the Act are investigated by the Privacy Commissioner, ad hoc—an individual mandated to independently investigate such complaints against Showcase Smiles. Given that a formal complaint mechanism is in place with respect to the Act, this section of the Policy speaks only to questions or concerns which may be raised about Showcase Smiles’ management of personal information.
Such questions or concerns may be brought to the attention of any Showcase Smiles employee who is in a position to address the matter. If unable to do so, or where particular circumstances exist, the employee must refer the matter to his/her immediate supervisor or member of management staff. Where an individual is not satisfied with the results of the actions which may have been taken by Showcase Smiles to rectify the matter, or with the explanations given, the individual will be informed of his/her right to file a Privacy Act complaint to the Privacy Commissioner, ad hoc and will be provided direction as to how to do so.
Roles and Responsibilities
Employees – it is incumbent upon all employees of Showcase Smiles to inform themselves of their obligations under this Policy and the Privacy Act. Employees must report any and all contraventions of the Policy or the Act to their manager or to ATIP. Managers and Supervisors – along with the responsibilities noted above, managers and supervisors are required to issue instructions to their staff (as necessary) in order to ensure the adherence to this Policy and the Act. They are also required to examine and/or make inquiries into any issues brought to their attention concerning this Policy and the Act. Where and as appropriate, managers and supervisors must notify, work in concert with, or refer certain matters to the Director of HR and the Departmental Security Officer.
Showcase Smiles Chief Privacy Officer – Showcase Smiles Chief Privacy Officer (CPO) will provide advice and guidance to Senior Management, managers, supervisors and employees of Showcase Smiles with respect to the treatment of personal information within Showcase Smiles. The CPO will also act as the primary point of contact for individuals seeking information about Showcase Smiles’ handling of their personal information or who have concerns about Showcase Smiles’ handling of their personal information. For the purposes of this Policy, the CPO is the Director, ATIP and reports to the Privacy Commissioner of Canada.
Director ATIP – in the context of this Policy—and along with the responsibilities noted in all of the above—the Director is responsible for the proper application of the Privacy Act and policies with respect to individuals’ personal information and with respect to their requests for access to their personal information under the Act.
Monitoring & Evaluation
Measuring compliance with this policy will form part of Showcase Smiles internal audit program, which will conduct periodic audits within all programs and services of Showcase Smiles. The results of internal audits will be reported to the Privacy Commissioner.
Related Government of Canada References
This Policy is designed to comply with the Privacy Act and the principles of natural justice, and to express Showcase Smiles’ commitment to comply with the Privacy Act.
Related Showcase Smiles References
The following laws, policies and guidelines should be read in conjunction with this Policy:
• Privacy Act and Privacy Regulations
• Access to Information Act and Regulations
• Library and Archives of Canada Act
• Public Service Employment Act
• Public Service Labour Relations Act
• Treasury Board of Canada Policy on Privacy Protection
• Treasury Board of Canada Guidelines on Privacy and Data Protection
• Treasury Board of Canada Policy on the Use of Electronic Networks
• Government of Canada Security Policy
• The Office of the Privacy Commissioner (hereinafter referred to as the OPC) Policy on Departmental Security (when approved)
• OPC Guidelines for Managing Electronic Mail
• OPC Information Management Policy
• OPC Policy on the Acceptable Use of Electronic Networks (when approved)
• OPC Policy on Computer Workstations and Peripherals
• OPC Privacy Breach Policy (when approved)
• OPC Access to Information and Privacy Process and Compliance Manual
Inquiries
Any inquiries regarding this Policy or for further information or concerns about how Showcase Smiles manages the personal information that it collects, should be directed to:
Bruno Paliani, Showcase Smiles’ Chief Privacy Officer. He can be reached at info@showcasesmiles.com.