At OrbCare, we take the privacy and security of our customers seriously. We are in the business of supporting our customers transmit personal health information and are committed to taking all necessary steps and implementing technology to ensure the privacy and security of information. Our privacy and security practices are developed to comply with applicable privacy legislations for our customers which includes the principles outlined in the Canadian Standard Association Model Code for the Protection of Personal Information below. Should you have any questions or concerns, please don’t hesitate to contact our Chief Privacy Officer at email@example.com.
The principle of Accountability states that an organization shall designate someone to be accountable for the management of personal information. This includes the collection, usage, disclosure, retention, and transfer of personal information to third parties for processing.
The principle of Identifying Purposes states that an organization must clearly identify the purposes for which personal information is collected, either before or at time of collection. This also helps organizations comply with the Openness and Individual Access principles.
The principle of Consent states that the knowledge and consent of individuals are required when an organization collects, uses, or discloses personal information, and it must be in such a way that the individual clearly understands.
The principle of Limiting Collection states that the personal information an organization collects should only be limited to that which is necessary for the purposes identified.
The principle of Limiting Use, Disclosure, and Retention states that an organization shall limit the ways it uses, discloses and retains personal information.
The principle of Accuracy states that an organization should ensure that the personal information it collects should be accurate, complete, and up-to-date for the purposes for which it is being used.
The principle of Safeguards states that an organization should protect personal information with security safeguards that are appropriate for the sensitivity of personal information held. Personal information should be protected against loss or theft, unauthorized access, disclosure, copying, use or modification, regardless of what format it is stored in (paper, electronic, etc).
The principle of Openness states that an organization shall make its policies and procedures about how it manages personal information readily available. It should not provide barriers to access — if an individual is making a request to know about your organization’s information handling practices, the request should be done without an unreasonable effort. When providing the information, it should be available in a form that’s generally understandable. The information should be provided in plain, simple English that someone without a university degree can understand — save legalese for your lawyers and contracts.
The principle of Individual Access states that upon an individual’s request, an organization shall make known to the individual the existence, use, and disclosure of personal information and give access to it. If an individual challenges the accuracy or completeness of his or her personal information, the organization shall amend the information where appropriate. This can involve correcting, deleting, or adding personal information. Where appropriate, your organization should transfer the amended information to third parties.
The principle of Challenging Compliance states that individuals shall be able to challenge an organization’s compliance on any of the privacy principles. This means that an organization must have procedures in place to receive and respond to complaints and inquiries. The procedures should be simple and easy to use. An organization must not only have them in place, but also notify individuals who make inquiries or complaints about its existence.