INTRODUCTION
Northeastern Protection Service Inc. and all it’s affiliate companies and divisions (collectively referred to as Northeastern) embraces the Canadian Federal Personal Information Protection and Electronics Documents Act (PIPEDA) and acknowledges the importance of national standards to protect the personal information that we collect. Please note that we are properly licensed and tightly regulated by the Justice, Solicitor General or equivalent ministries of the respective provinces. Investigators will only collect personal information on individuals where there is a potential contravention of the law or breaches of agreements or other circumstances that permit us legally to collect this information under the laws of Canada. The Northeastern Code of Privacy follows and complies to the CSA Model Code of Personal Information Privacy and is as follows:
ACCOUNTABILITY
Northeastern will be responsible for all personal information under their control. They have established a Privacy Office and designated a Chief Privacy Officer and in some instances additional Privacy officers to ensure their organization’s compliance with the policies and procedures set out in their respective Code of Conduct. The Chief Privacy Office of Northeastern can be reached during business hours at:
202 Brownlow Avenue, Unit 130
Dartmouth, NS B3B 1T5
Telephone (902) 435-1336 Facsimile (902) 435-0093
E-Mail: privacy@protectionpartner.ca
Electronic enquiries to the Privacy Office of Northeastern must be in writing and include the enquirer’s full name and his or her reason for making the enquiry. Upon receipt of a written enquiry, our Privacy Officer will respond within thirty days of receipt of that enquiry. It is Northeastern’ commitment to:
- Protect personal information,
- Allow individuals to request information; seek amendments to their personal information and file complaints against Northeastern with our Privacy Office,
- Train and educate our staff,
- Develop information, which explains these procedures to the public and our clients.
Although we rarely, if at all, use third parties to process personal information, we will use reasonable means to ensure that all third parties transferring personal information are afforded a comparable level of protection to that which Northeastern maintains.
IDENTIFY PURPOSES
Northeastern will identify the purpose for which we collect personal information on affected individuals at or before the time of collection. All assignments received from our corporate, government, and other clients will be vetted to ensure their requests for information are compliant with PIPEDA. We may choose to orally explain to affected individuals the purposes for which personal information is being collected and then place a notation in the applicable file indicating that this has been done. Alternatively, an application form may be used. Northeastern may identify any new purposes that arise during the course of dealings with personal information and obtain prior consent required for this new use, even if we have already identified certain initial purposes. However, we will only do this when the intended new use purpose truly constitutes a “new” use, i.e., when the new purpose being proposed is sufficiently different from the purpose initially identified.
CONSENT
Northeastern will obtain the appropriate consent from individuals for collection, use or disclosure of personal information, except where the law provides an exception. We may obtain express consent for the collection, user disclosure of personal information, or when we determine that consent has been applied by the circumstances. Express consent is specific authorization given by the individual to Northeastern, either orally or in writing. Implied consent is when we have not received a specific consent but the circumstances allow us to collect, use, or disclose personal information.
In most incidences, obtaining the knowledge and consent of individuals would defeat the purpose of an investigation, in particular with respect to a breach of an agreement or contravention of a law. Personal information will only be collected, used and disclosed by Northeastern’ employees without consent in accordance with Section 7 of the Personal Information Protection and Electronics Documents Act, S.C. 2000, c.5 (PIPEDA) or under other lawful means.
LIMITING COLLECTION
The personal information that Northeastern collects will be limited to that which is necessary for purposes we have identified. We will only collect personal information for specific, legitimate purposes. We will not collect personal information indiscriminately. We will only collect information by fair and lawful means and not by misleading or deceiving individuals about the purpose for which the information is being collected. Northeastern’ policies and procedures relating to the limitations on collection of personal information will be regularly communicated to their investigators who deal with collection, use and disclosure of personal information.
LIMITING USE, DISCLOSURE, AND RETENTION
Personal information will not be used or disclosed for purposes other than those for which it is collected, except with the consent of the individual or as permitted by law. Northeastern will only retain personal information as long as necessary for the fulfillment of those purposes. Personal information that is no longer required to fulfill identified purposes will be destroyed, erased, or made anonymous. Please note that there may be situations where Northeastern uses, discloses or retains personal information for legitimate purposes not identified to the individual to which the information pertains including those situations referred to in the Consent Section.
ACCURACY
The personal information Northeastern collects will be accurate, complete and up-to-date as necessary for its intended purposes. Our goal is to minimize the possibility that inappropriate information may be used to make a decision about any individual whose personal information we process. The process for ensuring accuracy and compliance will involve:
- Initial collection from client,
- Client will be asked to verify accuracy and completeness,
- Regular reviews; and
- Verifying accuracy by contacting third parties (e.g. motor vehicle and driving record authorities, etc.).
If a significant error or omission is identified, we will correct or amend the information as appropriate. Where necessary, the Investigators will send such corrected or amended information to third parties who have had access to the information in question.
SAFEGUARDS
Northeastern will safeguard all personal information under their control in a manner that is appropriate to the sensitivity of the information. We will take all the physical security measures necessary including alarming and properly locking our facilities and/or locking all personal information in secure filling cabinets. All Northeastern staff, including investigators and administration staff have been properly trained in those policies pertaining to these safeguards. Members of the public are not allowed access to our facilities unless identified, logged in, and escorted by properly trained staff. No sensitive personal information, pertaining to subjects of investigations will be electronically transferred to our clients unless the electronic files have been encrypted with an industry standard encryption program before being transferred. Distribution of personal information will be on a need-to-know basis. Northeastern will take precautions in the disposal or destruction of personal information to prevent unauthorized parties from gaining access to information. These measures include:
- Ensuring that no one may retrieve personal information after disposal,
- Shredding documents before recycling them,
- Deleting electronically stored information.
OPENNESS
Northeastern will make readily available to individuals requesting specific information about our policies and procedures relating to the management of personal information that are under their control. Northeastern’ investigators and staff will make available to the public easily understandable information about their companies, privacy policies, and Codes of Privacy, both in hard copy or by requesting a copy of same by calling 902-435-1336 or by using our web site at www.protectionpartner.ca
INDIVIDUAL ACCESS
Upon request, an individual will be informed of the existence, use and disclosure of his/her personal information, which is under our Northeastern’ control, and may be given access to and be permitted to challenge the accuracy and the completeness of that information.
There are lawful exceptions that will prevent us from providing access, which include, but are not limited to the following:
- Personal information about another person might be revealed.
- Commercially confidential information might be revealed.
- Someone’s life or security might be compromised.
- The information was collected without consent for the purposes related to an investigation of a breach or an agreement or contravention of a law or other lawful exemption.
- The information was generated during the course of a formal dispute resolution process.
- The information is protected by the Solicitor/Client privilege.
Northeastern will take reasonable efforts to verify the credentials of the individual requesting the information, and to determine whether the individual has a right to access the information, and what information (if any) is subject to lawful exceptions. Northeastern will respond to each request in a reasonable time frame. Under no circumstance is Northeastern obligated to disclose information immediately upon request, or under duress, or in any circumstance which could circumvent the due diligence process.
CHALLENGING COMPLIANCE
An individual may address a challenge concerning compliance with the aforementioned policies and procedures to the Privacy Office of Northeastern whose details are listed in the Accountability Section.