Personal Information Protection - Privacy, Security and Retention Policy

1. Accountability: CSIO is responsible for all personal information under its control subject to federal and provincial privacy laws and its Privacy Officer is accountable for CSIO’s compliance with the principles described in this Privacy Code. 

2. Purpose:  The purposes for which personal information is collected, used and disclosed by CSIO will be identified and documented by CSIO at or before the time the information is collected.

3. Consent:  The knowledge and consent of the individual are generally required for the collection, use or disclosure of personal information.  In all cases, CSIO must rely on consent obtained by insurance companies, their brokers or third party service providers.  

4. Collection:   Personal information in the custody of CSIO is limited to that which has been collected by insurance companies, their brokers or third party service providers. CSIO acts as the agent of these organizations in collecting, using and disclosing personal information.

5. Limitation and Retention:  Personal information will only be in the custody of CSIO while being transferred back and forth between the broker and insurance company for purposes for which it was collected, except where the consent of the individual has been withdrawn or as allowed/restricted by law.   Office records are retained for the commercially accepted period, up to a maximum of seven years.

6. Accuracy: CSIO depends on brokers, insurance companies or third party service providers for the accuracy and completeness of personal information. CSIO will minimize the possibility of inappropriate information being considered in the decision making process.

7. Security:  CSIO will make reasonable security arrangements to protect personal information in its custody or under its control.  Sensitivity of the information will be taken into consideration when protecting your personal information. CSIO employs security procedures and protocols consistent with general practices within the financial industry.

8. Openness:  CSIO will make readily available to individuals specific information about our policies and practices regarding the management of personal information.

9. Accessibility:   Upon request in writing, CSIO will inform an individual of the existence, use, and disclosure of his or her personal information in the custody of CSIO. CSIO will provide an account of the use that has been made or is being made of personal information and to whom it has been disclosed. In all cases, CSIO must rely on insurance companies, their brokers or third party service providers as the source of the information, because they provide the personal information to CSIO for the purpose of acting as their agent.

10. Challenges:  An individual can address a challenge concerning compliance with the above principles to CSIO’s Privacy Officer.    

Privacy Officer c/o  
The Centre for Study of Insurance Operations  
110 Yonge Street, Suite 500  
Toronto, Ontario, M5C 1T4