|
PURPOSES
To record the credit union's position on the use of and access to personal information which members and/or customers make available to the credit union in the course of conducting their business.
To protect the interests of those who do business with the credit union from any unauthorized use of personal information.
POLICY STATEMENTS
The credit union enforces strict compliance with the confidentiality requirements of its standards of professional conduct policy.
In addition, the credit union subscribes to the following code for the privacy, protection and confidentiality of member and/or customer information:
Accountability
The credit union is accountable for the personal information under its control and to which it has access, and designates responsibility for compliance with this policy to the general manager.
Identifying Purpose
The credit union will identify the purpose for which information is collected at or before the time it is collected.
Consent
The positive consent of the member and/or customer is required for the collection, use or disclosure of personal information except where it is required by law or authorized under The Credit Union Act, 1998 and The Credit Union Regulations, 1999, or the Personal Information Protection and Electronic Documents Act (Canada).
�Collection
The collection of personal information will be limited to that which is necessary for the purposes identified by the credit union. All information will be collected by fair and lawful means.
Limiting Use, Disclosure and Retention
Personal information will not be used or disclosed for purposes other than that for which it was collected except with the consent of the person, or as required by law. Personal information may be retained for as long as the person conducts business with the credit union.
Accuracy
Personal information will be as accurate, complete and current as is possible or necessary for the purpose for which it was collected.
|
Safeguards
Personal information will be protected from misuse by security systems appropriate to the sensitivity of the information.
Openness
The credit union will make readily available to members and/or customers, specific information about the credit union policies and practices relating to the handling of personal information.
Individual Access
Upon request, an individual will be informed of the existence, use and disclosure of personal information held by the credit union, and provided with access to that information. Individuals will be given the opportunity to ensure the accuracy and completeness of the information and to challenge or correct its content as appropriate.
�Compliance
A member and/or customer may challenge compliance with this policy to the general manager and the credit union will have procedures in place to respond to questions or concerns.
RESPONSIBILITY
Implementation of, and compliance with, this policy is the responsibility of the general manager. The board will review this policy at least annually at the meeting at which compliance observations are reported by management or the auditor or inspector.
Nothing in this policy is intended to prohibit the proper and responsible use of information given with consent, for the purposes of enhancing services or delivering services to members and/or customers. This policy does not diminish the credit union's need to make fully informed decisions about the services it provides or persons to whom services may be provided. This policy does not authorize the taking of any business risks without all information needed to support prudent decisions.
MONITORING AND REPORTING
The general manager will report, at least annually, to the board on compliance with this policy or in lieu of a report, ensure that compliance observations are part of audit or inspection processes.
|
