Below are the ten principles as they apply to us:
- Identifying purposes for collecting personal information
We will identify the purposes for which personal information is collected at or before the time the information is collected.
- Consent for collection, use, and disclosure of personal information
The knowledge and consent of the individual, or person authorized to consent on behalf of the individual, are required for the collection, use or disclosure of personal health information, except where otherwise required by law.
- Limiting collection of personal information
We will limit the collection of personal information to that which is necessary for the authorized purposes identified. Information will be collected by fair and lawful means.
- Limiting use, disclosure, and retention of personal information
Personal information will not be used or disclosed for purposes other than those for which it was collected. Personal information will be retained only as long as necessary for the fulfillment of those purposes.
- Accuracy of personal information
Personal information will be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.
- Ensuring safeguards for personal information
Personal information will be protected by security safeguards appropriate to the nature and format of the information being stored.
We will make readily available to individuals specific information about its policies and practices relating to the management of personal information.
- Individual access to personal information
Except as restricted by law (for example, under the Mental Health Act), upon written request by the individual or substitute decision maker, an individual will be informed of the existence, use and disclosure of his or her personal information and will be given access to that information. An individual will be able to challenge the accuracy and completeness of the information and may request to have it amended.
An individual will be able to address a challenge or complaint concerning compliance with the above principles to the Chief Privacy Officer or to the provincial Information Privacy Commissioner.