PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT
The Personal Information Protection and Electronic Documents Act (PIPEDA) is Canada’s federal private-sector privacy law. It sets out ground rules for how McDermott + Bull must handle personal information.
Under PIPEDA, personal information includes any factual or subjective information, recorded or not, about an identifiable individual. This includes information in any form, such as:
- Age, name, ID numbers, income, ethnic origin, or blood type.
- Opinions, evaluations, comments, social status, or disciplinary actions.
- Employee files, credit records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire services, or change jobs).
McDermott + Bull has outlined below our Ten Privacy Principles based on the Privacy Principles established in Canada’s PIPEDA.
M+B’s Ten Privacy Principles
McDermott + Bull has 10 Privacy Principles, based on those established in the PIPEDA. McDermott + Bull has implemented policies and practices to give effect to these principles.
Principle 1 – Accountability
McDermott + Bull is responsible for personal information in its possession or custody, including information that has been transferred to a third party for processing. McDermott + Bull will use contractual or other means to provide a comparable level of protection while the information is being processed by a third party. McDermott + Bull has implemented policies and practices to give effect to the principles, including:
- Implementing procedures to protect personal information.
- Establishing procedures to receive and respond to complaints and inquiries.
- Training staff and communicating to staff information about the organization’s policies and practices.
- Developing information to explain the organization’s policies and procedures.
Principle 2 – Identifying Purposes
Canadian residents have a right to know how their information will be used. McDermott + Bull will explain why we need your information before or at the time we collect it if the purpose is not already clear. We will assume that the purpose is clearly identified when we use your personal information to:
- Provide you with the services you have requested.
- Communicate with you about the services you have requested.
- Ensure that you are properly registered to use our services and to receive any associated technical support.
- Inform you of any important service revisions or updates.
Aggregate data is general information about a group of people and does not identify you individually. McDermott + Bull may combine your information with that of others to generate aggregate data that can be used to improve our services or develop new ones. For example, we may tell a third party how many users have subscribed to a service, but not identify that you personally are a subscriber.
Principle 3 – Consent + Disclosure
You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. To withdraw your consent, please click here to make a request to delete your information.
Principle 4 – Limiting Collection
Principle 5 – Limiting Use + Disclosure + Retention
McDermott + Bull will not use or disclose your personal information other than for the purpose for which it was collected unless we receive your consent or unless we are required or permitted to by law. When providing information in response to a legal inquiry or order, we will verify its validity and disclose only the information that is legally required. McDermott + Bull will make reasonable efforts, with the bounds of the law, to notify you should your personal information be subject to disclosure.
McDermott + Bull will keep your personal information only for as long as it needs to for the purposes identified above, as required by law, or as necessary to resolve any disputes you may have concerning our services. McDermott + Bull will follow internally set guidelines and use care in the disposal, destruction, or de-identification of personal information to prevent unauthorized parties from gaining access to such information.
Principle 6 – Accuracy
McDermott + Bull will maintain accurate, complete, and up-to-date personal information as required for the identified purposes associated with its collection. The extent to which personal information is accurate, complete, and up-to-date will depend upon the use of the information, taking into account the interests of the individual. Information will be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about the individual. McDermott + Bull will not routinely update personal information, unless such a process is necessary to fulfill the purposes for which the information was collected. Personal information that is used on an ongoing basis, including information that is disclosed to third parties, should generally be accurate and up-to-date, unless limits to the requirement for accuracy are clearly set out.
Please click here to request an update to your personal information or to let us know if your contact or other personal information changes.
Principle 7 – Safeguards
McDermott + Bull protects the personal information in our possession and control by using security safeguards appropriate to the sensitivity of the information. The security safeguards will protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. McDermott + Bull will protect personal information regardless of the format in which it is held. The nature of the safeguards will vary depending on the sensitivity of the information that has been collected, the amount, distribution, and format of the information, and the method of storage. More sensitive information should be safeguarded by a higher level of protection.
The methods of protection should include:
- Physical measures, for example, locked filing cabinets and restricted access to offices.
- Organizational measures, for example, security clearances and limiting access on a “need-to-know” basis.
- Technological measures, for example, the use of passwords and encryption.
McDermott + Bull employees are aware of the importance of maintaining the confidentiality of personal information. Care will be used in the disposal or destruction of personal information, to prevent unauthorized parties from gaining access to the information.
Principle 8 – Openness
Principle 9 – Individual Access
Principle 10 – Challenging Compliance
McDermott + Bull maintains procedures for addressing and responding to all inquiries or complaints from its users about McDermott + Bull’s handling of personal information. We will inform individuals who make inquiries or lodge complaints of the existence of relevant complaint procedures. Our Privacy Officer and employees working at the Officer’s direction may seek external advice where appropriate before providing a final response to individual complaints. McDermott + Bull shall investigate all complaints. If a complaint is found to be justified, we will take appropriate measures, including, if necessary, amending our policies and procedures.
If you have any inquiries or complaints regarding the compliance with the above principles, please contact our Privacy Officer by clicking here.
If, at any time, you have questions or concerns about McDermott + Bull’s PIPEDA commitment, please click here to contact our Privacy Officer.
For more information regarding PIPEDA, please click here.