About Wawanesa

Personal Information Protection Policy - Full Text

Introduction & Personal Information Protection Policy Design

Wawanesa Life (the “Company”) is concerned about the protection of Personal Information of its Customers. The Company has developed this policy to provide information regarding the Company’s approach to the management and control of Personal Information collected in the course of its business.

This Personal Information Protection Policy (the “Policy”) addresses two broad issues:
1. the way in which the Company collects, uses, discloses and protects Personal Information
2. the right of Customers to have access to Personal Information about themselves and, if necessary, to correct the information.

This Policy is designed to meet or exceed the requirements as outlined in the Personal Information Protection and Electronic Documents Act of Canada. The foundation of the Policy is the CAN/CSA Q830-96 Model Code for Protection of Personal Information (the “CSA Model Code”) developed by the Canadian Standards Association. The CSA Model Code contains ten interrelated principles. This Policy has been prepared following those ten principles. Each section of the Policy is based on one of the CSA Model Code principles. The text of the principle is included in each section and is followed by commentary. The commentaries are intended to help Customers of the Company understand the significance and the implications of the principles. Where there is also a "NOTE" following a principle (see sections 3 and 9), it forms an integral part of the principle.

Definitions

The following definitions apply in this Policy:

"Collection" - the act of gathering, acquiring or obtaining Personal Information from any source, including from third parties, by any means. Personal Information necessary to carry on the business of the Company may be collected by the Company, agents, brokers or their authorized agents.

"Consent" - voluntary agreement with what is being done or proposed. Consent can be either express or implied. Express consent is given explicitly, either orally or in writing. Express consent is unequivocal and does not require any inference on the part of the Company. Implied consent arises where consent may reasonably be inferred from the action or inaction of the Customer. See commentary in Principle Three.

"Customer" - individuals about whom the Company collects Personal Information in order to carry out the requirements of its business. This includes individuals who are insureds, former insureds, applicants, claimants, individuals involved in a claim, individuals insured as part of a group or corporate policy, and mortgagors who have made a mortgage to the Company. “Customer” does not include commercial and corporate entities, or individuals carrying on business in sole proprietorships, in partnerships or in other associations.

"Disclosure" - making Personal Information available to others outside the Company.

"Personal Information" - information about an identifiable Customer that is recorded in any form. It may include name, address, telephone number, date of birth, family status, marital status, occupation, medical and health records, whether or not insurance was previously extended or refused to the individual, assets, liabilities, income, credit rating, whether or not credit was extended or refused to the individual, credit and payment records of the individual, an individual's previous insurance experience including claims history, and an individual's driving record.

"Use" - treatment and handling of Personal Information within the Company.

Principles

1. PRINCIPLE ONE: ACCOUNTABILITY
Wawanesa Life is responsible for Personal Information under its control and designates an individual or individuals who are accountable for the Company’s compliance with the following principles.

1.1	Accountability for Wawanesa Life’s compliance with this policy rests with the designated individual(s) even though other individuals within the Company may be responsible for the day-to-day collection and processing of Personal Information. In addition, other individuals within the Company may be delegated to act on behalf of the designated individual(s).
1.2	The identity of the individuals designated to oversee the Company’s compliance with the principles shall be available upon request to the Secretary.
1.3	Wawanesa Life is responsible for Personal Information in its possession or custody, including information that has been transferred to a third party for processing. The Company will use contractual or other means to provide a comparable level of protection while the information is being processed by a third party.
1.4	Wawanesa Life shall implement policies and practices to give effect to the principles, including: a) implementing procedures to protect Personal Information; b) establishing procedures to receive and respond to complaints and inquiries; c) training staff and communicating to staff information about the Company’s policies and practices; and d) developing information to explain the Company’s policies and procedures.

2. PRINCIPLE TWO: IDENTIFYING PURPOSES
The purposes for which Personal Information is collected shall be identified by the Company before or at the time the information is collected.

2.1	Wawanesa Life will collect Personal Information only for the purposes of: a) establishing and maintaining communications with Customers; b) underwriting risks on a prudent basis; c) investigating and paying claims; d) detecting and preventing fraud; e) offering and providing products and services to meet Customer needs; f) compiling statistics; g) complying with the law; and h) a business or activity which it may undertake under applicable federal, provincial or territorial legislation.
2.2	Wawanesa Life understands that the information it needs to collect to fulfill the purposes referred to in 2.1 requires the Company or its designates to collect only that information necessary for the identified purposes.
2.3	The identified purposes will be communicated to Customers orally or in writing, as for example, on an application form or through pamphlets or other suitable media.
2.4	When Personal Information that has been collected is to be used for a purpose not previously identified, the new purpose shall be identified before use. Unless the new purpose is required by law, the consent of the Customer is required before information can be used for that purpose.
2.5	Persons collecting Personal Information on behalf of the Company will be able to explain to Customers the purposes for which the information is being collected.

3. PRINCIPLE THREE: CONSENT
The knowledge and consent of the Customer are required for the collection, use, or disclosure of Personal Information, except where inappropriate.

NOTE: In certain circumstances Personal Information can be collected, used or disclosed without the knowledge and consent of the Customer. For example, legal, medical or security reasons may make it impossible or impractical to seek consent. When information is being collected for the detection and prevention of fraud or for law enforcement, seeking the consent of the Customer might defeat the purpose of collecting the information. Seeking consent may be impossible or inappropriate when the Customer is a minor, seriously ill, or mentally incapacitated. In addition, where there is no direct relationship with the Customer, the Company may not always be able to seek consent.
3.1	The life insurance business has the following unique features which make express consent impossible to obtain in some circumstances: a) Some group insurance policies may be administered by parties other than Wawanesa Life. For example, the employer or a third party administrator may provide plan administration including the collection of all Personal Information necessary to administer the plan. In this situation, the Company does not have direct relationships with the Customers and therefore is not able to obtain express consent from the Customers. b) Customers may voluntarily provide Personal Information to the Company updating information previously provided. If express consent for the use of this information is not provided, consent will be implied if express consent was provided at the time of provision of the original information. Given these constraints, it is reasonable for the Company to infer that by dealing with them on insurance related matters, Customers have given implied consent for the collection, use or disclosure of Personal Information necessary for the identified purposes (see Section 2.1).
3.2	Consent is required for the collection of Personal Information and the subsequent use or disclosure of this information. In certain circumstances, consent with respect to use or disclosure may be sought after the information has been collected but before use (for example, when the Company wants to use information for a purpose not previously identified).
3.3	The principle requires "knowledge and consent". Wawanesa Life will make a reasonable effort to ensure that the Customer is advised of the purposes for which the information will be used. The purposes shall be stated in a manner that can be reasonably understood by the Customer.
3.4	Wawanesa Life will not, as a condition of the supply of a product or service, require a Customer to consent to the collection, use or disclosure of information beyond that required to fulfill the specified, explicit and legitimate purposes. The Company will explain to the Customer the information requirements that are related to the product or service. In so doing, the Company has provided a specified, explicit and legitimate purpose. The Company may refuse to deal with a Customer who will not consent to the collection, use and disclosure of the information for the specified, explicit and legitimate purpose. For example, life insurers provide insurance at specified rates and on certain terms and conditions based on, among other things, analysis of an individual's Personal Information, including date of birth, health and existing insurance. If this information is not obtained, the life insurer cannot determine the basis for insurance coverage and, therefore, cannot provide insurance to the Customer. Consent shall not be obtained through deception.
3.5	There are certain types of information where the express written consent of the Customer will be obtained for the collection, use or disclosure of Personal Information. For example, medical or hospital records, employment records or income tax returns.
3.6	A Customer can reasonably expect that the Company will use Personal Information in making its decisions on the Customer's insurability and in assessing the Customer's claim.
3.7	Consent can be given by an authorized representative (such as, person having a power of attorney, or legal guardian). Consent can also be given by an individual on behalf of another individual. For example, where an individual applies for life or health insurance for himself and family members, the applicant is giving consent for the collection, use and disclosure of Personal Information both for himself and his family members even though the family members are not present during the application process. A similar situation arises where an employer, on behalf of its employees, applies for a group life and health insurance policy which provides insurance benefits to the employees. The employer is giving consent for the collection, use and disclosure of Personal Information for the employees even though the employees are not present during the application process.
3.8	Where the Company seeks express consent, it can be given in many ways. For example: a) An application form may be used to seek consent, collect information and inform the Customer of the use that will be made of the information. By completing and signing the form, the Customer is giving consent to the collection and the specified uses. b) A check-off box may be used to allow Customers to request that their names and addresses not be given to other organizations for marketing purposes. Customers who do not check the box are assumed to consent to the transfer of this information to third parties. c) Consent may be given orally when information is collected over the telephone. d) Consent may be given by agreement, or action on the part of the Customer, to use, acquire or accept a product or service.
3.9	Consent is valid for the length of time needed to achieve the identified purposes. The Customer may withdraw consent on reasonable notice, subject to legal or contractual restrictions and the requirement that the Company maintain the integrity of the statistics and data necessary to carry on its business. The Company will inform the Customer of the implications of such withdrawal.

4. PRINCIPLE FOUR: LIMITING COLLECTION
The collection of Personal Information shall be limited to that which is necessary for the purposes identified by the Company. Information shall be collected by fair and lawful means.

4.1	Wawanesa Life will not collect Personal Information indiscriminately. Both the amount and the type of information collected will be limited to that which is necessary to fulfil the purposes identified. The Company obtains Personal Information primarily from insurance Customers, but also from others including other life insurers, brokers, and underwriting or claims information networks.
4.2	Wawanesa Life will not obtain consent with respect to collection through deception. The Company will not mislead or deceive individuals about the purposes for which information is being collected.

5. PRINCIPLE FIVE: LIMITING USE, DISCLOSURE AND RETENTION
Personal Information shall not be used or disclosed for purposes other than those for which the information was collected, except with the consent of the Customer or as required by law. Personal Information shall be retained only as long as necessary for the fulfillment of those purposes.

5.1	There are situations specific to the life insurance business where Wawanesa Life may provide Personal Information as dictated by prudent insurance practices. For example: a) Risk-Sharing: As part of the underwriting and claims handling process, the Company may transfer Personal Information to other insurance companies including reinsurance companies which share in the risk. This would include situations where the Customer has made a fraudulent application for or renewal of a policy of insurance. b) Information Services: The Company may provide Personal Information for underwriting, claims, classification and rating purposes. c) Insurance Services: The Company may provide Personal Information to businesses that provide goods and services to insurance companies and/or their Customers, such as; paramedical, inspection and investigative firms; medical, psychiatric and dental consultants; the Medical Information Bureau; rehabilitation specialists; lawyers; data processors; claims examiners; and motor vehicle driving records. d) Insurance Intermediaries: The Company may provide Personal Information to their insurance intermediaries, such as brokers and agents, to provide service to Customers. Only the information necessary for these services will be provided by the Company to these service providers.
5.2	If the Company begins using Personal Information for a new purpose, the purpose must be documented.
5.3	The Company will develop guidelines and implement procedures with respect to the retention of Personal Information. These guidelines will include minimum and maximum retention periods. Personal Information that has been used to make a decision about a Customer shall be retained long enough to allow the Customer access to the information after the decision has been made. Life insurers may be subject to legislative requirements with respect to retention periods.
5.4	Personal Information that is no longer required to fulfil the identified purposes will be destroyed, erased or made anonymous. The Company will develop guidelines and implement procedures to govern the destruction of Personal Information.

6. PRINCIPLE SIX: ACCURACY
Personal Information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.

6.1	The extent to which Personal Information shall be accurate, complete and up-to-date will depend upon the use of the information, taking into account the interests of the Customer. Information shall be sufficiently accurate, complete and up-to-date, to minimize the possibility that inappropriate information may be used to make a decision about the Customer.
6.2	The Company will not routinely up-date Personal Information unless this is necessary to fulfil the purposes for which it was collected.
6.3	Personal Information that is used on an on-going basis, including information that is disclosed to third parties, will be accurate and up-to-date, unless limits to the requirement for accuracy are clearly set out.

7. PRINCIPLE SEVEN: SAFEGUARDS
Personal Information shall be protected by security safeguards appropriate to the sensitivity of the information.

7.1	The security safeguards must protect Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. The Company will protect Personal Information regardless of the format in which it is held.
7.2	The nature of the safeguards will vary depending on the sensitivity of the information that has been collected, the amount, distribution and format of the information and the method of storage. More sensitive information will be safeguarded by a higher level of protection.
7.3	The methods of protection will include: a) physical measures, such as locked filing cabinets and restricted access to offices; b) organizational measures, such as security clearances and limiting access on a "need to know" basis; and c) technological measures, such as the use of passwords and encryption.
7.4	Wawanesa Life will make its employees aware of the importance of maintaining the confidentiality of Personal Information.
7.5	Care shall be used in the disposal or destruction of Personal Information to prevent unauthorized parties from gaining access to the information.

 

8. PRINCIPLE EIGHT: OPENNESS
The Company shall make readily available to Customers specific information about its policies and practices relating to the management of Personal Information.

8.1	Wawanesa Life will be open about its policies and practices with respect to the management of Personal Information. A Customer will be able to acquire information about the Company’s policies and practices without unreasonable effort. This information shall be made available in a form that is generally understandable.
8.2	The information made available shall include: a) the title, address and telephone number of the person who is accountable for the Company’s policies and practices and to whom complaints or inquiries can be forwarded; b) the means of gaining access to Personal Information held by the Company; c) a description of the type of Personal Information held by the Company, including a general account of its use; d) a copy of any brochures or other information explaining the Company’s policies, standards or codes; and e) what Personal Information is made available to related organizations, such as subsidiaries.
8.3	Wawanesa Life may make information on its policies and practices available in a variety of ways. The method chosen will depend on the nature of the business and other considerations. For example, the Company may choose to make brochures available in its place of business, mail information to its Customers, provide on-line access, or establish a toll-free telephone number.

9. PRINCIPLE NINE: CUSTOMER ACCESS
Upon request, a Customer shall be informed of the existence, use, and disclosure of his or her Personal Information and shall be given access to that information. A Customer shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

NOTE: In certain situations, the Company may not be able to provide access to all the Personal Information it holds about a Customer. Exceptions to the access requirement will be limited and specific. The reasons for denying access will be provided to the Customer upon request. Exceptions may include prohibitive cost, Personal Information that contains references to other individuals, information that cannot be disclosed for legal, security or commercial proprietary reasons, and information that is subject to solicitor-client or litigation privilege.
9.1	Upon request, the Company will inform a Customer whether or not the Company holds Personal Information about the Customer. The Company may indicate the source of this information. The Company will allow the Customer access to this information. However, the Company may choose to make sensitive medical information available through a medical practitioner. In addition, the Company will provide an account of the use that has been made or is being made of this information and an account of the third parties to which it has been disclosed. If such a request is denied, the Customer will have the right to be given reasons for the denial, and information on how to challenge such denial including: a) an invitation to the Customer to send a letter to the Company President requesting reconsideration of such denial; b) a commitment by the Company to open promptly a dialogue with the Customer; and c) a commitment by the Company to participate in an independent mediation process should the parties be unable to resolve the dispute.
9.2	A Customer may be required to provide sufficient information to permit the Company to provide an account of the existence, use, and disclosure of Personal Information. The information provided shall only be used for this purpose.
9.3	In providing an account of third parties to which the Company has disclosed Personal Information about a Customer, the Company will attempt to be as specific as possible. When it is not possible to provide a list of the organizations to which it has actually disclosed information about a Customer, the Company will provide a list of organizations to which it may have disclosed information about the Customer.
9.4	The Company will respond to a Customer's reasonable request within a reasonable time and at minimal or no cost to the Customer. The requested information shall be provided or made available in a form that is generally understandable.
9.5	When a Customer successfully demonstrates the inaccuracy or incompleteness of Personal Information, the Company will amend the information as required. Depending upon the nature of the information challenged, amendment could involve the correction, deletion or addition of information. Where appropriate, the amended information shall be transmitted to third parties having access to the information in question.
9.6	When a challenge is not resolved to the satisfaction of the Customer, the substance of the unresolved challenge will be recorded by the Company. When appropriate, the existence of the unresolved challenge will be transmitted to third parties having access to the information in question.

10. PRINCIPLE TEN: CHALLENGING COMPLIANCE
A Customer shall be able to challenge compliance with this policy with the person who is accountable within the Company.

10.1	The individual accountable for the Company’s compliance is discussed in Principle One.
10.2	The Company will put procedures in place to receive and respond to complaints or inquiries about its policies and practices relating to the handling of Personal Information. The complaint process will be easily accessible and simple to use.
10.3	The Company will inform Customers who make inquiries or lodge complaints of the existence of relevant complaint mechanisms. A range of these mechanisms may exist. For example, some regulatory bodies accept complaints about the personal information handling practices of the companies they regulate.
10.4	The Company will investigate all complaints. If a complaint is found to be justified through either the internal or external complaint review process, the Company will take appropriate measures, including amending its policies and practices if necessary.
10.5	Customers of the Company who are dissatisfied with the manner in which their complaints have been handled may contact the appropriate pubic official designated in relevant provincial legislation, or if none, Privacy Commissioner of Canada.

Back to Top

Copyright 1996-2008 Wawanesa Insurance

Privacy Pledge | Sitemap | Terms & Conditions