2.3 - The Impact of Privacy Laws in Insurance Flashcards
PIPEDA
> Personal Information Protection and Electronic Documents Act
-a Federal statute that governs the collection and use of personal information. It states that personal information to be collected must be relevant, and that all information that has been collected, is being collected, or will be collected must be held in the strictest of confidence
-the Provinces have enacted their own distinct privacy legislation or may differentiate the guidelines for specific types of information
What happens when privacy law has been breached
Each Province and Territory in Canada has a commissioner or ombudsman who oversees the provincial legislation.
-if there is an allegation that privacy law has been breached, the office of the commissioner or ombudsman investigates the complaints
-if an organization unlawfully discloses personal information, the affected parties may seek damages
What is Personal Information
> PIPEDA definition - information about an identifiable individual
> Privacy Act definition:
(a) information relating to the race, national or ethnic origin, colour, religion, age, or marital status of the individual
AND
(b) information relating to the education of the medical, criminal or employment history of the individual or information relating to financial transactions in which the individual has been involved
Along with seven other elements (4 other elements?)
Insurers must answer the following 9 questions for their insureds about their personal information
- What personal information is collected
- Why is it collected
- How is it collected
- What is it used for
- Where is it kept
- How is it secured
- Who has access to or uses it
- To whom is it disclosed
- When is it disposed of
Policy Privacy Statement
-included as part of the application process
-additional privacy statement is written into the contract
-all insurers operating in Canada must develop, document, and implement policies and procedures to protect the information collected
-regular review of these procedures must be undertaken, and identified issues must be immediately addressed
-insureds can request information that has been collected, but the identity of the person requesting information must be verified, as well as their entitlement to the info requested. Therefore, inquiries should be directed to the insurer’s designated privacy officer
-in the event of a complaint under the Privacy Act, the designated privacy officer will investigate and generally must respond in writing within 30 days
Other Privacy Laws
Each Province and territory in Canada has its own privacy legislation to regulate matters that do not fall under federal jurisdiction.
Common Acts:
- Freedom of Information and Protection of Privacy Act (FOIPPA)
> applies to all provinces except Quebec and the territories, although each province has its own act
> regulates public bodies such as provincial government depts., municipalities, universities, school boards, and Crown Corps., and professional regulatory bodies such as the Law Society and the College of Physicians and Surgeons - Personal Information Protection Act (PIPA)
> governs private-sector organizations int he course of commercial business activities
contains specific provisions regarding the collection and use of electronic data
- Access to Information and Protection of Privacy Act
> applies to Yukon, the Northwest Territories, and Nunavut
> relates to information held by public bodies and the Department of Justice - Act Respecting Access to Documents Held by Public Bodies and the Protection of Personal Information
> specific to Quebec
> includes information held by public bodies, including municipalities and other government agencies, schools, and health and social services institutions and in files held by the public curator
