Effective January 1, 2004 the Personal Information Protection and Electronic Documents Act (PIPEDA) came in force. This legislation sets out the rights of the consumer and duties of Canadian businesses to protect personal information. 

 Key Insurance Services is committed to protecting the privacy of personal information for an individual. The purpose of this Act is to make all public bodies, including financial service institutions, more accountable to the public in the way they collect, use and dispose of information.

Key Insurance Services collects, creates and maintains information for the purposes of issuing, underwriting, and servicing insurance policies.

The purpose of this document is to inform the public, staff, business partners and policyholders about the legislation and to answer general questions concerning how the Act will affect the collection, use, disclosure and protection of information at Key Insurance Services.

We are committed to respecting the privacy rights of individuals by ensuring that their personal information is collected, used, and disclosed in an appropriate manner.

We will use reasonable means to ensure that personal information is given a level of protection while being processed by a third party. Common purposes for collection include:

• Enabling the Broker or Agent to issue a new or renew an insurance policy;
• Enabling the Broker or Agent to make changes on current policies;
• Assisting customers with claims;
• Assisting a 3rd party dealing with our customers’ claims;
• Personal information on our employees for the purposes of employment (address, telephone, etc.)

We may obtain express consent for the collection, use, or disclosure of personal information OR we may determine that consent has been implied by the circumstances. Express consent is specific authorization given to us by the customers, either orally or in writing. Implied consent is one in which we have not received oral or written authorization from our customers, staff or business partners, but the circumstances allow us to collect, use, or disclose the personal information. Consent may be withdrawn at any time, however, we would require such withdrawal to be in writing. There are circumstances wherein we are not required to obtain an individual's consent or explain the purpose for collection, use or disclosure of their personal information:

• We may collect personal information without consent where it is in the individual's interest and timely consent is unavailable, or to investigate a breach of an agreement or a contravention of a law;
• In an emergency situation where an individual's life, health or security is threatened;
• We may disclose personal information without consent for law enforcement, national security, debt collection, to a lawyer representing our company or in an emergency position (see above).

We will only use or disclose personal information for legitimate purposes. We will retain the personal information only as long as necessary for the fulfillment of why we collected the information initially. Insured's who have a claim will have their personal information retained on our software system indefinitely. Insured's personal information in a hard copy claims file will be stored in an off-site, secure facility for seven years and will then be destroyed. We will also protect the personal information, regardless of the format, against loss, theft, unauthorized access, disclosure, copying, use, or modification. When we transfer client information to a third party, we will mask any information that is not needed by the third party. Our methods include:

• Alarm system with motion detectors and security cameras.
• Steel gates across the doors.
• All computer-based data is protected by passwords, encryption and firewalls
• All computer-based data is regularly backed-up and stored off-site.
• All closed files are stored in a secure off-site facility. Those records are destroyed 7 years after their closed date. All paper documentation is placed in recycling bins (either shredded or not).
• We ensure all our employees accept the need to protect our customers’ personal information - which is noted in our Employee Handbook.
• Any discussion about a customer’s personal information must be limited to those who need to know and where others will not hear, including the public.
• We provide access to personal information only to employees whom we have determined need to know to provide requested products or services.
• Files are kept in cabinets, in one area, away from entrance to office. Lapsed files go to storage and are destroyed after a certain period of time.
• Employees are assigned individual user names and passwords. Personal information is not left displayed on their computer screens or desktops in their absence.
• We send only information to a third party which is necessary to provide insurance, and then only on the basis that they will maintain the confidentiality of the information.
• We have firewalls in our computer system to prevent hackers and others from obtaining our customers’ personal information, which is updated as required. Employees have access only to their own directory.

 Upon written request, an individual will be informed as to whether or not we hold personal information about him/her. If we do hold such information, we will provide access to that information and how we use it to that individual. We will respond to all written requests within 30 days (unless we explain we need a longer period). We may refuse the request and, in that regard, our refusal will be explained in writing. We will not be providing access to information to an individual if that personal information reveals information about someone else, someone's life or security might be threatened, the information was collected without consent for the purposes of an investigation of a breach of an agreement or contravention of the law. Our Privacy Officer will keep a Privacy Log in which each request or complaint is logged as to name, time, date, request or complaint, Key Insurance’s answer or resolution.


Office of the Privacy Commissioner: http://www.privcom.gc.ca
The Personal Information Protection and Electronic Documents Act http://www.privcom.gc.ca/legislation/02_06_07_e.asp
BILL C-6 http://www.parl.gc.ca/HousePublications/Publication.aspx?Pub=Bill&Doc=C-6_4&Language=&Mode=1&Parl=36&Ses=2
Frequently Asked Questions http://www.privcom.gc.ca/faq/index_e.asp
A Guide for Individuals http://www.privcom.gc.ca/information/02_05_d_08_e.asp