The purpose of this policy is to ensure that the Canadian Light Source Inc. (“CLSI”) complies with obligations pursuant to relevant legislation and best practices related to the collection, use, disclosure, protection and retention of personal information.
Use of Personal Information. CLSI shall only use personal information for the purpose(s) it was obtained or compiled, for a purpose permitted, authorized or required by relevant legislation or for any other purpose provided that explicit consent for such use has been provided by the individual to whom the personal information relates.
Protection of Privacy. In order to successfully operate, it is necessary that CLSI collect, create, and maintain personal information about applicants, staff, CLSI Board of Directors members, users, and other individuals. In accordance with this Policy and relevant legislation, CLSI shall take reasonable measures to protect such personal information. CLSI shall implement strong physical, administrative and technological safeguards to protect any personal information in its possession or under its control. Access to personal information within CLSI will be limited to those who have a legitimate need for such access in the performance of their job duties.
Access to Information. CLSI shall act in an accountable and open manner when receiving and responding to requests for access to information. Requests shall be reviewed in terms of CLSI’s best practices and legislative obligations.
Breach. CLSI shall investigate, evaluate and assess any breach, or suspected breach, of protected information and, where necessary, it will notify affected individuals and report such breach to the Privacy Commissioner, pursuant to the applicable legislation.
Accuracy. CLSI will make reasonable efforts to ensure that all personal information in its possession or under its control is as complete and accurate as is required for the purpose(s) for which it was collected.
Subject to any exemptions or restrictions set out in applicable legislation, or in any other enactment of the Government of Canada or the Province of Saskatchewan, individuals shall have the right to access personal information about themselves which is in the possession or under the control of CLSI. A formal Freedom of Information request may not be required where individuals are seeking access to personal information about themselves.
In the event that any of the personal information in the possession or under the control of CLSI is incorrect, incomplete or otherwise inaccurate, the individual to whom that personal information relates has the right to request that it be amended or corrected. When such corrections have been requested, CLSI will review and confirm the corrections and, provided that it is satisfied that a correction is warranted, CLSI will make the correction as soon as reasonably possible.
Disclosure. CLSI will only disclose personal information to third parties or allow it to be made public:
- for the purpose(s) for which it was obtained or compiled, or for a use consistent with that purpose;
- for a purpose permitted, authorized or required by law;
- for a purpose which is expressly authorized or required by an enactment of the Government of Canada or the Province of Saskatchewan; or
- for any other purpose provided that the explicit consent for the disclosure has been provided by the individual to whom the personal information relates, or by someone duly authorized to provide such consent on behalf of that individual.
Personal information that is deemed by CLSI to be of historical value will be retained on a permanent basis. Such information will be disclosed only in accordance with applicable law.
Once Personal information is no longer needed for administrative, regulatory, legal or historical reasons, it will be destroyed pursuant to CLSI applicable procedures.
This Policy applies to all individuals who have personal or proprietary data that is collected and or stored by CLSI, in any format, which includes, staff, CLSI Board of Directors members, users, contractors, and clients.
The Chief Financial Officer or their designate shall act as the CLSI Access and Privacy Officer and is responsible for compliance with legislation, assessing and responding to requests for personal information, and assessing and managing any privacy breach.
Each CLSI Department Manager and / or Lead shall be responsible for those under its direction to ensure compliance with this Policy and related CLSI Procedure documents.
- storing personal information in locations which are not generally accessible to all employees and / or the general public;
- securing the rooms and / or filing cabinets containing personal information during those times when an authorized CLSI staff member in not present;
- restricting access to personal information to only those CLSI staff that have a need to know;
- securing personal information and access to such personal information that is stored electronically; and,
- not disclosing personal information or fulfilling requests for personal information without strict assessment of such request and only to the extent required by relevant legislation.
CLSI complies with The Personal Information Protection of Privacy Act, S.C. 2000, c.5 (PIPEDA).