In order to provide our clients with the products and services they require and to ensure that we make informed underwriting and claims decisions, it is necessary that we obtain information about our clients and/or their businesses. The information with which we are entrusted is often of a personal nature. Our clients have the right to expect that any personal information they provide to us or that we obtain from other sources in order to make underwriting or business decisions will be kept in confidence and that access to that information will be restricted to those having a legitimate need to review or use that information.
As of January 1, 2004, the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) applies to the operations of insurance companies in Canada. PIPEDA sets out in law the rights of the consumer and details the duties and responsibilities of companies that collect information of a personal nature. A number of provinces have since enacted similar legislation. Trisura Guarantee Insurance Company (“Trisura”) intends to fully comply with all aspects of PIPEDA and applicable provincial legislation.
Personal information that we collect may include name, address, contact information, marital status, work history, assets, liabilities, income, banking records, health records, claims history and other information of a personal nature relating to an individual. The type of information we collect is dependent on the type of product the individual requires from us. We will limit the personal information we collect to that necessary for us to make informed underwriting and business decisions.
HOW WE COLLECT PERSONAL INFORMATION
We may obtain personal information directly from the client and/or through insurance brokers, other insurers, banks, credit bureaus, applications, transactions, consumer reports or by other legitimate means.
HOW WE USE PERSONAL INFORMATION
We use personal information to make underwriting and business decisions, to compile statistics, to communicate with our clients and to investigate and pay claims. We will explain to the client why we require personal information and will restrict our use of this information to the purposes identified.
PROTECTION OF PERSONAL INFORMATION
Trisura will take all necessary and reasonable precautions to protect the information provided to us by our clients. Trisura uses a number of manual and electronic controls to protect personal information that has been entrusted to us. These controls include restricted access to our premises, user authentication, encryption, firewall technology and the use of detection software. Trisura only allows access to an individual’s personal information to those employees who require it in their work. Employees who have access to personal information are made aware of the responsibility they have for protecting that information and are required to make proper use of the manual and electronic controls available to them. Our employees are subject to disciplinary procedures for the unauthorized use or disclosure of an individual’s personal information.
DISCLOSURE OF PERSONAL INFORMATION
From time to time in the normal course of business, it is necessary for Trisura to provide an individual’s personal information to a third party such as, but not limited to, a broker, reinsurer, legal counsel, regulator, adjustor, repairer or administrator. Trisura advises each third party to whom it provides personal information that Trisura expects the party to comply with Canada’s privacy laws and to also take steps to protect that information. Information on third parties is available from the Chief Privacy Officer. We will only disclose an individual’s personal information with the individual’s consent, except in situations where to do so would cause undue delay in providing requested services or where Trisura is legally required to disclose such information.
RETENTION OF PERSONAL INFORMATION
Trisura will retain an individual’s personal information for as long as is necessary to fulfill the purposes for which it was collected or as required by law. Disposal of any personal information no longer required will be done in a safe and complete manner. Accessing Your Personal Information An individual has the right to be allowed access to his or her personal information, subject to any legal restrictions. For example, if to allow access would reveal any personal information about a third party then access may be limited or denied. If there are reasons why access is denied, the individual requesting access will be advised in writing. Should an individual demonstrate that any information held is inaccurate or incomplete, Trisura will make the appropriate changes to such information.
In the unlikely event that Trisura experiences an incident involving the loss of or unauthorized access to or disclosure of personal information where a reasonable person would consider that there exists a real risk of significant harm to an individual as a result, Trisura will comply in all respects with the applicable provisions of federal and provincial privacy laws with regard to privacy breach notification, and will take all necessary steps to reduce the risk of harm to the affected individual as a result of the breach.
Requests for further information, access to personal information or complaints about Trisura’s handling of personal information should be directed to Trisura’s Chief Privacy Officer, as follows:
Senior Vice President & General Counsel and Chief Privacy Officer
Trisura Guarantee Insurance Company
333 Bay Street, Suite 1610
Toronto, Ontario M5H 2R2
Phone: (416) 607-2127
Fax: (416) 214-9597