Milton Hydro Distribution Inc. (“Milton Hydro”) is committed to maintaining the accuracy, confidentiality, security and privacy of customer personal information.
In March 1996, the new Canadian Standards Association Model Code for the Protection of Personal Information, CAN/CSA-Q830-96 (the “CSA Code”), was published as a National Standard of Canada. Milton Hydro subscribes to the principles of the CSA Code. Furthermore, in light of the requirements of the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and any other applicable provincial legislation (collectively the “Privacy Legislation”), Milton Hydro has created certain documents and procedures, including this Policy, as may be updated from time to time.
SUMMARY OF PRINCIPLES
Ten internationally accepted principles lie at the core of organizational responsibilities for safeguarding personal information. These are:
- Accountability: An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with privacy principles.
- Identifying Purposes: The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
- Consent: The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
- Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
- Limiting Use, Disclosure, and Retention: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information must be retained only as long as necessary for the fulfillment of those purposes.
- Accuracy: Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
- Safeguards: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
- Openness: An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
- Individual Access: Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
- Challenging Compliance: An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization’s compliance.
SUMMARY OF PRINCIPLES
Distinctions among Privacy, Security and Confidentiality:
- Collection – the act of gathering, acquiring, recording or obtaining personal information from any source, including third parties, by any means.
- Consent – voluntary agreement of an individual to the collection, use and disclosure of personal information for defined purposes. Consent can be either express or implied and can be provided directly by the individual or through an authorized representative of the individual. Express consent can be given orally, electronically or in writing but is always unequivocal and does not require any inference on the part of Milton Hydro. Implied consent is consent that can reasonably be inferred from an individual’s action or inaction.
- Customer – an individual who uses or applies to use the services of Milton Hydro.
- Disclosure – making personal information available to a third party.
- Personal Information – information about an identifiable individual. For a customer, personal information includes a customer’s name, address, telephone number, e-mail address, credit information, billing records, service and equipment, and any recorded complaints.
- Third party – an individual other than the customer or his agent, or an organization other than Milton Hydro.
- Use – the treatment, handling, and management of personal information by Milton Hydro.
Privacy relates to people, process and accountability. It gives individuals control over their personal information and allows them to grant permission to an organization for the collection, use, disclosure and retention of that information.
Security is the essential component for preventing the inadvertent release of personal information. Security also relates to the availability and integrity of personal information.
Confidentiality addresses the disclosure of personal information.
PRINCIPLE 1 – ACCOUNTABILITY
Milton Hydro is accountable for all personal information in its possession or control and shall designate one or more persons who will be responsible for the Company’s compliance with the following principles:
- 1.1 - The President and CEO of Milton Hydro has ultimate responsibility for the protection of personal information of customers. The President and CEO may delegate the day-today operational privacy responsibilities to another individual. All staff share responsibility for adhering to Milton Hydro’s privacy policies and procedures.
- Corporate Privacy Officer
- 8069 Lawson Road
- Milton, Ontario, L9C 5C4
- 1.3 - Milton Hydro is responsible for personal information in their possession or control, including any personal information that has been transferred to a third party for processing. Milton Hydro will use contractual or other means to provide a comparable level of protection of personal information while such information is being processed by a third party.
PRINCIPLE 2 – IDENTIFYING PURPOSES
Identifying the purposes for which personal information is collected at or before the time of collection allows Milton Hydro to determine the information needed to fulfill these purposes.
- 1.1 - Milton Hydro collects personal information only for the following purposes:
- ) to establish and maintain responsible commercial relationships with customers and to provide ongoing service; and
- ) to meet all of its legal and regulatory requirements.
- 2.2 - Milton Hydro shall specify, either orally, in writing or electronically, all identified purposes for the collection, use and disclosure of personal information to the customer at the time such personal information is collected.
- 2.3 - Those responsible for collecting personal information should be able to explain to individuals the purposes for which the information is being collected. In certain circumstances, the customer may be referred to a designated person within Milton Hydro who can explain those purposes in greater detail.
- 2.4 - Unless required by law, Milton Hydro shall not use or disclose, for any new purpose, personal information that has already been collected without first identifying and documenting the new purpose and obtaining the consent of the customer.
PRINCIPLE 3 – CONSENT
The knowledge and consent of a customer are required for the collection, use or disclosure of personal information, except where inappropriate.
- 3.1 - In certain circumstances, personal information may be collected, used or disclosed without the knowledge and consent of the individual. For example, some legal, medical or security reasons may make it impossible or impractical to seek consent.
- Milton Hydro may collect, use or disclose personal information without an individual’s knowledge or consent only in limited circumstances as permitted by law.
- Milton Hydro may use or disclose personal information without the individual’s knowledge or consent if it is clearly in the individual’s best interests to do so and consent cannot be sought in a timely manner. An example of such circumstances is in the case of an emergency where the life, health or security of an individual is threatened.
- 3.2 - This principle requires “knowledge and consent” of an individual for the collection, use or disclosure of their personal information. In obtaining consent, Milton Hydro shall use reasonable efforts to ensure that a customer is advised of all the identified purposes for which personal information will be used or disclosed. These purposes shall be stated in a manner that can be reasonably understood by the customer.
- 3.3 - Generally, Milton Hydro shall seek an individual’s consent for use and disclosure of personal information before or when it collects, uses or discloses personal information. In certain circumstances, Milton Hydro may seek an individual’s consent to use and disclose personal information after it has been collected but before it is used or disclosed for a purpose not previously identified.
- 3.4 - Milton Hydro may require customers to consent to the collection, use or disclosure of certain personal information in order to provide the individual with electricity services.
- 3.5 - In determining an appropriate form of consent, Milton Hydro shall take into account the sensitivity of the personal information and also the reasonable expectations of its customers with respect to the protection, collection, use and disclosure of their personal information.
- 3.6 - A customer may refuse or withdraw consent at any time, subject to legal or contractual restrictions, and reasonable notice. Customers may contact Milton Hydro for more information regarding the withdrawal of consent and any implications of such withdrawal.
PRINCIPLE 4 – LIMITING COLLECTION
Milton Hydro shall limit the amount and type of personal information it collects to that which is necessary for the purposes identified by the company. Milton Hydro shall collect personal information using procedures which are fair and lawful.
- 4.1 - Milton Hydro shall collect only the amount and type of information needed for the purposes documented by Milton Hydro and identified to the individual.
- 4.2 - The requirement that personal information be collected through fair and lawful means is intended to prevent Milton Hydro from collecting information by misleading or deceiving individuals about the purposes for which the information is being collected.
PRINCIPLE 5 – LIMITING USE, DISCLOSURE AND RETENTION
Milton Hydro shall not use or disclose personal information for purposes other than those for which it was collected, unless consent is given by the individual to use or disclose it for another purpose or as required by law. Milton Hydro shall retain personal information only as long as necessary for the identified purposes.
- 5.1 - If Milton Hydro uses personal information for a new purpose, it will document this purpose.
- 5.2 - With the consent of the customer, Milton Hydro may disclose a customer’s personal information to the following:
- ) an agent retained by Milton Hydro in connection with the collection of the customer’s account;
- ) credit grantors and reporting agencies;
- ) a person who, in the reasonable judgment of Milton Hydro, is seeking the information as an agent of the customer; and
- ) any other third party or parties, where the customer has provided consent to such disclosure or disclosure as required by law.
- 5.3 - Milton Hydro shall maintain reasonable and systematic controls, schedules and practices for the protection of personal information. Record retention, which shall include minimum and maximum retention periods, and destruction shall apply to personal information.
- 5.4 - Milton Hydro will keep personal information only as long as necessary for the identified purposes.
- 5.5 - Personal information that is no longer required to fulfill the identified purposes for which it was collected will be destroyed, erased or made anonymous. Milton Hydro will develop guidelines and implement procedures to govern the destruction of personal information.
- 5.6 - Only those employees of Milton Hydro who require access for business reasons or whose duties reasonably so require, are granted access to personal information about customers.
PRINCIPLE 6 – ACCURACY
Milton Hydro will keep the Personal information in its possession or control accurate, complete current and relevant based on the most recent information provided to Milton Hydro.
- 6.1 - Personal information used by Milton Hydro shall be sufficiently accurate, complete, current and relevant to minimize the possibility that inappropriate information may be used to make a decision about a customer.
- 6.2 - Milton Hydro shall update personal information about customers only if it is necessary for the purposes for which it was collected or upon notification by the individual requesting that their personal information be updated or amended.
PRINCIPLE 7 – SAFEGUARDS
Milton Hydro shall protect personal information with security safeguards appropriate to the sensitivity of the information.
- 7.1 - Milton Hydro shall protect personal information from loss or theft, unauthorized access, disclosure, copying, use, modification or destruction through appropriate security measures. Milton Hydro shall protect all personal information regardless of the format in which it is held.
- 7.2 - The nature of the safeguards will vary depending on the sensitivity of the information, amount, distribution, format and the method of storage of the personal information. Milton Hydro will give the highest level of protection to the most sensitive personal information.
- 7.3 - The methods of protection should include:
- Physical security, such as locked filing cabinets and restricted access to offices;
- Organizational security, such as security clearances and limiting access on a “need to know” basis; and
- Technological security, such as, the use of passwords and encryption.
- 7.4 - Milton Hydro will make all of its employees aware of the importance of maintaining the confidentiality of personal information.
PRINCIPLE 8 – OPENNESS
Milton Hydro shall make readily available to customers specific information about its policies and practices relating to the management of personal information.
- 8.1 - Milton Hydro will be open about the policies and practices used to manage personal information. Individuals will have access to information about these policies and procedures. This information will be available in a format that is easy to understand.
- 7.2 - Milton Hydro shall make the following information about its privacy policies and practices available:
- the name, title and address of the Corporate Privacy Officer (or persons) accountable for Milton Hydro’s privacy policies and practices and to whom inquiries or complaints can be forwarded;
- how to gain access to personal information held by Milton Hydro;
- a description of the type of personal information held by Milton Hydro including a general account of its use.
PRINCIPLE 9 – INDIVIDUAL ACCESS
Upon request, an individual shall be informed of the existence, use, disclosure of his or her personal information in Milton Hydro’s possession and shall be given access to that information.
A customer shall be able to challenge the accuracy and completeness of the information and have it amended where necessary.
In certain situations, Milton Hydro may not be able to provide access to all the personal information it holds about an individual. However, such exceptions to the access requirement is limited and specific. Exceptions may include information that is prohibitively expensive to provide, information that contains references to other individuals and information that cannot be disclosed for legal, security or commercial proprietary reasons.
- 9.1 - Upon request, Milton Hydro shall inform an individual of the personal information that Milton Hydro has in its possession or control about that individual.
- 9.2 - Upon request, Milton Hydro shall provide an account of the use and disclosure of such personal information and, where reasonable and possible, shall state the source of the information.
- 9.3 - In order to safeguard personal information, a customer may be required to provide sufficient information to properly identify themselves to assure Milton Hydro that they are providing information with respect to the existence, use and disclosure of personal information and authorizing access to an individual’s file to the right individual. Any information provided for identification purposes shall only be used for such purpose.
- 9.4 - In providing a list of third parties that Milton Hydro has disclosed personal information about a customer to, Milton Hydro will provide as much information as possible to the customer. When it is not possible to provide a list of third parties to which it has actually disclosed information to about an individual, Milton Hydro shall provide a list of third parties to which it may have disclosed information to about the individual.
- 9.5 - Milton Hydro shall promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness shall be noted in the individual’s file. Where appropriate, Milton Hydro may disclose or share with third parties who have access to such personal information any amended information and identify the existence of any unresolved differences.
PRINCIPLE 10 – CHALLENGING COMPLIANCE
- 10.1 - Milton Hydro shall maintain procedures for receiving, addressing and responding to all inquiries or complaints from its customers relating to its handling of personal information.
- 10.2 - Milton Hydro shall inform its customers about the existence of these procedures as well as the existence of complaint mechanisms.
- 10.5 - If individuals are not satisfied with the way Milton Hydro has responded to their complaint, they can contact the Privacy Commissioner of Canada at (613) 995-8210.
WATER AND WASTEWATER
Milton Hydro provides water and wastewater billing service to customers in the Town of Milton on behalf of the Regional Municipality of Halton (“Halton Region”).
- ) A customer’s Personal Information, as defined in the Municipal Freedom of Information and Protection of Privacy Act, R.S.O. 1990, c. M. 56, as amended, is collected under the authority of the Municipal Act, 2001,S.O. 2001 c.25, as amended, and will be used for the purposes of billing for water and wastewater use and collecting water and wastewater charges;
- ) A Customer’s Personal Information will be disclosed to Halton Region, who may also disclose the information to the property owner, for the purposes of collecting unpaid water and wastewater charges, including collection through the addition of the unpaid charges to the property’s tax roll.
Inquiries to the Halton Region may be directed to:
Freedom of Information and Privacy Coordinator
Legislative & Planning Services Department, Regional Clerk's Office
The Regional Municipality of Halton
1151 Bronte Road
Oakville, Ontario, L6M 3L1
Toll Free: 1-800-442-5866