In order to provide our clients with the products and services they require and to ensure that we make informed underwriting and claims decisions, it is necessary that we obtain information about our clients and/or their businesses. The information with which we are entrusted is often of a personal nature. Our clients have the right to expect that any personal information they provide to us or that we obtain from other sources in order to make underwriting or business decisions will be kept in confidence and that access to that information will be restricted to those having a legitimate need to review or use that information.
As of January 1, 2004, the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) applies to the operations of insurance companies in Canada. PIPEDA sets out in law the rights of the consumer and details the duties and responsibilities of companies that collect information of a personal nature. A number of provinces have since enacted similar legislation. Trisura Guarantee Insurance Company (“Trisura”) intends to fully comply with all aspects of PIPEDA and applicable provincial legislation.
Personal Information, as defined in PIPEDA, means information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization. Personal information that we collect may include name, address, contact information, marital status, work history, assets, liabilities, income, banking records, health records, claims history and other information of a personal nature relating to an individual. The type of information we collect is dependent on the type of product the individual requires from us. We will limit the personal information we collect to that necessary for us to make informed underwriting and business decisions. Trisura operates on a principle of limited collection, meaning that it will collect only that information necessary for the purposes that have been identified and specified at or before the time of collection (see also Purposes for Collections and Processing of Personal Information section below).
How We Collect Personal Information
We may obtain personal information directly from the client and/or through insurance brokers, other insurers, banks, credit bureaus, applications, transactions, consumer reports or by other legitimate means.
Purposes for Collections and Processing of Personal Information
We typically collect, use and sometimes disclose personal information for purposes which include: assessing insurance applications and issuing policies; making underwriting and business decisions; compiling statistics; communicating with our clients; evaluating, investigating, paying out or defending claims against our insureds; detecting or preventing illegal activity such as fraud or money laundering; meeting legal or regulatory obligation such as those relating to sanctions, anti-terrorism and other internal security policies and procedures; and managing our business environment including our IT systems. We will explain to the client why we require personal information and will restrict our use of this information to the purposes identified.
Please note that if an individual refuses consent to the collection, use or disclosure of his or her personal information then Trisura may be unable to provide the product or service requested.
Protection of Personal information
Trisura will take all necessary and reasonable precautions to protect the information provided to us by our clients. Trisura uses a number of manual and electronic controls to protect personal information that has been entrusted to us. These controls include restricted access to our premises, user authentication, encryption, firewall technology and the use of detection software.
Trisura only allows access to an individual’s personal information to those employees who require it in their work. Employees who have access to personal information are made aware of the responsibility they have for protecting that information and are required to make proper use of the manual and electronic controls available to them. Our employees are subject to disciplinary procedures for the unauthorized use or disclosure of an individual’s personal information.
Disclosure of Personal Information
As stated above, we will only disclose an individual’s personal information with the individual’s consent, except in situations where to do so would cause undue delay in providing requested services or where Trisura is legally required to disclose such information.
Personal Information Transfer Outside of Canada
Retention of Personal Information
Trisura will retain an individual’s personal information for as long as is necessary to fulfill the purposes for which it was collected or as required by law. Disposal of any personal information no longer required will be done in a safe and complete manner.
Accuracy and Accessing Your Personal Information
An individual has the right to be allowed access to his or her personal information, subject to any legal restrictions. For example, if to allow access would reveal any personal information about a third party then access may be limited or denied. If there are reasons why access is denied, the individual requesting access will be advised in writing. Trisura is committed to keeping accurate and complete data records of the personal information it collects. Should an individual demonstrate that any information held is inaccurate or incomplete, please contact our Chief Privacy Officer at the email listed below and Trisura will make the appropriate changes to such information.
In the unlikely event that Trisura experiences an incident involving the loss of or unauthorized access to or disclosure of personal information where a reasonable person would consider that there exists a real risk of significant harm to an individual as a result, Trisura will comply in all respects with the applicable provisions of federal and provincial privacy laws with regard to privacy breach notification, and will take all necessary steps to reduce the risk of harm to the affected individual as a result of the breach.
Individuals may contact Trisura’s Chief Privacy Officer in order to obtain further information about Trisura’s personal information practices, to gain access to the individual’s personal information collected by Trisura, or to challenge Trisura’s compliance with privacy laws and regulations.
Requests for further information access to personal information or complaints about Trisura’s handling of personal information should be directed to Trisura’s Chief Privacy Officer, as follows:
SVP and General Counsel, Chief Privacy Officer
Trisura Guarantee Insurance Company
333 Bay Street, Suite 1600, Box 22
Phone: (416) 607-2127
Fax: (416) 214-9597