Privacy
This policy has been developed with regard to the CAO’s core values of transparency and working in the best interest of the public, with equal regard given to compliance with privacy legislation and to the protection of personal information.
Definitions
Personal information: means any information about an identifiable individual that is recorded in any form. This does not include the name, title, contact information or designation of an individual that identifies the individual in a business, professional or official capacity.
Record: means any information created, received, and maintained as evidence and information, whether in printed form, film, by electronic means or otherwise in the custody and control of the CAO for administration of the Act.
The Act: refers to the Condominium Act, 1998.
Principles
Accountability
The Condominium Authority of Ontario (CAO) has designated an Access and Privacy Officer who will be responsible for key components of this policy, including oversight and responsibility for CAO and CAT training on:
- protecting personal information;
- responding to privacy inquiries or complaints; and
- responding to information access requests.
Identifying Purpose and Use
CAO
The CAO collects certain personal information for specific purposes. These include responding to queries from the public, managing operations, meeting legal requirements, developing and improving our digital services and resources.
Periodically the CAO may also use personal contact information collected to reach out to individuals to hear from them directly and/or to invite them to participate in various feedback opportunities so that we may better understand their needs and determine how best our services and resources can serve Ontario’s condo communities. We do not release this personal information to any third parties outside of the CAO.
CAT
The Condominium Authority Tribunal (CAT) collects information regarding the parties to an application filed through its online dispute resolution (ODR) system.
See Disclosure and Retention Principle below
Consent
The CAO will collect personal information only with written consent directly from the person to whom it relates and not from a third party.
In the certain circumstances, however, the CAO may disclose information to a third party without the consent of the individual if, for example, the information is necessary to respond to an emergency or there is a legal requirement to do so.
Disclosure and Retention
At the time of collection, users will be notified about the collection of their personal information. The notification will explain why the information is needed.
Any documents uploaded to the CAT’s ODR can be viewed and downloaded by the parties, CAT staff, and CAT members. There is no obligation that any party return documents they have received through the ODR system.
Any communication or documents that the CAT finds to be abusive, threatening or in relation to a criminal act, or alluding to a future criminal act will be indefinitely retained by the CAT, and appropriate action will be taken.
From time to time, the CAO may transfer personal information to third parties acting for or on its behalf to support data processing activities such as CAT ODR service delivery or for evaluating the useful of CAO’s website. Third party access will only be provided where it can be demonstrated that the third party has information protection controls that are comparable to those of the CAO. See Safeguards Principle below.
Information Access
The CAO is open about its information management practices and will strive to respond to any request for information in manner that is permitted by law and in the public’s best interest.
Accuracy
The CAO has implemented policies and procedures to maintain the accuracy and integrity of the data contained within its online systems.
Where an individual disagrees with the accuracy of their personal information on file with the CAO, the individual has the right to challenge its accuracy and demand that the CAO update the file.
The CAO will strive to respond to all information access requests within 30 days.
Safeguards
The CAO has implemented privacy and information security controls to protect personal information from unauthorized access, disclosure, copying, and modification.
Examples of such controls include:
- encryption of all systems containing personal information;
- shredding paper documents; and,
- granting access to those whose duties reasonably require such information.
Challenging compliance
Individuals not satisfied with the CAO’s response or a decision rendered by the CAT may ask the CAO to review the decision. That request must be in writing, addressed to the Access and Privacy Officer and must describe what aspect of the response the requester wishes to have reviewed. A response with a final decision or date when a final decision will be rendered will be provided within 30 days.
Review of this policy
This policy will be reviewed annually by the senior officers or Board of Directors of the CAO to ensure that it continues to serve its intended purpose.
A records retention policy and accompanying retention schedule will eventually be developed to address the requirements for disposing of information that has served its business purpose.