INTRODUCTION
SUMMARY OF PRINCIPLES
SCOPE AND APPLICATION
DEFINITIONS
PRINCIPLE 1: ACCOUNTABILITY
PRINCIPLE 2: IDENTIFYING PURPOSES FOR COLLECTION OF PERSONAL INFORMATION
PRINCIPLE 3: OBTAINING CONSENT FOR COLLECTION, USE OR DISCLOSURE OF PERSONAL INFORMATION
PRINCIPLE 4: LIMITING COLLECTION OF PERSONAL INFORMATION
PRINCIPLE 5: LIMITING USE, DISCLOSURE, AND RETENTION OF PERSONAL INFORMATION
PRINCIPLE 6: ACCURACY OF PERSONAL INFORMATION
PRINCIPLE 7: SECURITY SAFEGUARDS
PRINCIPLE 8: OPENNESS CONCERNING POLICIES AND PRACTICES
PRINCIPLE 9: CUSTOMER AND EMPLOYEE ACCESS TO PERSONAL INFORMATION
PRINCIPLE 10: CHALLENGING COMPLIANCE
INTRODUCTION
Manitoba Telecom Services, comprised of Manitoba Telecom Services Inc. and a
number of subsidiaries including MTS Allstream Inc., Allstream Corp., MTS
Communications Inc., MTS Media Inc., AAA Alarm Systems Ltd., and Delphi
Solutions Corp. (hereafter the “Company”), provides a complete
range of services to customers, including local and long distance voice and
data, wireless, directory, Internet access and security alarm services in
Canada.
The Company’s Code of Fair Information Practices (the
“Privacy Code”) is a formal statement of principles and guidelines
concerning the minimum requirements for the protection of personal information
provided by the Company to its customers and employees. The objective of
the Privacy Code is to ensure responsible and transparent practices in the
management of personal information, in accordance with the national standard
and federal legislation.
The Company will review its Privacy Code at least every five
years to ensure it is relevant and remains current with changing technologies
and laws and the evolving needs of the Company, its customers and employees.
SUMMARY OF PRINCIPLES
Principle 1 - Accountability
The Company is responsible for personal information under its control.
General Counsel for Manitoba Telecom Services Inc. is accountable for the
Company’s compliance with the Company Privacy Code.
Principle 2 - Identifying Purposes for Collection of Personal
Information
The Company shall identify the purposes for which personal information is
collected at or before the time the information is collected.
Principle 3 - Obtaining Consent for Collection, Use or Disclosure of
Personal Information
The knowledge and consent of a customer or employee are required for the
collection, use, or disclosure of personal information, except where
inappropriate.
Principle 4 - Limiting Collection of Personal Information
The Company shall limit the collection of personal information to that which is
necessary for the purposes identified by the Company. The Company shall collect
personal information by fair and lawful means.
Principle 5 - Limiting Use, Disclosure, and
Retention of Personal Information
The Company shall not use or disclose personal information for purposes other
than those for which it was collected, except with the consent of the
individual or as required by law. The Company shall retain personal information
only as long as necessary for the fulfillment of the purposes for which it was
collected.
Principle 6 - Accuracy of Personal Information
The personal information the Company maintains shall be as accurate, complete,
and up-to-date as is necessary for the purposes for which it is to be used.
Principle 7 - Security Safeguards
The Company shall protect personal information through the use of security
safeguards appropriate to the sensitivity of the information.
Principle 8 - Openness Concerning Policies and Practices
The Company shall make readily available to customers and employees specific
information about its policies and practices relating to its management of
personal information.
Principle 9 - Customer and Employee Access to Personal Information
The Company shall inform a customer or employee of the existence, use, and
disclosure of his or her personal information upon request and shall give the
individual access to that information. A customer or employee shall be able to
challenge the accuracy and completeness of the information and have it amended
as appropriate.
Principle 10 - Challenging Compliance
A customer or employee shall be able to address a challenge concerning compliance
with the above principles to the person accountable for the Company's
compliance with this Code.
SCOPE AND APPLICATION
The ten principles that form the basis of the Company’s Privacy Code are interrelated and the Company shall adhere to the ten principles as a whole. Each principle must be read in conjunction with
the accompanying commentary. As permitted by the Personal Information
Protection and Electronic Documents Act, the commentary in this Privacy
Code has been tailored to reflect personal information issues specific to the
Company.
The scope and application of the Privacy Code are as follows:
-
The Privacy Code applies to personal information about the Company's customers
and employees that is collected, used, or disclosed by the Company.
-
The Privacy Code applies to the management of personal information in any form
whether oral, electronic or written.
- The Privacy Code does not impose any limits on the collection, use or
disclosure of the following information by the Company:
a) information that is publicly available,
such as a customer's name, address, telephone number and electronic address,
when listed in a directory or made available through directory assistance; or
b) the name, title or business address or telephone number of an employee of an
organization; or
c) other information about the customer or employee that is publicly available
and is specified by regulation pursuant to the Personal Information Protection
and Electronic Documents Act.
-
The application of the Company’s Privacy Code is subject to the
requirements or provisions of Part I of the Personal Information
Protection and Electronic Documents Act, the regulations enacted thereunder,
and any other applicable legislation or regulation, including any applicable
regulations of the Canadian Radio-television and Telecommunications Commission
and the requirements of any applicable legislation, regulations, tariffs or
agreements, such as collective agreements, or the order of any court, or other
lawful authority.
DEFINITIONS
collection - the act of gathering, acquiring,
recording, or obtaining personal information from any source, including third
parties, by any means.
consent - voluntary agreement with the
collection, use and disclosure of personal information for defined
purposes. Consent can be either express or implied and can be provided
directly by the individual or by an authorized representative. Express
consent can be given orally, electronically or in writing, but is always
unequivocal and does not require any inference on the part of the
Company. Implied consent is consent that can reasonably be inferred from
an individual’s action or inaction.
customer - an individual who uses, or applies to use, the Company's products or services or otherwise provides personal
information to the Company in the course of the Company's commercial
activities.
disclosure - making personal information
available to a third party.
employee - an employee or pensioner of the
Company, and for the purpose of this Code only, includes independent and other
contractors performing services within the Company.
Company - Manitoba Telecom Services Inc. and its subsidiaries: MTS Allstream Inc., Allstream Corp., MTS Communications Inc.,
MTS Media Inc., AAA Alarm Systems Ltd. and Delphi Solutions Corp.
personal information - information about an identifiable individual but not aggregated information that cannot be
associated with a specific individual.
For a customer, such information includes
credit information, billing records, service and equipment, and any recorded
complaints.
For an employee, such information includes
information found in personal employment files, performance appraisals, and
medical and benefits information.
third party - an individual other than the customer, or the customer's agent, or organization outside the Company.
use - the treatment, handling, and management of personal information by and within the Company.
PRINCIPLE 1 - ACCOUNTABILITY
The Company is responsible for personal information under its control. General Counsel for Manitoba Telecom Services Inc. is accountable for the
Company’s compliance with the Privacy Code.
|
1.1
|
Other individuals within the Company may be delegated to act on behalf of
General Counsel or to take responsibility for the day-to-day collection and
processing of personal information.
|
|
1.2
|
The Company is responsible for personal information in its possession or
custody, including information that has been transferred to a third party for
processing or other purposes related to the Company's business and operations.
The Company shall use contractual or other means to provide a comparable level
of protection while the information is in the possession of the third party.
(See principle 7)
|
|
1.3
|
The Company shall implement policies and procedures to give effect to the the
Company's Privacy Code, including:
a) implementing procedures to protect personal information and to oversee the
Company’s compliance with the MTS Privacy Code;
b) establishing procedures to receive and respond to inquiries or complaints;
c) training and communicating to employees about the Company’s policies
and practices; and
d) developing public information to explain the Company’s policies and
practices.
|
PRINCIPLE 2 - IDENTIFYING PURPOSES FOR COLLECTION OF PERSONAL INFORMATION
The Company shall identify the purposes for which personal information is
collected at or before the time the information is collected.
|
2.1
|
The Company collects personal information only for the following purposes:
a) to establish and maintain responsible commercial relations with customers and
to provide ongoing service;
b) to understand customer needs;
c) to develop, enhance, market or provide products and services;
d) to manage and develop the Company’s business and operations, including
personnel and employment matters;
e) and to meet legal and regulatory requirements.
Further references to "identified purposes" in this Privacy Code mean the
purposes identified in this Principle 2.
|
|
2.2
|
The Company shall specify orally, electronically or in writing the
identified purposes to the customer or employee at or before the time personal
information is collected. Upon request, persons collecting personal information
shall explain these identified purposes or refer the individual to a designated
person within the Company who shall explain the identified purposes.
|
|
2.3
|
Unless required by law, the Company shall not use or disclose for any new
purpose personal information that has been collected without first identifying
and documenting the new purpose and obtaining the consent of the customer or
employee.
|
PRINCIPLE 3 - OBTAINING CONSENT FOR COLLECTION, USE OR DISCLOSURE OF PERSONAL
INFORMATION
The knowledge and consent of a customer or employee are required for the
collection, use, or disclosure of personal information, except where
inappropriate.
|
3.1
|
In certain circumstances personal information can be
collected, used or disclosed without the knowledge and consent of the
individual. For example, the Company may collect, use or disclose
personal information without knowledge or consent if it is clearly in the
interests of the individual and consent cannot be obtained in a timely way.
The Company may also collect, use and disclose personal
information without knowledge or consent if :
a) seeking the consent of the individual might defeat the
purpose of collecting the information, such as in the investigation of a breach
of an agreement or a contravention of a federal or provincial law;
b) there is an emergency where the life, health or security
of an individual is threatened; or
c) disclosure is to a lawyer representing the Company, to
collect a debt, to comply with a subpoena, warrant or other court order, or
otherwise required by law.
|
|
3.2
|
In obtaining consent, the Company shall use reasonable efforts to ensure that a
customer or employee is advised of the identified purposes for which personal
information will be used or disclosed. Purposes shall be stated in a manner
that can be reasonably understood by the customer or employee.
|
|
3.3
|
Generally, the Company shall seek consent to use and disclose personal
information at the same time it collects the information. However, the Company
may seek consent to use and disclose personal information after it has been
collected, but before it is used or disclosed for a new purpose.
|
|
3.4
|
The Company will require customers to consent to the collection, use or
disclosure of personal information as a condition of the supply of a product or
service only if such collection, use or disclosure is required to fulfill the
identified purposes.
|
|
3.5
|
In determining the appropriate form of consent, the Company shall take into
account the sensitivity of the personal information and the reasonable
expectations of its customers and employees.
|
|
3.6
|
In general, the use of the Company's products and services by a customer, or the
acceptance of employment or benefits by an employee, constitutes implied
consent for the Company to collect, use and disclose personal information for
all identified purposes.
|
|
3.7
|
A customer or employee may withdraw consent at any time, subject to legal or
contractual restrictions and reasonable notice. Customers and employees may
contact the Company for more information regarding the implications of
withdrawing consent.
|
PRINCIPLE 4 - LIMITING COLLECTION OF PERSONAL INFORMATION
The Company shall limit the collection of personal information to that which is
necessary for the purposes identified by the Company.
The Company shall collect personal information by fair and lawful means.
|
4.1
|
The Company collects personal information primarily from its customers or
employees.
|
|
4.2
|
The Company may also collect personal information from other sources including
credit bureaus, employers or personal references, or other third parties that
represent that they have the right to disclose the information.
|
PRINCIPLE 5 - LIMITING USE, DISCLOSURE, AND RETENTION OF PERSONAL INFORMATION
The Company shall not use or disclose personal information for purposes other
than those for which it was collected, except with the consent of the
individual or as required by law.
The Company shall retain personal information only as long as necessary for the
fulfillment of those purposes.
|
5.1
|
In certain circumstances, personal information can be collected, used or
disclosed without the knowledge and consent of the individual. (See Principle
3.1)
|
|
5.2
|
In addition, the Company may disclose a customer’s personal information to
a) another telecommunications company for the efficient and cost-effective
provision of telecommunications services;
b) a company involved in supplying the customer with communications or
communications directory related services;
c) a company or individual retained by the Company to perform functions on the
Company's behalf, such as research and data processing;
d) another person for the development, enhancement, marketing or provision of
any of the Company’s products or services;
e) credit grantors and reporting agencies;
f) an agent used by the Company to evaluate a
customer’s credit worthiness or to collect the customer’s account;
g) a public authority or agent of a public authority, if in
the reasonable judgment of the Company, it appears that there is imminent
danger to life or property which could be avoided or minimized by disclosure of
the information;
h) a person who, in the reasonable judgment of the Company,
is seeking the information as an agent of the customer; and
i) a third party or parties, where the customer consents to
such disclosure or disclosure is required by law.
|
|
5.3
|
The Company may disclose personal information about its employees:
a) for normal personnel and benefits administration;
b) in the context of providing references regarding current or former employees
in response to requests from prospective employers; or
c) where disclosure is required by law.
|
|
5.4
|
Only those Company employees who require access for business reasons are granted
access to personal information about customers and employees.
|
|
5.5
|
The Company shall keep personal information only as long as it remains necessary
or relevant for the identified purposes or as required by law. Depending on the
circumstances, where personal information has been used to make a decision
about a customer or employee, the Company shall retain, for a period of time
that is reasonably sufficient to allow for access by the customer or employee,
either the actual information or the rationale for making the decision.
|
|
5.6
|
The Company shall maintain reasonable and systematic controls,
schedules and practices for information and records retention and destruction
which apply to personal information that is no longer necessary or relevant for
the identified purposes or required by law to be retained. Such
information shall be destroyed, erased or made anonymous.
|
PRINCIPLE 6 - ACCURACY OF PERSONAL INFORMATION
The personal information the Company maintains shall be as accurate, complete,
and up-to-date as is necessary for the purposes for which it is to be used.
|
6.1
|
Personal information used by the Company shall be sufficiently accurate,
complete, and up-to-date to minimize the possibility that inappropriate
information may be used to make a decision about a customer or employee.
|
|
6.2
|
The Company shall update personal information about customers and employees as
and when necessary to fulfill the identified purposes or upon notification by
the individual.
|
PRINCIPLE 7 - SECURITY SAFEGUARDS
The Company shall protect personal information through security safeguards
appropriate to the sensitivity of the information.
|
7.1
|
The Company shall use appropriate security measures to protect
personal information against such risks as loss or theft, unauthorized access,
disclosure, copying, use, modification or destruction regardless of the format
in which it is held. The Company shall use care in disposing of or
destroying personal information to prevent unauthorized parties from gaining
access to the information.
|
|
7.2
|
The Company shall protect personal information disclosed to third parties by
contractual agreements stipulating the confidentiality of the information and
the purposes for which it is to be used.
|
|
7.3
|
The Company shall make its employees with access to personal
information aware of the importance of maintaining the confidentiality of
personal information.
|
PRINCIPLE 8 - OPENNESS CONCERNING POLICIES AND PRACTICES
The Company shall make readily available to customers and employees specific
information about its policies and practices relating to the management of
personal information.
|
8.1
|
The Company shall make information about its policies and practices easy to
understand, including:
a) The title and address of the person or persons accountable for the Company's
compliance with the Privacy Code and to whom inquiries or complaints can be
forwarded;
b) The means of gaining access to personal information held by the Company; and
c) A description of the type of personal information held by the Company,
including a general account of its use.
|
|
8.2
|
The Company shall make available information to help customers and employees
exercise choices regarding the use of their personal information and the
privacy-enhancing services available from the Company.
|
PRINCIPLE 9 - CUSTOMER AND EMPLOYEE ACCESS TO PERSONAL INFORMATION
The Company shall inform a customer or employee of the existence, use, and
disclosure of his or her personal information upon request and shall give the
individual access to that information, except in certain circumstances.
A customer or employee shall be able to challenge the accuracy and completeness
of the information and have it amended as appropriate.
![[Allstream]](/images/logos/company_logo1.gif "Allstream"){kind=logo}
![[Search]](/images/nav/tlbx_go.gif "search")
