PIPEDA/PIPA Policy for Greater Calgary Real Estate
–1. The Privacy Code of Greater Calgary Real Estate
Greater Calgary Real Estate is a member of The Canadian Real Estate Association (CREA) and adheres to and abides by the principles set out in the CREA Privacy Code. All employees and sales representatives associated with this office must sign an acknowledgement that they will comply with the requirements of the Code.
–2. The Policy Statement
Greater Calgary Real Estate only collects personal information necessary to comply with the law (e.g. satisfy FINTRAC regime obligations), to effectively market and sell the property of sellers, to locate, assess and qualify properties for buyers and to otherwise provide professional and competent real estate services to clients and customers.
–The Person In Charge
Sandra Rafferty/Broker is the privacy compliance officer responsible for privacy compliance in this office. His/her name shall be made available to consumers. The responsibilities of the privacy compliance officer shall include:
a. Establish and update information protection policies.
b. Ensure policies are implemented by other organizations to which data-processing functions are outsourced.
c. Establish criteria for classification of information.
d. Evaluate the accessibility of sensitive information and take corrective action where necessary.
e. Provide education to employees on the importance of information protection.
f. Attempt to resolve consumer privacy complaints to the satisfaction of the consumer.
g. Respond to privacy breaches, including reporting breaches to impacted individuals, the relevant privacy commissioner(s), and any other government institution when notifying that institution may be able to reduce the harm from the breach, when necessary.
–4. The Collection, Use and Disclosure of Personal Information
a. Only the information necessary to facilitate the real estate transaction or otherwise provide professional and competent service to clients and customers will be collected.
b. No personal information shall be collected from an individual without first obtaining the consent of the individual to the collection, use and dissemination of that information.
c. Express consent (whether oral or written) must always be obtained except in the following situation. Consent may be implied where the information is not sensitive and where it can be reasonably assumed that the individual would expect the information to be disclosed in this fashion.
d. Once information is collected, it will be used and disclosed only for the purposes disclosed to the individual.
e. All representation agreements must include the approved privacy clauses.
–5. Disclosure for New Purpose
a. Anyone using personal information for some new purpose that extends beyond the consent already provided must obtain the express consent of the person for that use.
b. Requests for information by law enforcement officials, lawyers, private investigators or other agents or subpoenas for documents issued by the court must be referred to the (privacy officer/office manager).
–6. Protecting Information
Information must be protected in a manner commensurate with its sensitivity, value and criticality. This policy applies regardless of the media on which information is stored, the locations where the information is stored, the systems used to process the information, or the processes by which information is handled.
a. Collection and Disclosure
i. Meetings with customers and clients on these premises must take place in a place and manner to ensure confidentiality.
ii. Mail and faxes must be routed directly to the intended recipient.
iii. Information should be available to other persons in the office only on a need-to-know basis.
i. Filing cabinets designated by the office manager to contain personal, including sensitive, information are to be kept secured at all times.
ii. All personnel have computer passwords. These passwords are confidential and are not to be shared with any unauthorized persons.
i. This office has in place a record retention and destruction policy. Refer to that portion of the policy manual for details.
–7. Accuracy of Personal Information
To ensure the quality of the information collected:
a. Insofar as possible, personal information should be collected directly from the consumer.
b. Public property information (taxes, assessment data, etc.) should be verified.
c. Disclaimers of accuracy in the form approved by the office should always be attached to any disclosure of information.
–8. Access to Personal Information
a. Copies of any privacy brochure approved by this office should always be available to the public in the reception area of the office.
b. The individual set out in Section 3 as being responsible for privacy compliance is the person responsible for responding to access requests and all such requests will be referred to him or her. All staff and salespersons will co-operate fully with the privacy compliance officer in responding to requests.
c. On written request and appropriate identification satisfactory to the organization, an individual will be advised of personal information about him/her retained in the firm’s records.
d. Where information cannot be disclosed (for example the information contains reference to other individuals or is subject to solicitor-client privilege) the individual will be given reasons for non-disclosure.
e. An individual may have appended to a record, any alternative information where the office is of the view that the appended information is, in fact, correct.
f. A minimal administrative fee may be charged to supply the information.
a. Any complaints from an individual concerning the collection, use or disclosure of their personal information or concerning the individual’s ability to access their personal information must be referred to the privacy compliance officer, who will attempt to resolve the complaint to the individual’s satisfaction.
b. In the event the complaint cannot be resolved internally to the individual’s satisfaction, he or she will be advised of where to direct the complaint.