January 28th is Data Privacy Day and to demonstrate support and commitment to the privacy and protection of personal information of our staff, customers and business partners, Long View has become a registered “Champion” of this important event. With the numerous recent high profile events occurring in 2013 such as actions taken by the NSA and major breaches of personal information by Target, Adobe and others, the subject of privacy and data protection has arguably never been as prevalent as it is now. But despite all the recent news and press around privacy what is perhaps most surprising is the general uncertainty and confusion concerning what privacy and data protection actually entails; especially in relation to business information shared or under the management of external vendors and service providers.
The privacy and personal information of our staff, customers and business partners is of utmost importance. Long View is committed to collecting, using and disclosing Personal Information responsibly and only to the extent necessary for the goods and services we provide. Long View also strives to be open and transparent with its privacy policies and how we handle Personal Information. In order to meet these objectives, Long View has implemented a series of internal standard operating procedures and externally facing privacy policies which have been specifically aligned with the needs and requests of our internal staff and customers as well as relevant local, national and international legislation requirements and best practices for privacy and data protection.
Data privacy is concerned with best practices for securing personally identifiable information. Long View defines and classifies ‘Personal Information’ as follows:
Personal Information – Any information that (1) is recorded in any form; (2) is about, or pertains to a specific individual; and (3) can be linked to that individual. Examples of Personal information include a person’s name, home or work address, phone numbers, email addresses, driver’s license number, social security number, credit cards, etc.
Sensitive Personal Information – Personal Information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, financial information, trade union membership, or that concerns an individual’s health. Some examples include health care records, credit history reports, background checks, political memberships, birth certificates, etc.
Long View’s external privacy policies and associated standard operating procedures are focused on the following objectives:
- Describe where Personal Information is collected by Long View and for what purpose
- Ensure the individual is aware why Personal Information is being collected and consents to its collection
- Limit the collection of Personal Information to only what is necessary to fulfill the purposes for which it is required
- Ensure Personal information is not disclosed without proper authorization
- Assurance that the Personal Information collected by Long View is accurate, complete, current and reliable
- Ensure the retention duration of Personal Information is only for as long as is necessary to fulfill the purpose for which it was collected
- Apply appropriate safeguards are applied to protect Personal Information under Long View’s care from loss, misuse, unauthorized access, disclosure, alteration and destruction
- Allow individuals (after confirmation of identify) to request access to their Personal Information and to request modifications to, or removal of, this information
- Ensure any third parties Long View may be sharing Personal Information with have equal or better privacy policies and procedures in effect
- Regularly implement self-assessment audits to ensure effectiveness of procedures and ongoing compliance to the privacy policies and governing legislations
- Ensure complaint and recourse procedures are in place to effectively respond to and resolve complaints
- Provide effective privacy incident response procedures
Long View’s privacy policies and associated standard operating procedures are designed in accordance with the following laws and regulations:
- Canada – PIPEDA, Privacy Act, Personal Information Protection Act (Alberta), Personal Information Protection Act (BC), Personal Health Information Protection Act (Ontario). See our PIPEDA policy.
- USA – HIPAA, COPPA
- European Union – EU/US Safe Harbor Agreement, Data Protection Directive 95/46/EC.
- Long View is Safe Harbor certified. See our Safe Harbor policy
Long View has designated a Privacy Officer within the business who is responsible for the operation and overall effectiveness of the privacy program. If you have any comments, questions, issues, complaints, concerns, etc. about Long View’s privacy policies and practices they can be directed to Long View’s Privacy Officer at Privacy.Officer@lvs1.com