Personal information is generally defined in Canada as information about an identifiable individual, excluding certain types of business contact information. Examples of personal information include a person's Social Insurance Number, driver's license number, passport number, credit or debit card numbers, health insurance identification number, credit history, income information, health information, and claims history. Under Canada’s privacy legislation, an individual has rights in controlling the collection, use and disclosure of his/her personal information.
CNA Canada does not use Social Insurance Numbers as a way of identifying or organizing the information we hold about clients or others.
Why and How We Collect Personal Information
We collect personal information to underwrite polices, administer claims or provide related services. We also collect personal information to verify identities, administer our client databases, detect and prevent fraud, monitor and investigate transactions, analyze business operations and results and to include our clients in any direct marketing activities or other distributions of information or material that we believe may be of interest to the individual. With the individual’s consent we may obtain personal information directly from the policyholder, the claimant/injured worker, and from third parties such as medical providers, attorneys, administrative agencies or index bureaus, other insurers and reinsurers, insurance brokers and adjusters, third party administrators, insurance associations, financial institutions, and government agencies and registries.
To help us make credit decisions about clients, prevent fraud, check the identity of new clients and prevent money-laundering, we may on occasion, with the individual’s consent, request information about clients from the files of consumer reporting agencies.
If we are notified that an individual no longer wishes to receive information regarding our products and services, we will not send any further material.
We ask clients to provide explicit consent if we collect, use, or disclose their personal information, or rely upon the express consents obtained by the insurance brokers that represent us. Although we may ask for a consent in writing in some circumstances, in others we may accept a verbal consent. Sometimes, a consent may also be implied through conduct with us.
Protecting Personal Information
CNA Canada employees may have access to personal information in the course of doing their jobs, which includes underwriting policies, processing claims or providing related services. Employees are required to keep this information in confidence and share the information only with those who have a business reason to know. Employees are prohibited from making unauthorized disclosure of the personal information we obtain about customers and claimants. Employees who violate our policies on privacy may be subject to disciplinary action.
We use procedural, manual and electronic security controls to maintain the confidentiality, security and integrity of personal information in our possession or control and to guard against unauthorized access and disclosure. Some techniques we may employ to protect information include locked files, proper methods to destroy out-of-date information, user authentication, encryption, firewall technology and the use of detection software.
Disclosing Personal Information
To administer our business and provide related services, we may share personal information with affiliates of CNA Canada and with unaffiliated third parties, including insureds, agents, brokers, other insurance companies, reinsurers, regulators, administrators, law enforcement agencies, service providers, and as otherwise permitted or required by law. In addition, we may share such information with other unaffiliated third parties who assist us by performing services for us or on our behalf, such as loss control, claim adjusting, case management, investigation, or offering products or services under a joint agreement between us and the third party.
We may disclose personal information with proper written authorization from the individual or as otherwise permitted or required by law.
Storage And Disposal Of Personal Information
CNA Canada takes reasonable steps so that all documents and files (both electronic and in hard copy) that contain personal information are stored in a physically secure manner.
CNA Canada requires that personal information be stored in a way that prevents unauthorized access, use or modification. For example, hard copy documents that contain personal information are to be stored in files that can only be accessed by authorized CNA Canada employees or third parties, and computers or other electronic devices that contain personal information are to be secured against unauthorized access, such as using a password. CNA Canada requires that any authorized personnel who maintain personal information must take appropriate steps consistent with this policy to safeguard such information.
Documents or other materials (both electronic and in hard copy) that contain personal information are to be disposed of in a manner such that the personal information is erased or made unreadable at the time of disposal.
How Long do we Keep Personal Information?
We keep personal information as long as is reasonably necessary for us to complete our dealings with an individual, or as may be required by law, whichever is longer.
Since we use personal information to provide insurance products and services to brokers and customers, it is important that the information be accurate and up-to-date.
If any personal information regarding a client changes, we ask the client or their broker to inform us promptly of the change so that we can make any necessary changes to our records.
Access to Personal Information
An individual may ask for access to any personal information we hold about them. Summary information is available on request. More detailed requests which require archive or other retrieval costs may be subject to appropriate fees.
Can an Individual be Denied Access to their Personal Information?
An individual's rights to access his or her personal information are not absolute.
We may deny access to the requested information in the following situations: when the information is protected by solicitor and client privilege; when granting access would reveal personal information about another individual that is not severable from the requested information; where providing the requested information would reveal confidential commercial information of a third party; or when denial of access is otherwise required or authorized by law.
If we deny a request for access to, or refuse a request to correct information, we shall explain why.
Request for Access
Any questions, or requests for access to personal information, should be directed in writing to our Privacy Officer.
If CNA Canada holds information about an individual and the individual can establish that it is not accurate, complete and up-to-date, CNA Canada will take reasonable steps to correct it.
Can an Individual Request Anonymity?
Whenever it is legal and practicable, we may offer the opportunity to deal with general inquiries without an individual providing a name (for example, by accessing general information on our website).
Communicating with Us
All of our clients and brokers should know that email is not a 100% secure medium, and should be aware of this when contacting us to send personal or confidential information.
CNA Canada employees receive training regarding privacy protection requirements and measures taken by CNA Canada to assure those requirements are met.
CNA Canada monitors its privacy policies and procedures on an ongoing basis to assess risks to its privacy program as technology and the business landscape evolve. Changes are instituted accordingly.
Third Party Administrators and Vendors
CNA Canada requires, by contractual agreement, that third party administrators and vendors who obtain and maintain CNA Canada customer information have standards to protect that information. Licensed entities may be required by law and regulation to protect information.
Although federal privacy legislation does not apply to our employee information, we have elected to follow privacy "best practices" in this area. If an individual applies to CNA Canada for employment, we need to consider their personal information as part of our review process. We normally retain information from employment candidates after a decision has been made, unless they ask us not to retain the information. If we offer a person a job, and they accept, the information will be retained in accordance with our privacy procedures for employee records. .
Personal information collected by CNA Canada may be processed or stored in other jurisdictions and, therefore, it may be subject to access by local government and/or law enforcement authorities pursuant to the laws of those jurisdictions.
On our website, like most other commercial websites, we may also monitor traffic patterns, site usage and related site information in order to optimize our web service. We may also provide aggregated information to third parties, but these statistics do not include any identifiable personal information.
For further information please contact:
Lynne von Wistinghausen
Chief Privacy Officer
250 Yonge Street, Suite 1500
Toronto, Ontario M5B 2L7