For the purposes of clarity, Buffett & Company has reviewed and analyzed its privacy practices in light of general privacy principles. These are outlined as follows:
| privacy principle |
our practice |
| |
|
| |
Accountability:
Organizations
are responsible for personal information under their care. |
|
Professional wellness staff is responsible
for the care and keeping of personal data for information related to assigned clients. The Vice-President is responsible for overall care and custody of personal data within
the organization. |
| |
|
| |
Identifying Purposes:
The purpose for which personal information is being collected must be identified when (or before) the information is collected. |
|
Wellness Consultants outline the purpose and nature of the collection of health- related data. This purpose may also be outlined in writing in the form of a written consent. Participation in health initiatives
is on a voluntary basis. |
| |
|
| |
Consent:
Personal information can only
be collected, used, and/or disclosed with the informed consent of the individual. |
|
Wellness Consultants utilize written “consent” forms for the purpose of gathering personal health information
which is initiated on a voluntary basis. Reporting and Wellness analysis for clients is performed utilizing aggregate employee data only. |
| |
|
| |
Limiting Collection:
Once the purpose is identified, only information needed for
that purpose may be collected, and only
by fair and lawful means. |
|
Wellness Consultants restrict the gathering of health-related data to the specific initiative identified to the employee. |
| |
|
| |
Limiting Use:
Information can be used,
and disclosed only for the identified purpose, and must be kept only as long
as needed for that purpose. |
|
As a standard practice, Buffett & Company utilizes personal data only for the purpose identified. The organization does not share or forward such personal data to any unauthorized parties external to the organization. Appropriate retention schedules are dictated according to legislative requirements. |
| |
|
| |
Accuracy:
Information maintained must
be accurate, complete and up to date as necessary for the identified purpose. |
|
Wellness Consultants obtain current information from employees, employers and insurance partners in order to provide appropriate Wellness programming. |
| |
|
| |
Safeguards:
Organizations must put safeguards in place that are appropriate
to the sensitivity of the information collected (e.g. secure systems, secure storage and destruction of files, etc.) |
|
Buffett & Company utilizes locked files for hard copy documents. Soft copy files are secured via individual password protection. The office is security monitored and alarmed after normal working hours. Destruction of files is in accordance with legislative requirements. |
| |
|
| |
Openness:
An organization’s privacy
policy and procedure must be clear and easy to understand, and must be readily available to the public. |
|
Buffett & Company has developed comprehensive privacy policies for employees, clients and our Website.
These documents are available upon request. |
| |
|
| |
Individual Access:
Individuals have the right to know about the existence, use and disclosure of their personal information. They also have the right to view that information and can require that any inaccuracies or incomplete information be corrected. |
|
Wellness Consultants record health data on employees who voluntarily elect to participate in the sharing of their health data for the purposes of wellness initiatives. Employees have access to view their individual health results and/or update
their information.
Employers receive aggregate reporting only for the purposes of wellness consulting services. |
| |
|
| |
Challenging Compliance:
Individuals may challenge an organization’s compliance with these principles, first to the organization, and then to the Privacy Commissioner if their issue is not resolved. |
|
Clients, employees or members of the public who have any concerns with respect to privacy issues at Buffett & Company are welcome to contact the Privacy Officer at privacy@buffettandcompany.com or call (905) 666-1347. |
