Recognizing that the financial services industry is highly regulated, Cayuga Mutual Insurance Company, its Board of Directors, all staff and agents are committed to strict adherence to the letter and the spirit of the laws, rules and guidelines governing the industry. The objective of these Guidelines is to gain and maintain the policyholder’s and the public’s trust while serving the policyholders and operating the Company in the most appropriate manner.
The guidelines cover the management of personal information including the collection, possession, protection, use, disclosure, verification and correction of such information and the conduct of the Company’s Board of Directors and its employees.
‘Company’ refers to Cayuga Mutual Insurance Company, which is a member of the Ontario Mutual Insurance Association, the Canadian Association of Mutual Insurance Companies, the National Association of Mutual Insurance Companies, and the Fire Mutuals Guarantee Fund.
Cayuga Mutual Insurance Company is regulated by the Financial Services Commission of Ontario and is licensed to provide automobile, liability, property, accident & sickness, boiler & machinery, fidelity and unmanned air vehicle insurance in the province of Ontario.
‘Employee’ refers to all persons employed directly by the Company either in the role of a staff member or an agent, or a director of the Company.
‘Personal information’ refers to any information relating to an identifiable individual that is recorded in any form, including, but not limited to, a person’s name, address, telephone number, age, family status, occupation, medical and health records, assets, liabilities, income, credit and payment records, previous insurance records, driving records, and history of claims filed. Personal information does not include information that could be accessed in any directory listing.
The Guidelines are to assist the Cayuga Mutual Insurance Company in developing and implementing: policies concerning the conduct of its Board of Directors and all employees; and define the minimum standards of practices with respect to the management of personal information.
III – TREATMENT OF COMPANY ASSETS AND OF PERSONAL INFORMATION, CONFLICT OF INTEREST AND HUMAN RIGHTS
(a) Cayuga Mutual Insurance Company owns assets of property and information to which it is legally entitled. These assets are not to be used in any way, shape or form, for personal gain of its Board of Directors or employees. Included in these assets are systems, programs and processes developed internally which may provide a competitive advantage. If the Board of Directors and/or employees have access to the Company’s computers, they must ensure that the Company’s computer hardware or software systems, and the information thereof, are not used for personal gain.
Any external personal or business interests that could compromise sound judgment or diminish the director’s or employee’s personal commitment to policyholders or the Company must be avoided. Company directors and all employees will maintain, utilize and dispose of all personal information in a manner commensurate with the sensitivity of the information. Any printed information that identifies any individual will be disposed of by shredding the information when no longer required. Any electronic information will be erased from the storage medium when no longer required. Cayuga Mutual Insurance Company will only grant access to such information to those with legitimate business needs.
The Cayuga Mutual Insurance Company supports and conducts its business in accordance with human rights legislation.
Discrimination or harassment in the workplace with respect to such matters as race, colour, sex, sexual orientation, age, citizenship, creed or handicap is strictly forbidden. To maintain objectivity, members of one’s immediate family who work for the Company will not ordinarily have direct reporting relationships.
(b) Accountability for Cayuga Mutual Insurance Company’s compliance with the Personal Information Protection and Electronic Documents Act rests with the designated employee(s), even though other employees within the organization may be responsible for the day-to-day collection and processing of personal information. In addition, other employees within the organization may be delegated to act on behalf of the designated employee(s).
The identity of the employee(s) designated by the Company to oversee its compliance with the principals shall be made known upon request. Cayuga Mutual Insurance Company is responsible for personal information in its possession or custody, including information that has been transferred to a third party for processing. The company shall use contractual or other means to provide a comparable level of protection while the information is being processed by a third party.
IV – PURPOSE SPECIFICATION OF PERSONAL INFORMATION COLLECTION
The Cayuga Mutual Insurance Company will collect personal information on a policyholder only for the purposes of: establishing and maintaining communications with the individual, underwriting risks on a prudent basis, investigating and paying claims, detecting and preventing fraud, offering and providing products and services, a business or activity which it may undertake under applicable federal, provincial or territorial legislation, complying with the law, and compiling statistics.
The purposes for which personal information is collected shall be specified to the individual before the collection of the information, except in cases where information is being collected for the detection and prevention of fraud or for law enforcement.
V – QUALITY OF PERSONAL INFORMATION COLLECTED
The personal information being collected will be pertinent to the purpose identified. Efforts will be made to ensure that the personal information so collected is as accurate, complete, and up-to-date as possible for the purposes for which it is collected. The Cayuga Mutual Insurance Company will collect personal information only for the purposes identified in section IV. The Cayuga Mutual Insurance Company will use only lawful means to obtain personal information. The information will be collected directly from the individual, whenever possible. If it must be requested from a third party such as brokers, the Insurance Crime Prevention Bureau, the Insurers’ Advisory Organization and underwriting or claims information networks, the individual’s prior authorization must be obtained. The authorization sought from the policyholder will be in the form of a signed application for insurance or a properly completed proof of loss form or any form approved by the Cayuga Mutual Insurance Company. The forms will be clear and simple and sufficiently broad in scope to avoid the need for several authorizations.
VII – USE, DISCLOSURE AND RETENTION OF PERSONAL INFORMATION
As stated in section VI, the Cayuga Mutual Insurance Company must obtain the policyholder’s consent if the personal information is to be used for purposes other than those specified at the time it was originally obtained, except: when served with subpoenas, search warrants and other court or government orders from other parties empowered by legislation; in the discharge of public duty; for, as part of the underwriting process, the transfer of personal information to other insurance companies which share in the risk; Personal information shall be retained only as long as necessary for the fulfillment of the purposes identified. Personal information that is no longer required will be destroyed, erased or made anonymous.
VIII – SECURITY SAFEGUARDS FOR PERSONAL INFORMATION
Personal information will be protected by security safeguards. Comprehensive safeguards will protect personal information from loss or theft, unauthorized access, disclosure, copying, use or modification, regardless of the format in which it is held.
The Cayuga Mutual Insurance Company has taken measures to make its employees aware of the importance of maintaining the confidentiality of personal information. Directors and employees will recognize in writing their obligation to preserve the confidentiality of personal information. The Cayuga Mutual Insurance Company will insist businesses providing it with goods and services such as brokers, data processors, loss control managers, claims adjuster, etc. treat personal information as confidential, complying with these guidelines, or as regulated by law.
IX – POLICYHOLDER ACCESS TO PERSONAL INFORMATION
A policyholder, upon written request, shall be given access to their personal information retained by the company. He or she shall be able to challenge the accuracy and completeness of the information and have it amended, erased or completed, as appropriate. The Company shall provide the information in an understandable form; within reasonable time and, if necessary, for a reasonable fee. The Cayuga Mutual Insurance Company has put procedures in place to receive and respond to complaints or inquiries about its policies and practices relating to the handling of personal information.
The Company’s Privacy Officer shall be the person responsible for the protection of personal information. Exceptions to the above access rights will be limited and specific. These may include information that is prohibitively costly to provide, information containing references to other individuals, information that cannot be disclosed for legal, security or commercial proprietary reasons, and information subject to solicitor-client or litigation privilege. When a challenge is not resolved to the satisfaction of the individual, it should be recorded by the Company. A dissatisfied policyholder should be given accurate information as to how to complain to the appropriate federal or provincial authorities.