For the purpose of this policy, a reference to “we”, “us” and “our” is a reference to ACFO, and a reference to an ACFO employee also includes a reference to an officer or board member of ACFO, or any other person acting in an official ACFO capacity, wherever applicable.
It is the responsibility of ACFO and all of its employees to safeguard the personal information obtained from ACFO members.
Personal information is information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization. Personal information relating to an ACFO member shall not be used or disclosed for purposes other than those for which we have collected it, except if we receive consent from the member.
This policy sets out the 10 principles of fair information practices that ACFO will employ to assist in the care, collecting, using and disclosing of personal information of ACFO members.
The President of ACFO has ultimate accountability for ACFO’s compliance with the privacy regime. The individual holding that office will hold the title of the Chief Privacy Officer (CPO).
- Identifying Purposes
ACFO members must be advised as to why we are collecting their personal information and how it will be used, i.e. to represent them as our member, to add them to our membership list, to maintain mailing lists and to provide them with any member benefits provided by ACFO. This should all take place when a member joins ACFO and signs a membership form.
Members must be advised as to how and when their personal information will be stored, used and disclosed. Record their consent on their membership forms, and elsewhere as appropriate.
- Limit Collection
The amount and type of personal information collected from ACFO members should be limited to the mandate of ACFO and to representing them and providing them services and benefits accordingly. If a member asks, we must explain why the information is needed.
- Limiting Use, Disclosure and Retention
It is our responsibility to use or disclose personal information from an ACFO member only for the purpose for which it was collected, unless we obtain consent or as required by law. Personal information should be kept on file only as long as necessary.
We must remain committed to maintaining accurate, complete and up-to-date personal information in ACFO member files. Information should be updated in our files and systems as required for the purpose for which it was collected. By keeping information accurate we will minimize the possibility of using incorrect information when making a decision or disclosing information.
It is our responsibility to safeguard ACFO member personal information against loss, theft or unauthorized access. Safeguards must be adhered to regardless of the format in which personal information is held.The following procedures must be followed:
- All files containing personal information must be returned to filing cabinets or offices at the end of the workday.
- No discarded materials with ACFO member personal information is to be placed in open recycle bins; it is to be shredded.
- Files containing member personal information cannot be taken out of the office by anyone other than regular ACFO staff and only when it pertains to their duties or with the express written permission of the CPO.
- Doors are not to be propped open and locks are not to be bypassed unless monitored by an employee of ACFO.
- Computer files and systems are to be safeguarded using reasonable information and communications technology security means and practices.
- Computers are to be shut down at the end of the workday and made inaccessible to unauthorized users during any other time during the workday when employees are away from computers for an extended time.
- Passwords and door codes/keys are not to be given to anyone who is not an employee of ACFO, or otherwise authorized to access ACFO premises for maintenance purposes.
- Visitors, other than maintenance or utility personnel, should be escorted by ACFO employees while on ACFO premises.
- Personal information that has no relevance to a particular matter must either be removed or masked when providing copies of the information to others for another purpose, and that purpose must be a legitimate one for which the disclosure is necessary and authorized.
Upon request, ACFO employees must inform an ACFO member of all personal information ACFO has on file with respect to that member. Should the member request access to this information it must be made available. If the member challenges the accuracy and completeness of the information, it is to be amended if necessary to improve accuracy or completeness.
- Provide Recourse
Should a complaint be brought to the attention of any ACFO employee regarding the handling of member personal information, it should be immediately forwarded to ACFO’s CPO.
The contact information for the CPO is:
Chief Privacy Officer
Association of Canadian Financial Officers
400 – 2725 Queensview Drive
Ottawa, ON K2B 0A1
Telephone: 613-728-0695 (National Capital Region)
1-877-728-0695 (outside the National Capital Region)