The following privacy code is from CAIP's Web site, which will be reviewed yearly.
CAIP welcomes your comments on its privacy code. Republished with permission.

Purpose of the CAIP Privacy Code

In October 1996, CAIP released its voluntary Code of Conduct which stated that privacy was of fundamental importance to its members and that they would respect and protect the privacy of their users and would disclose personal information to law enforcement authorities only as required by law.

CAIP supports industry self-regulatory efforts in several areas, including privacy. The CAIP Privacy Code is based on the new Canadian Standards Association Model Code for the Protection of Personal Information, CAN/CSA-Q830-96 (the "CSA Code"), which was published as a National Standard of Canada. CAIP has attempted to apply the principles of the CSA Code specifically to the online environment in developing its own CAIP Privacy Code.

CAIP will continue to review the CAIP Privacy Code (the "Code") at least every year to make sure it is relevant and remains current with changing technologies, current regulatory regimes and the evolving needs of its members and their users.

Scope and Application

The CAIP Privacy Code is a voluntary code that represents a formal statement of principles and guidelines concerning the minimum protection that CAIP members will provide to their users regarding the protection of personal information.

The Code applies to the management of personal information about a member's users in any form whether oral, electronic or written that is collected, used or disclosed by the member.

This model is intended to help members develop their own privacy code and policies. The Code consists of ten principles that are closely related. Where a member chooses to adopt the principles of the CAIP Privacy Code, the member undertakes to follow all ten principles.

In addition, a member may define how it subscribes to each principle, modify details to provide specific examples, and include additional measures for the protection of privacy.

Definitions

Because the following words have specific meanings, they have been defined here at the beginning of the Code.

clickstream data - data derived from a user's navigational choices expressed during the course of visiting a World Wide Web site or other online areas.

collect - to gather, acquire, record or obtain personal information, from any source, by any means.

consent - voluntary agreement with the collection, use and disclosure of personal information. Consent can be expressed, implied, or provided through an authorized representative. Express consent can be given orally, electronically or in writing, but is always unequivocal and does not require any inference by the member seeking consent. Implied consent arises where consent may reasonably be inferred from the action or inaction of the user.

disclose - to make personal information available outside the member to a third party.

member - individual, organization or entity that belongs to CAIP and agrees to adhere to the CAIP Privacy Code. Each member may further tailor the CAIP Privacy Code and define clearly what affiliates, if any, are included in its definition of "the member" and bound by its code.

personal information - information about a user that is recorded in an individually identifiable form, but does not include aggregated information that cannot be associated with a specific user.

Personal information includes but is not limited to information such as a user's name, postal and electronic addresses, age, gender, income, employment, credit information, billing records, and the like. Clickstream data is only considered personal information if it is linked to other personal information about a user.

third party - an individual or organization outside the member.

use - to manage personal information by and within the member.

user - an individual who uses, or applies to use, a member's products or services.

The Ten Privacy Principles

The following ten principles seek to balance the application of information age technologies with the privacy concerns of users:

1. Accountability 2. Identifying purposes for collection of personal information 3. Getting the user's consent 4. Limits for collecting personal information 5. Limits for using personal information

6. Keeping personal information accurate 7. Safeguarding personal information 8. Making information about policies and procedures available to users 9. User access to personal information 10. Handling questions and complaints

 

1. Accountability

Members are responsible for personal information under their control.

Members are also responsible for any personal information transferred to third parties for processing on their behalf and should use contractual or other means to provide a comparable level of protection.

Members will designate one or more persons to be accountable for compliance with these principles.

Members will identify internally the person, or persons to be accountable for compliance. Members will identify to users a method to contact such person or persons. Depending on the size of the organization, other individuals within the member may act on behalf of the designated person or take responsibility for the day-to-day collection and management of personal information.

Members will establish necessary policies and procedures implement and comply with their own privacy codes, such as procedures for the collection, handling, storage and destruction of personal information, to train staff and to deal with complaints.

 

2. Identifying the purposes for collection of personal information

Members will identify the purposes of collecting personal information, before or at the time the information is collected.

Members may collect personal information for any specified purpose. Generally, members collect personal information for the following purposes:

i) to establish and maintain responsible commercial relations with users and to provide ongoing service;

ii) to understand user needs;

iii) to develop, enhance, market or provide products and services;

iv) to manage and develop the member's business and operations;

v) to meet legal and regulatory requirements.

Members will identify their purposes for the collection, use and disclosure of personal information electronically, in writing or orally, and in language that users can easily understand.

Members will not use or disclose personal information for any purpose beyond that for which it was originally collected without first identifying the new purpose and getting the user's consent.

 

3. Getting the user's consent

The knowledge and consent of the user are required for the collection, use or disclosure of personal information, except where inappropriate.

Members, however, may collect, use or disclose personal information without the user's consent for legal, urgent medical, or security reasons.

Members will make a reasonable effort to inform users how the personal information collected will be used and disclosed.

Generally, a member will seek consent to use and disclose personal information at the same time it collects it. Sometimes, however, a member may identify a new purpose and seek consent to use and disclose personal information after it has been collected.

A user's consent can be expressed, implied, or given through an authorized representative. In determining the appropriate form of consent, the member will take into account the sensitivity of the information and reasonable expectations of a user.

Members will provide full and fair disclosure of its collection use and disclosure pursuant to these principles and will not deceive a user into giving consent.

A user can withdraw consent to use personal information at any time, subject to legal or contractual restrictions and reasonable notice. Members should inform users of the implications of withdrawing consent and how to do so.

 

4. Limits for collecting personal information

Members will collect only the amount and type of personal information needed for the purposes they have identified.

Members will collect personal information using procedures that are fair and lawful.

When a member collects clickstream data that will be linked with personal information, the member will advise users what information is being collected and how it will be used. Otherwise, the collection, use or disclosure of clickstream data is not restricted.

Although a member will collect personal information primarily from users, it may also collect personal information from other sources including credit bureaus, or other third parties who represent that they have the right to disclose the information.

 

5. Limits for using, disclosing, and keeping personal information

Members will use or disclose personal information only for the purposes it was collected, unless a user gives consent or as required by law.

A member may disclose personal information without consent when required to do so by law, e.g. subpoenas, search warrants, other court and government orders, or demands from other parties who have a legal right to personal information, or to protect the security and integrity of its network or system. In such circumstances, a member will protect the interests of its users by making sure that:

i) orders or demands appear to comply with the laws under which they were issued; and

ii) it discloses only the personal information that is legally required, and nothing more.

A member may notify users that an order has been received, if the law allows it.

Only a member's employees with a business need to know, or whose duties so require, should be granted access to users' personal information.

Members will keep personal information only as long as necessary to fulfill the identified purposes.

Depending on the circumstances, personal information used to make a decision about a user should be kept long enough to allow the user access to the information after the decision has been made.

Members will keep reasonable controls, schedules and practices for information and records retention, and will destroy, erase or make anonymous within a reasonable period of time any personal information no longer needed for its identified purposes or for legal requirements.

 

6. Keeping personal information accurate

Members will keep personal information as accurate, complete and up-to-date as necessary for the purposes for which it is to be used

Members may rely exclusively on the representation provided by their users in determining the completeness, accuracy, and timeliness of the personal information. This Principle does not imply any obligation on the member to seek independent verification of any personal information supplied by the user.

 

7. Safeguarding personal information

Members will protect personal information with safeguards appropriate to the sensitivity of the information.

Members will use appropriate safeguards to protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction.

 

8. Making information about policies and procedures available to users

Members will be open about the policies and procedures they use to manage personal information. Users will have access to information about these policies and procedures and the information will be easy to understand.

Members will make reasonable efforts so that users are made aware of the existence and location of their policies. Such efforts may include posting the policy online and making available information on how to access and correct personal information.

 

9. Providing user access to personal information

When users request it, members will tell them what personal information the member has, what it is being used for, and to whom it has been disclosed, and will give them access to their information.

In certain situations, however, members may not be able to give users access to all personal information they hold about the user, e.g. the information is unreasonably costly to provide, the information contains references to other users, the information cannot be disclosed for legal, security or commercial proprietary reasons, the information is subject to solicitor-client or litigation privilege. Members will explain the reasons for denying access when users ask.

In providing an account of the use and disclosure of personal information, members should state the source of the personal information where reasonably possible. Members will provide a list of the third parties to which it may have disclosed the user's personal information when it is not possible to provide an actual list.

In responding to a user's request, members will provide personal information in an understandable form, within a reasonable time and at minimal or no cost to the user.

Users will be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

Members should keep records of any unresolved challenges to a user's personal information. Members will ensure that all subsequent transmissions of personal information shall include any amended information or the existence of any unresolved challenges. Where appropriate, members will transmit to third parties having access to the personal information in question any amended information and the existence of any unresolved challenges.

 

10. Handling users' complaints and questions

Users may challenge a member's compliance with its own privacy code. Members will have policies and procedures to receive, investigate and respond to users' complaints and questions.

Members will respond to all complaints and questions in a timely manner under the circumstances. Members will make their complaint escalation process known to their users.

Member Notes on Draft Code

• The definition of "consent" includes the option for a user to provide oral consent. We have left this option in our draft code because it exists in the national standards although we encourage CAIP members to rely primarily on electronic or written authorization given the uncertainties inherent in oral consent.

• At the present time, the definition of "member" is not meant to imply that adherence to the draft code is a requirement of becoming and remaining a current CAIP member. CAIP members are strongly encouraged to implement this code, and depending upon federal legislative initiatives, the code may become mandatory in the future.

• We have left the third principle identical to how it appears in the national standard. However, the second paragraph comment has been revised to reflect that members must make reasonable efforts to "inform users" about their policies rather than being guarantors of user knowledge. It is simply not possible for CAIP members to ensure what a user does or does not understand, we can only provide full and fair notice.

• On the fifth principle, the second italicized item, the first paragraph about retaining personal information so that a user may access. This item offers a general guideline for the retention of information that may have been used to base a negative decision about a user. For example, if a user's account was rejected, they may wish to appeal that decision and the information should be retained for a reasonable period to enable them to do so.