MDA is responsible for all Personal Information under its control.
MDA is responsible for Personal Information in its possession or custody, including information that has been transferred to a third party for processing. It will use contractual or other means to provide a comparable level of protection for information being processed by a third party.
2. Identifying Purpose
MDA will identify and document the purposes for which it collects, uses or discloses Personal Information at or before the time of collection.
MDA collects, uses and discloses Personal Information concerning its members and all licensed dentists and registered dental assistants Manitoba for the following purposes:
MDA will make a reasonable effort to specify the identified purposes, orally or in writing, to the individual from whom the Personal Information is collected either at the time of collection or after collection but before use. MDA will state the identified purposes in such manner that an individual can reasonably understand how the information will be used or disclosed.
MDA will identify any other purposes which may arise for the collection, use or disclosure of Personal Information at or before the time the Personal Information is collected.
If a new purpose arises in respect of Personal Information already collected, MDA will identify the new purpose prior to the use or disclosure of the Personal Information.
MDA collects and uses Personal Information concerning its employees to provide them with information which is relevant to their work or terms of employment or other employment related activities. MDA does not disclose Personal Information of employees for non-employment related activities.
Personal Information will only be collected, used, or disclosed with the knowledge and consent of the individual, except in emergencies and on other occasions permitted or required by law.
The way in which MDA seeks consent, including whether it is express or implied, may vary depending upon the sensitivity of the information and the reasonable expectations of the individual. An individual can withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. MDA will inform individuals of any implications of withdrawing consent.
Typically, MDA will seek consent for the use or disclosure of information at the time of collection. In certain circumstances, such as a proposed use of information for new purposes not previously identified, consent may be sought after the information has been collected but before use.
MDA will not require an individual, as a condition of the supply of its services, to consent to the collection, use or disclosure of Personal Information beyond that required to fulfill legitimate purposes.
In certain circumstances, as permitted or required by law, MDA may collect, use or disclose Personal Information without the knowledge or consent of the individual. These circumstances include Personal Information:
4. Limiting Collection
MDA will limit the amount and type of Personal Information collected to that which is necessary for identified purposes and will only collect Personal Information by fair and lawful means.
5. Limiting Use, Disclosure and Retention
Personal Information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal Information will be retained only as long as necessary to fulfil the identified purposes.
Personal Information which has been used to make a decision about an individual will be retained long enough to allow the individual access to the information after the decision has been made and, in the event of an access request or a challenge, long enough to exhaust any recourse an individual may have under the law. Where Personal Information is no longer required to fulfill the identified purposes, it will be destroyed, erased, or made anonymous.
MDA will use its best efforts to ensure that Personal Information is as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.
MDA will use its best efforts to ensure that Personal Information that is used on an ongoing basis, including information that is disclosed to others, and information that is used to make a decision about an individual is accurate, complete, and up-to-date.
MDA will protect Personal Information with safeguards appropriate to the sensitivity of the information.
MDA will protect Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification regardless of the format in which the information is held. MDA will make its employees aware of the importance of maintaining the confidentiality of Personal Information, and will exercise care in the disposal or destruction of Personal Information to prevent unauthorized parties from gaining access to the information.
Depending on the format of the Personal Information, security measures may include physical precautions such as locking file cabinets and restricting access to cabinets, offices and files, organizational measures such as security clearances and limiting access on a need-to-know basis and technological measures including passwords and encryption.
MDA will make specific information about its policies and practices regarding the management of Personal Information readily available, except to the extent that it is confidential commercial information.
Specifically, MDA will publicize information about:
9. Individual Access
Upon receipt of a written request, MDA will inform an individual of the existence, use and disclosure of his or her Personal Information and will give the individual access to that Personal Information, which may be challenged and corrected, depending on the circumstances.
MDA will respond to all individual written requests within a reasonable time, usually about ten (15) business days, depending upon the complexity of the request and the information, and will assist any individual who informs MDA that he or she needs assistance in preparing a request. MDA may require an individual to provide additional information which will assist it in providing an account of the existence, use, and disclosure of Personal Information.
MDA will usually provide the requested information without charge. However, MDA reserves the right to impose a charge, depending on the extent of the request and retrieval of information required. MDA will inform the individual of the approximate amount of any charge to respond to the request and will not retrieve the information until payment is made. Requested information will be provided in a form that is generally understandable. Where possible, MDA will indicate the source of the information.
If an individual successfully demonstrates the inaccuracy or incompleteness of Personal Information, MDA will amend the information as required. If a challenge is not resolved to the satisfaction of the individual, MDA will record the substance of the unresolved challenge. MDA will advise third parties having access to the information of any amendments, or unresolved challenges, as the case may be.
In certain situations, MDA may refuse a request or restrict access to all the Personal Information it holds about an individual. Exceptions to the access requirement will be limited and specific, as permitted or required by law. The reasons for denying or restricting access will be provided to the individual upon request, where permitted by law, and may include:
10. Challenging Compliance