logo for The Public Accountants Council for the Province of Ontario

Privacy Policy (March 27, 2007)

Preamble

The Public Accountants Council for the Province of Ontario (the Council) was established under the Public Accounting Act, 2004 (the Act) for the purpose of ensuring that public accounting in Ontario is practised in accordance with internationally respected public accounting standards that reflect the public interest in the delivery of superior quality public accounting services.

The Council is responsible for overseeing the regulation of public accounting in the public interest by:

The term “designated body” means each of the Certified General Accountants Association of Ontario, the Institute of Chartered Accountants of Ontario, and the Society of Management Accountants of Ontario.

In the course of fulfilling its mandate, the Council may collect, use and disclose personal information regarding:

The Council’s collection, use and disclosure of personal information in the course of carrying out its activities are done for the purpose of overseeing the regulation of public accounting in the public interest. These regulatory activities are not of a commercial character. Accordingly, the performance of the Council of its statutory duties is not covered by the federal privacy legislation. The Council has voluntarily adopted this Privacy Policy to provide a voluntary mechanism through which the Council can provide appropriate privacy rights to individuals involved in the Council’s activities while still enabling the Council to meet its obligations.

 

Definition of Terms

The following terms used in this Privacy Policy have the meanings set out below:

 

Principle 1 – Accountability

The Chief Executive Officer (CEO) of the Council is accountable for compliance with these policies and procedures.

The Council will provide orientation and training to all new employees and appointees as well as all members of Council, committees or working groups that collect, use or disclose personal information.

 

Principle 2 – Identifying Purposes

The purpose for which the Council collects, uses and discloses personal information is to administer and enforce the Legislation.

The Council collects and uses personal information from the designated bodies and/or other persons for purposes including:

Personal information regarding members is collected by the Council from time to time and at regular intervals. The Council may collect and use personal information from the designated bodies and other persons, for the purposes set out above and as required by law.

The Council will collect, use and disclose personal information for purposes authorized by law. Where appropriate, the Council will clearly state the identified purposes for such collection, use and/or disclosure.

 

Principle 3 – Consent

The Council collects personal information for purposes outlined in the Preamble including for the purpose of the administration and enforcement of the Legislation. In carrying out its mandate, the Council has a duty to serve and protect the public interest.

Where appropriate, the Council will make a reasonable effort to specify the identified purposes to the individual from whom the personal information is collected as described in Principle 2. Personal information will only be collected, used or disclosed without the knowledge or consent of the individual for the purpose of the administration and enforcement of the Legislation and in accordance with the provisions of the Legislation.

 

Principle 4 – Limiting Collection

The Council collects only the personal information that is required for the purposes identified in Principle 2 of this Privacy Policy and in accordance with the provisions of the Legislation. The Council collects personal information using procedures that are fair and lawful.

 

Principle 5 – Limiting Use, Disclosure and Retention

The Council uses personal information only for the purposes identified in Principle 2 and in accordance with the provisions of the Legislation. The Council has a record retention policy in place and conducts regular audits to ensure that personal information that is no longer required to be kept is destroyed, erased or made anonymous. Specific information regarding the record retention policy can be obtained by contacting the CEO.

 

Principle 6 – Accuracy

It is in the best interest of the public that Council collects, uses and discloses only accurate personal information. The Council therefore uses its best efforts to ensure that the information it collects, uses and discloses is accurate.

 

Principle 7 – Safeguards

The Council ensures that personal information it holds is secure. The Council ensures that personal information is stored in electronic and physical files that are secure. Security measures are in place to safeguard this information which includes restricting access to personal information to authorized personnel, ensuring that physical files are under lock and key and ensuring that electronic files are password protected. The Council reviews its security measures periodically to ensure that all personal information is secure.

Employees of the Council receive an orientation and ongoing training regarding the information safeguards required for personal information and their importance.

The Council ensures that personal information that is no longer required to be retained is disposed of in a confidential and secure fashion.

 

Principle 8 – Openness

The Council’s personal information management policies and procedures are available to the public.

 

Principle 9 – Individual Access

Access

In cases where the personal information forms part of a record created by another organization, the Council will refer the individual to the organization that created the record (unless it is inappropriate to do so) so that the individual may obtain access to the personal information from the organization rather than the Council.

Where the Council holds personal information about an individual, upon written request, the Council may allow access to the information to that individual, unless providing access could reasonably be expected to interfere with the administration or enforcement of the Legislation or it is impracticable or impossible for the Council to retrieve the information.

Examples of situations where access may be denied include:

While the Council’s response will typically be provided at no cost or minimal cost to the individual, depending on the nature of the request and the amount of information involved, the Council reserves the right to impose a cost recovery fee. In these circumstances, the Council will inform the individual of the approximate cost to provide the response and proceed upon payment by the individual of the cost.

The Council will make every effort to respond to the request within thirty days and to assist the individual in understanding the information.

In the event that the Council refuses to provide access to all of the personal information it holds, then the Council will provide reasons for denying access.
 

Challenging accuracy and completeness of personal information

An individual has the right to request a correction of what in his or her view, is erroneous information. Where the information forms part of a record created by another organization, then the Council will refer the individual to the organization that created the record (unless it is inappropriate to do so) so that the individual may challenge the accuracy or completeness of the information.

Where an individual is able to successfully demonstrate that the personal information is inaccurate or incomplete, and where the Council has created the record, the Council will amend the information (i.e. correct or add information). In amending or correcting a record, the Council may not obliterate the original entry or information.

In addition, where appropriate, the Council will use its best efforts to notify any third parties to whom the Council has disclosed the erroneous information.

Where there is a dispute between the individual and the Council as to the accuracy or completeness of the information, then the Council will document the details of the disagreement, and where appropriate, will use its best efforts to advise any third party who received the contested information from the Council, of the unresolved disagreement.

 

Principle 10 – Challenging Compliance, Complaints or Questions

Complaints or questions regarding the Council’s compliance with this Privacy Policy should be directed to the CEO, who can be reached at The Public Accountants Council for the Province of Ontario, 1200 Bay Street, Suite 901, Toronto, Ontario, M5R 2A5 or by phone at 416-920-1444, or by email at kbowman@pacont.org.

back to top