Home Contact
Welcome to HKA Data Welcome to HKA Data HKAData HKA Data Processing HKA Data Processing Corporation HKA Data Welcome to HKAData
The Company
Our Services
Client List
Testimonials
Case Studies
Quotation
HKA
Our Services

PIPEDA Compliance

Commencing January 1, 2004, The Ontario Government instituted regulations regarding the use of personal and private information. This Act is called PIPEDA (Personal Information Protection and Electronic Data Act)

Traditional methods of direct communication with consumers, whether it is from a direct mail campaign or a telephone call, must cease if the individual requests it.
HKA Data has been working with databases for all types of industries for over 20 years. Our attention to detail in ensuring the privacy of our clients' database information has been unsurpassed. We have worked hard to maintain a reputation of quality to gain the confidence of our clients.

To expand on this, HKA Data has prepared a list of the principles outlining the details of the Act and the expectations of both us and that of clients as it relates to data maintenance. As a third party, we commit to you our adherence to the principles below.

PIPEDA Privacy Principles

Principle 1: Accountability
Definition: An organization is responsible for the personal information within its possession or custody. This includes information supplied to a third party for processing.

We hold all personal information in-house. If, with your permission a third party holds data, we ensure that they are PIPEDA compliant.
A third party clause will be implemented in the event that private information is made available to third parties for production purposes. This will be handled with the consent of you, our client, and with the procedures outlined within our contractual obligation.


Principle 2: Identifying Purposes
Definition: The purposes for which personal information is collected shall be identified at or before the time the information is collected. New uses must be disclosed.

HKA Data Processing Corporation operates as a service bureau to a number of organizations and corporations. We are asked to perform many services on behalf of our clients such as call centres for inbound/outbound communication as well as event registration and are sometimes monitored at the request of clients.

Our staff will always identify themselves prior to commencing any dialogue and request the time and attention of the participant prior to any questions. Should the participant request that they be taken off a list, we will comply and notify our clients of this request when all solicitation calls are complete.

Additional fields to track this new information is available for audit and can be embedded in the data we forward to you.


Principle 3: Consent
Definition: The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except where inappropriate. No Grandfathering.

The only way this principle applies within a third party relationship is at the time of updating contact information in the database. At the point of providing outbound call service and are updating information on the clients behalf, it is the obligation of the customer service representative to identify themselves, the reason for the telephone call and to secure the consent of the called party to use the information for a specific purpose. Alternately, we can provide fulfillment services outlining the details of information collected and have the individual sign off on it and make any revisions as is necessary for accuracy.

No Grandfathering simply means that any information collected prior to January 1, 2004 is no longer valid without the consent of the individual.

Principle 4: Limiting Collection
Definition: The collection of personal information must be limited to what is necessary for the purposes identified by the organization.

With respect to your data, it is wise to limit the amount of information collected regarding an individual. This holds true to lower your administration cost in collecting, storing, retaining and archiving data.
Determine what information you require and eliminate unnecessary data.


Principle 5: Limiting Use, Disclosure & Retention
Definition: The use and disclosure of personal information is to be limited to the purposes for which it was collected, except with the consent of the individual or as required by law.

HKA Data will work with you determine the following:

  • Hold all information for as long as is predetermined as necessary.
  • Work with you to put guidelines in place for retaining and/or destroying personal information
  • Destroy, erase or render anonymous information that is no longer required for an identified purpose or a legal requirement

As a database management company, our goal is to maintain the integrity of your customer information and to make sure that the information is up to date and accurate. With a regular data cleansing, usually twice per year, we will identify and eliminate any data that are not longer deemed necessary.

A padded database will work against any marketing efforts. A regular review of your database will save you time, money, marketing materials as well as staying compliant to privacy issues.

Principle 6: Accuracy
Definition: Personal information shall be as accurate, complete and up-to-date as necessary for the purposes for which it is to be used.

HKA Data will work with you to minimize the possibility of inaccurate data.

For data management, your customers can access the information they require by calling our customer service representatives. To ensure privacy, we will install a number of questions that must be answered to clearly identify a person prior to releasing any of their information. You predetermine the list of questions.

Principle 7: Safeguards
Definition: An organization has an obligation to ensure that any personal information collected is protected. Protection should include physical, organizational and technological measures.

As mentioned in Principle 6, we will work with you to develop security systems that clearly identify a person who requests access to their information.

Our internal computer systems are restricted to personnel who "need-to-know" and have access to databases for their intended purpose. All information is secure from the rest of the company.

Principle 8: Openness
Definition: An organization must make public information about its privacy policies and practices.

That includes:

  • The name of the Privacy Officer
  • The way by which an individual can access their information
  • What personal information is made available to related organizations
  • Description of the type of information held by an organization
  • A copy of any policies, standards, and procedures the organization has
A copy of any policies, standards, and procedures the organization has.
This principle, for a third party, is the most important aspect our relationship with our clients. As we have always stated "Any information we store on behalf of our clients are the property of our clients. The information is always readily available in any format they would like to view it-portal, FTP site, spreadsheet, etc). This service has never changed nor will it in the future.

Our Privacy Officer is: Kevin Andrien
Telephone Number: (905) 479-8661

Policies & Procedures:
1. A request in writing must be made in order to retrieve data on our clients' behalf.
2. The request must be made to the Privacy Officer or his designate and must allow 3 business days to process the order.
3. The request must clearly define the intended purpose.
4. Our Policy Officer will have the authority to refuse a request if:

  • The request is too broad and does not clearly define it's use
  • If there is no approval signature by your organizations Privacy Officer
  • If the request is from an individual in the organization who does not have authority to request information. The Client must provide a list to HKA Data Processing Corporation.

Principle 9: Individual Access
Definition: Upon request, an individual must be given access to any personal information held by an organization. The organization must inform the individual of the uses it has made of the information, as well as any third partied to whom the information has been disclosed. Individual requests must be made in writing and an organization must respond within 30 days.

Though we are not directly involved in how the information is used by our clients, we can provide a history or file on the consumer based on all the information stored to date and will retrieve any information upon our clients' request. We do ask that you provide HKA Data a request in writing and allowing for 3 business days in order to retrieve the information and securely pass the information along.

Principle 10: Challenging Compliance
Definition: Organizations shall put procedures in place to receive and respond to complaints or enquiries about the policies and practices relating to the handling of personal information. An individual may challenge the accuracy and completeness of the information. I fan individual demonstrates his/her personal information as inaccurate or incomplete, the organization must amend the information.

HKA Data will respond and update any inaccuracy of information on the databases held by our clients. A request to amend or change information shall be put in writing and allow for two weeks to process the request. A report will be sent out to our client with the changes, the date of changes made and who made the changes.

 

Event Registration
Donor Tracking
© 2005 HKAData Processing Corporation. All Rights Reserved.