Policies governing the protection of personal information
OACIQ
The policies governing the handling and protection of personal information within the Organisme d'autoréglementation du courtage immobilier du Québec (OACIQ) apply to the Fonds d'assurance responsabilité professionnelle du courtage immobilier du Québec (FARCIQ) created by the OACIQ under section 52 of the Real Estate Brokerage Act (CQLR, c. C-73.2). For the purposes hereof, unless the context indicates otherwise, the abbreviation "OACIQ" refers to the OACIQ and FARCIQ.
***
The OACIQ determines the purposes for which personal information is collected. Only the personal information required to carry out the OACIQ's mission is collected.
Personal information may be used only for the initial purposes for which it was collected, unless otherwise provided by law.
A member of the OACIQ's staff or its co-contractor or mandatary may access personal information when necessary in the performance of his or her duties.
OACIQ Privacy Guidelines
- Ensuring the protection and confidentiality of information collected, kept and disclosed through good information management practices.
- Implementing appropriate protection measures to reduce the risk of confidentiality incidents concerning the personal information kept, as well as any other security incidents.
- Implementing and ensuring compliance with the protocol for managing confidentiality incidents affecting personal information to limit the occurrence of incidents and minimize their consequences.
- Training staff members and raising their awareness of the confidentiality of personal information and their responsibilities in this regard.
- Ensuring the integrity of information to prevent it from being destroyed or altered without authorization, and that the medium on which information is stored provides the desired protection and sustainability.
- Ensuring information security risk management.
- Analyzing and knowing the value of the information to be protected, determining the risks involved and establishing an appropriate strategy. The level of protection is established based on:
- The nature of the information and its importance;
- The likelihood of the incident;
- The consequences of the incident.
In addition, the OACIQ:
- incorporates a document management strategy for the entire life cycle of documents, including the retention and destruction of personal information;
- securely destroys personal information once the purposes for which it was collected have been achieved or in accordance with the retention schedule;
- has standardized methods for classifying documents;
- sets up personal information access profiles;
- manages access to information to protect its availability, integrity and confidentiality, for example by:
- intrusion testing exercises to identify entry points that may provide inappropriate access;
- managing physical access to rooms, printers and other locations holding information assets.
The OACIQ determines the roles and responsibilities of its staff members throughout the life cycle of personal information.
The Committee on Access to Information and the Protection of Personal Information performs the role assigned to it by law, particularly with regard to factors relating to privacy, development of policies, analysis and recommendations on improving privacy processes.
The Officer in charge of Access to information and Privacy assumes the functions delegated to him under the Act respecting access to documents held by public bodies and the protection of personal information (CQLR, c. A-2.1) and the Act respecting the protection of personal information in the private sector (CQLR, c. P-39.1). He coordinates staff training on the protection of personal information, ensures consistency in actions relating to information security, access to documents and the protection of personal information.
The Information Security Officer helps determine the strategic directions and intervention priorities relating to information security.
The Information Technology (IT) Department ensures that information security requirements are taken into account in the operation of information systems.
The document management officer works with OACIQ departments to identify, manage, coordinate and implement information security measures, conducts document management projects and ensures compliance with the retention schedule.
All OACIQ staff have the following personal information responsibilities:
- Ensuring the integrity and confidentiality of personal information held by the OACIQ.
- Acting with caution, notably by refraining from using or disclosing information when there is doubt about the applicable rules.
- Complying with all the OACIQ policies and guidelines on access to and security of information and following the instructions provided.
- Respecting the security measures in place at the workstation and on any equipment containing information assets and not changing the configuration of security measures or disabling them.
- Using only authorized equipment and software.
- Ensuring that documents are securely destroyed when the time comes, in accordance with the instructions given by the department concerned.
- Respecting intellectual property rights when using products and documents, where applicable.
- Immediately reporting to one's superior any known act that may constitute an actual or alleged violation of security rules, as well as any anomaly that may adversely affect the protection of the OACIQ's information assets.
- When leaving the OACIQ, handing over the various identity and access cards, all information assets in one's possession, as well as any computer or telephone equipment made available in the course of one's duties.
In accordance with the law, the OACIQ has a Process for handling privacy complaints.
For any questions about the OACIQ's privacy policies, please contact:
Me Caroline Simard, Vice-President, Governance
Person in charge of access to documents and protection of personal information
Organisme d’autoréglementation du courtage immobilier du Québec
4905 Lapinière Boulevard, Suite 2200
Brossard (Québec) J4Z 0G2
Telephone: 450-890-8025
Fax: 450-676-3513
Email: [email protected]