Reviewed & Approved June 11, 2020
Halifax Regional Municipality Pension Plan Committee Statement of Privacy Principles
The members of the Halifax Regional Municipality Pension Committee (the “Committee”) have a legal and ethical obligation to act in the interests of its plan members, former members and others entitled to benefits (all of whom are referred to as “Beneficiaries” in this statement) under the Halifax Regional Municipality Pension Plan (“Plan”). As part of this obligation, the Committee is committed to respecting the privacy of those Beneficiaries. In addition, the Committee is committed to respecting the privacy of the Committee’s employees (“Employees”).
The purpose of this document is to set out the principles that will guide the Committee’s collection, use and disclosure of the personal information of Beneficiaries and Employees. It is based on the ten principles of the Canadian Standards Association Model Code for the Protection of Personal Information, which has been recognized as a leading, voluntary code of conduct.
In this statement of privacy principles, “personal information” means information about an identifiable individual, but does not include the name, title or business address or business telephone number of an employee of an organization.
Each of the members of the Committee (“Member”) shall have one or more alternates appointed pursuant to the terms of the Plan (“Alternates”). Where the Alternates are acting pursuant to the Plan in place of the Member, the Alternate will be bound by this Statement of Privacy Principles. An Alternate is also bound by this Statement of Privacy Principles where the Alternate obtains any personal information. Absent exceptional circumstances, Alternates will not have access to personal information except in circumstances where the Alternate is acting in place of the Member as provided under the Plan.
Observers are defined in Section 6.11A of the Plan Text (“Observers”). Observers will be bound by this Statement of Privacy Principles. Absent exceptional circumstances, Observers will not have access to personal information unless it is personal information relating to employees of their appointed organization and access is needed for the Observer to perform their function on behalf of the appointing organization.
Employees consist of the Chief Executive Officer (“CEO”), and such other employees hired by the CEO from time to time. Employees will be bound by this Statement of Privacy Principles.
The Committee is responsible for personal information under its control. As part of this accountability, the Committee has designated an individual who is responsible for supervising compliance with this statement and applicable legislation. Inquiries related to our privacy practices may be directed to:
Privacy Officer/Director, Plan Member Services Halifax Regional Municipality Pension Committee
The Committee is responsible for personal information in its possession or custody, including information that it transfers or directs be transferred to a third party for processing. When the Reviewed & Approved March 10, 2016 2 Committee transfers information to a third party for such purposes, it obtains assurances from the organization that the personal information will be protected in the same manner as if the information was being processed by the Committee directly and that it will not be used for any other purposes.
As of the date of this privacy statement, the Committee has contracted with third party service providers for the license, maintenance, and support of the Plan’s administration system and database and a custodian to administer its funds. The Committee has also contracted with an Actuarial Consulting firm for its valuation services, third party providers for the administration of its payroll and provision of employee group benefit coverage, and with HRM Information, Communication and Technology (ICT).
What information we collect and why
Through its appointed administrator, the Committee collects, uses and discloses Beneficiaries’ personal information in order to provide pension benefits to Beneficiaries. As part of this, the Committee provides written statements to Beneficiaries, maintains a database of Beneficiaries, contributions, pension benefits and related information, pays pension benefits to Beneficiaries and confirms eligibility for the payment of benefits. The plan is required to collect and disclose certain information to comply with the law, including the Income Tax Act and the Pension Benefits Act.
The Committee routinely collects basic identifying information about Beneficiaries, including name, address and social insurance number and employee number. In order to calculate contributions and benefits, the Committee collects employment salary information, age, marital status and similar information for beneficiaries. In the event of a divorce and other relationship dissolution, the Committee may be required to refer to any relevant settlement agreement or court order. The Committee also collects, uses and discloses Beneficiaries personal information to administer Reciprocal Transfer Agreements and the purchase of service program.
The Committee collects, uses and discloses Employees’ personal information in order to administer the employer-employee relationship. This includes hiring, administering payroll and benefits programs, employment contracts and providing references for former employees.
At the time that any personal information is collected, the Committee will inform the individual concerned of the purposes for which the information is being collected in a manner that is clear, concise and comprehensible. Depending upon the circumstances of the collection, this information may be provided orally or in writing.
The Committee does not sell its Beneficiaries’ list or provide its Beneficiaries’ personal information to any third parties for any reason other than the legitimate administration of the Halifax Regional Municipality Pension Plan. Similarly, the Committee does not sell its Employees’ list or provide its Employees’ personal information to any third parties for any reason other than the operations of the Committee.
No member of the Committee, Employee, or any subcontractor of the Committee shall disclose any personal information related to any Beneficiary or Employee to any third party unless such disclosure is in accord with this privacy statement and is necessary for the proper administration of the pension plan, the relationship with Employees or the provision of benefits to the Beneficiaries, nor shall anyone make any use of any Beneficiary’s or Employee’s personal Reviewed & Approved March 10, 2016 3 information for any purpose other than the proper administration of the pension plan or the employment relationship. Access to personal information by the Committee, Employees, or any subcontractor shall be on a strict need-to-know basis and the Committee shall have overall responsibility to enforce this provision. Consistent with this general policy, the Committee shall also observe the following procedures:
(a) Personal information of a Beneficiary is provided by the employer directly to the third party administrator appointed by the Committee. Access to such personal information of a Beneficiary held by the third party administrator is restricted to the CEO or a designate, where required for the administration of the Plan. The Committee shall not have access to personal information of the Beneficiary other than where necessary for the administration of the Plan and through a report provided by the CEO, designate of the CEO, third party administrator, or legal counsel. When the Committee must discuss the personal information of a Beneficiary, such discussion shall occur during the in camera portion of a meeting.
(b) Access to personal information of Employees shall be restricted to the CEO, designate of the CEO, the two co-chairs of the Committee or third party service provider where necessary for payroll or other purposes. Access to personal information of the CEO shall be restricted to the two co-chairs of the Committee or necessary third party service providers. In circumstances where required for the administration of the Plan, the co-chairs may make personal information of the Employees available to the Committee and may require the Committee to return or destroy any written or electronic copies of the personal information. Any discussion of personal information of Employees shall occur during the in camera portion of a meeting.
All Employees and Committee members are required to take all reasonable measures to protect Beneficiary and Employee personal information from inappropriate, malicious or accidental disclosure.
Membership in the plan is mandatory for its members and personal information described above is required to properly administer the plan and to provide benefits. The Committee shall not, as a condition of the receipt of benefits, require a Beneficiary to consent to the collection, use, or disclosure of information beyond that required to properly administer the plan and to provide benefits.
There may be circumstances where the consent of an individual may be implied by the circumstances. In such cases, the purposes for the collection and use of personal information must be clearly apparent and the Committee may only use the personal information for the obvious purpose. For example, if an individual asks to be sent a particular form, the Committee will need the individual’s name and address so that we can fulfill the request. In such a case, the Committee can assume that the individual’s request for the form constitutes consent for that specific purpose. In such a case, we will not use that information for any reason other than fulfilling the request.
Limiting collection, use, disclosure and retention
The Committee will not collect any personal information that is not reasonably necessary for the legitimate purposes of administering the plan and the Committee’s operations. The Committee will not use or disclose Beneficiary or Employee personal information without consent for any purpose other than the proper administration of the plan or the employment relationship with Employees, unless the Committee is required to do so by law. The Committee will only retain personal information for as long as is reasonably necessary for the purposes for which it was collected. Personal information that is no longer required to fulfill the identified purposes shall be destroyed, erased, or made anonymous.
The Committee will make reasonable efforts to make sure that personal information is as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used. Information that will be used to make a decision about an individual should be as accurate as reasonably possible. If the Committee does not have confidence in the accuracy of particular information, it will not be used to make any decisions about the individual.
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information. All personal information shall be maintained on a “need to know” basis. All information shall be secured by physical, technical and policy measures as is prudent given the sensitivity of the personal information concerned.
The Committee shall provide specific information about its personal information handling policies and practices to any Beneficiary and Employee upon request.
Information about the Committee’s personal information handling policies to be made available includes:
- the name, title and the address of the person who is accountable for the Committee’s policies and practices and to whom complaints or inquiries can be forwarded;
- the means by which a Beneficiary or Employee may gain access to personal information pertaining to that Beneficiary or Employee held by the Committee;
- a description of the type of personal information held by the Committee, including a general account of its use; and
- what personal information is made available to related organizations.
Upon request, each Beneficiary and Employee shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate. If, in the Committee’s view, the information is accurate, the individual will be able to have the personal information annotated with his or her comments related to the alleged inaccuracy.
An individual requesting access to his or her personal information, or who is inquiring whether the Committee holds any personal information related to him or her, shall be required to provide sufficient identifying information to allow the Committee to confirm his or her identity and to search for his or her personal information.
Beneficiaries also have a right to access certain information under the Pension Benefits Act and associated regulations.
The Committee may refuse to provide access to personal information that is subject to solicitorclient privilege or is related to a formal dispute resolution process. There may also be circumstances where the Committee is legally unable to provide access.
Any individual with concerns related to the Committee’s personal information handling practices or the manner in which his or her personal information has been collected, used or disclosed, should address those concerns to the Committee’s privacy officer indicated on the first page of this document. If the concerns are not resolved to the satisfaction of the individual, it will be referred to Committee. The privacy officer shall investigate the individual’s concerns and shall attempt to resolve any complaint as expeditiously and as fairly as possible. If a complaint is found to be justified, the Committee will take appropriate measures, including, if necessary, amending its policies and practices. If a complaint is not found to be justified, the individual will be informed of this conclusion.
Originally Approved November 30, 2006