During the course of our job as insurance brokers we are often presented with personal information of our clients. We strongly believe that our clients deserve the right to privacy when it comes to the voluntary disclosure of these personal details. It is important that this information is only obtained and shared with the consent of our clients and only with the insurance carriers and intermediaries that quote and issue insurance policies. Ultimately, this information should only be used for the original purposes for which it was collected.
We ensure that we only collect these personal details in accordance with the privacy responsibilities and guidelines outlined within the Personal Information Protection and Electronic Documents Act  (PIPEDA) and in accordance with all of our regulatory bodies. As insurance is an ever changing industry we must continuously review and update our procedures to ensure the security and proper usage of the personal information collected from our clients.
Often times we are presented with questions by our customers as to how their private information is handled when issuing an insurance policy. We have done our best to detail the most commonly asked questions and list the answers below to gain a better perspective of the steps Sacraw Canada Corp. has taken to protect your personal information. The security of this information, reasons for collecting, and methods for deleting data are all explained in further detail below.
- Who is Our Privacy Officer?
We provide an avenue for an individual with a concern or complaint to contact our Privacy Officer should they be unhappy with our service provided. If you have any concerns, please contact:
Tel: (888) 997-4245 ext. 702 steviecrawford@Sacraw.com
- What information do we collect?
We only collect details that are both required and relevant to our insurance applications, endorsements, and questionnaires to issue, modify, and maintain insurance for our clients. One of our guiding principles is that of protecting our clients’ personal data. We promise to never share this information with any third parties unrelated to the process of issuing an insurance policy.
- Why is it collected?
In order for the insurers we represent to calculate premium they often require personal details about your insurance history. What makes these details relevant to an insurance company are factors filed and approved by the Financial Services Commission of Ontario (FSCO). We collect this data on behalf of the insurer under a unique contract of utmost good faith. This simply means that we operate on the highest levels of honesty and integrity as an agent for both you and the insurance companies we represent. After collecting this information, it is used to determine a rate. We collect information relevant to your policy, these include details like your date of birth, occupation and where you live. This process is wholly regulated by the Financial Services Commission of Ontario.
- How is it collected?
Like most businesses we collect data through phone, fax, e-mail, or Web Site requests. Other information may be gathered from insurance reporting systems common to all brokers. We only collect this data with your consent and only if necessary to confirm application details or gather additional information.
- Why is it kept?
After collection, some of this data is purged from our system after set periods of time when it is determined it is no longer relevant. Information is collected solely to assess risk and maintain contact with our clients. At Sacraw Canada Corp. we do not disclose your information to third parties for marketing purposes.
- Who has access to this information?
Information gathered by brokers is to be held in the strictest confidence and is only ever referred to insurers or staff underwriters on the basis of determining a rate, coverage, or making a change to an existing policy. Only the broker who issues a quote and our staff have access to your private information. Should you wish to proceed with an insurance policy then your personal information is referred through the underwriting channel to do so.
- To whom is it disclosed?
The information gathered by our brokers and underwriters is only shared with our insurance carriers after having our client sign a Client Consent Form. This Client Consent Form was written to specifically meet the unique needs of consent requirements outlined in PIPEDA. It asks for our clients permission to collect, use, and disclose personal information.
- When is it disposed?
Private data is held only as long as it reasonably should. As an example, credit card data collected to pay for a policy is only to be kept for a very short period of time after which it is to be purged from our system.
As an example, where coverage is concerned, we may keep some policy coverage forms for up to ten years to ensure we have documented coverage should a claim arise in the future. This way we can reference a policy wording to show coverage if the need were to arise. Ultimately, our trusted staff understands that the collection of our clients personal information should be disposed of regularly where it becomes no longer relevant to assess their insurance policy.
- Our Commitment to Privacy
We are committed to protecting your privacy. In doing so we have taken certain measures to protect your personal information.
- Identifying purposes
We must explain the purposes for which we are collecting data (e.g. to complete an assessment of risk, issue a policy, process a claim, complete a quote) and we will be upfront when dealing with you.
We believe in informed consent. You must be informed that personal information will be used to determine a quote or issue a policy. We ask out clients for their consent to collect, use, and disclose personal information for these reasons before issuing a policy. Customers must be informed in a meaningful way of the purposes for the collection, use and disclosure of their personal information. We must then document their consent with their signature on a Client Consent Form, meeting guidelines outset by PIPEDA and our regulatory bodies.
- Limiting collection
The collection of information should be limited to that which is only necessary in order to process an insurance application or endorsement. It should not be used outside of the intent for which is was originally disclosed. Information gathered can only be used for the disclosed purposes for which it was collected (generally only for insurance quotes, we must maintain the client’s information strictly confidential and their personal details cannot be referred to third party businesses unless with their explicit written consent as per regulatory guidelines).
- Limiting use, disclosure, and retention
We limit the use of your personal information to what is only necessary. It is retained for necessary periods of time and if not necessary it is purged from our systems (e.g. if collecting a credit card number to process policy payment, it should be disposed of after processing payment for the policy). We destroy, erase, or render anonymous information that is no longer required for an identified purpose or a legal requirement. We keep personal information used to make a decision about a person for a reasonable period of time. (e.g. when a client meets an underwriting declination rule this should be outlined in our agency manager notes and documented should the person request to obtain the information after a decision).
We are precise when collecting information, as a description of what personal information is made available to other organizations (including third parties and subsidiaries) and why it is disclosed. We allow access for our customers to update their personal records should they request them. Please contact our Privacy Officer for your personal records by referencing the contact information above. We conduct a review of security procedures periodically to ensure updates are completed as our business changes.
We protect your information in encrypted servers that require password access. Our servers are located terminally away from our local desktops and laptops. We dispose of information that does not have a specific purpose or that no longer fulfils its intended purpose. All offices use paper shredders to destroy information that is no longer required that would be considered sensitive personal data. We protect personal information against loss or theft, the more data you collect the more secure the data should be kept (a reasonable amount of protection should be used to encrypt or securely connect computers sharing the sensitive data).
- Openness and Honesty
We have organizational controls in place on a ‘need-to-know’ basis. Selected staff and brokers only have access to information that is pertinent to their jobs. We have a duty to inform our customers, clients, and employees of why we have our information collection practices in place. We operate on a contract of utmost good faith.
- Individual access
Appropriate measures to correct all information handling practices will be handled immediately and policies should be updated based corrective actions dealt with in each formal complaint.
- Challenging compliance
When a customer has an issue with the security of their private data we handle all complaints seriously. It should also be noted that all complaints must be handled, regardless of their merit. Our goal is to make the process for challenging compliance simple and easy.