Summary of Principles
PRINCIPLE 1 – ACCOUNTABILITY
JOHNSTON, JOHNSTON & ASSOC. is responsible for personal information under its control and shall designate one or more persons who are accountable for JOHNSTON, JOHNSTON & ASSOC.’s compliance with the following principles.
PRINCIPLE 2 – IDENTIFYING PURPOSES FOR COLLECTION OF PERSONAL INFORMATION
JOHNSTON, JOHNSTON & ASSOC. shall identify the purposes for which personal information is collected at or before the time the information is collected.
PRINCIPLE 3 – OBTAINING CONSENT FOR COLLECTION, USE OR DISCLOSURE OF PERSONAL INFORMATION
The knowledge and consent of a client or employee are required for the collection, use, or disclosure of personal information, except where inappropriate.
PRINCIPLE 4 – LIMITING COLLECTION OF PERSONAL INFORMATION
JOHNSTON, JOHNSTON & ASSOC. shall limit the collection of personal information to that which is necessary for the purposes identified by JOHNSTON, JOHNSTON & ASSOC. JOHNSTON, JOHNSTON & ASSOC. shall collect personal information by fair and lawful means.
PRINCIPLE 5 – LIMITING USE, DISCLOSURE, AND RETENTION OF PERSONAL INFORMATION
JOHNSTON, JOHNSTON & ASSOC. shall not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law.
PRINCIPLE 6 – ACCURACY OF PERSONAL INFORMATION
Personal information shall be as accurate, complete, and up to date as is necessary for the purposes for which it is to be used.
PRINCIPLE 7 – SECURITY SAFEGUARDS
JOHNSTON, JOHNSTON & ASSOC. shall protect personal information by security safeguards appropriate to the sensitivity of the information.
PRINCIPLE 8 – OPENNESS CONCERNING POLICIES AND PROCEDURES
JOHNSTON, JOHNSTON & ASSOC. shall make readily available to clients and employees specific information about its policies and procedures relating to the management of personal information.
PRINCIPLE 9 – CLIENT AND EMPLOYEE ACCESS TO PERSONAL INFORMATION
JOHNSTON, JOHNSTON & ASSOC. shall inform a client or employee of the existence, use, and disclosure of his or her personal information upon request and shall give the individual access to that information. A client or employee shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
PRINCIPLE 10 – CHALLENGING COMPLIANCE
A client or employee shall be able to address a challenge concerning compliance with the above principles to the designated person or persons accountable for JOHNSTON, JOHNSTON & ASSOC.’s compliance with The JOHNSTON, JOHNSTON & ASSOC. Privacy Code.