The Organization shall inform an individual of the purpose for which it collects and uses
the Private Information and the types of non-agent third parties to which the Organization
discloses or may disclose that Information. The
Organization will provide the individual
with the choice and means for limiting the use and disclosure of their Private Information.
Notice will be provided in clear language when individuals are first asked to provide Private
Information to the Organization, or as soon thereafter as is reasonable. In all circumstances,
this notice will be given prior to the Organization’s use or disclosure of the Information for a
purpose other than for which it was originally collected.
For Sensitive Private Information, the Organization will give individuals the opportunity to affirmatively or explicitly (opt out) consent to the disclosure of the information for a purpose other than the one for which it was originally collected or subsequently authorized by the individual. The organization will treat Sensitive Private Information received from an individual the same as the individual would treat and identify it as Sensitive Private Information.
Before disclosing Private Information to a third party, the Organization will notify the individual and allow them to opt out of the disclosure. The organization shall ensure that any third party to which Private Information may be disclosed subscribes to the same Privacy Principles or is subject to law providing the same level of privacy protection as is required by the Privacy Principles and agrees in writing to provide an adequate level of privacy protection.
The Organization will take reasonable steps to protect Private Information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. The Organization has implemented appropriate physical, electronic, and managerial processes to secure Private Information from loss, misuse, unauthorized access or disclosure, alteration, or destruction. The Organization cannot guarantee the security of Private Information on or transmitted via third-party electronic networks such as the Internet.
The Organization shall take reasonable steps to ensure that Private Information is accurate, complete, current,and reliable for its intended and declared use only.
The Organization shall allow an individual to access their Private Information and permit the individual to correct , amend, or delete inaccurate information, unless the cost of providing access would be disproportionate to the risks to the privacy of the individual in the case in question, or where the rights of other persons would be violated by permitting access to such information.