Any and all information concerning the business affairs of Energy Efficiency Alberta and its directors, officers, employees and Proponents is to be kept private, secure and confidential. To regulate the use and disclosure of such information, Energy Efficiency Alberta has adopted this Privacy, Data Security and Confidentiality Policy.
(a) “EEA” means Energy Efficiency Alberta;
(b) “Confidential Information” means all information, Data, material and documents obtained by Energy Efficiency Alberta or its directors, officers, employees or Consultants or any of them and includes Proposals and all other information furnished or disclosed to directors, officers, employees or Consultants by Energy Efficiency Alberta , the Proponents and their respective employees, agents, contractors, subcontractors, or any of them, whether directly or indirectly, whether in written, oral, magnetic, electronic, optical or other tangible or intangible forms, together with any other variation or conversion of any nature whether in written, oral, magnetic, electronic, optical or other tangible or intangible forms to any element of the data, material or documents and includes information that is non-public, protected, confidential, privileged or proprietary in nature, which may have actual or potential economic value, in part, from not being known, or which could expose Energy Efficiency Alberta or Proponents to potential harm if it were to be disclosed or released to third parties, including, without limitation Personal Information, but does not include information that:
(i) is in the public domain at the date of disclosure or which after that date enters the public domain; (ii) is already known to the directors, officers, employees or Consultants (as evidenced by written records) at the time of its disclosure; (iii) was lawfully acquired by a director, officer, employee or Consultant from a third party (as evidenced in written records); or (iv) was independently developed by a director, officer, employee or Consultant who had no access to the Confidential Information (as evidenced in written records); (v) was released due to a compulsory disclosure order under a judicial process or under a compulsory regulatory (including securities) requirement or as otherwise required by law.
(c) “Consultants” means Energy Efficiency Alberta’s service providers, contractors, Consultants, and agents and any other individual who may by virtue of this relationship with Energy Efficiency Alberta, have or be given access to Confidential Information;
(d) “Data” means a record of information in any form and includes notes, images, audiovisual recordings, x-rays, books, documents, maps, drawings, photographs, letters, vouchers and papers, and any other information that is written, photographed, recorded, or stored in any manner;
(e) “Personal Information” means information about an identifiable individual, including, without limitation: (i) age, name, ID numbers, income, ethnic origin, blood type, religion (ii) opinions, evaluations, comments, social status, disciplinary actions (iii) employee files, credit records, loan records, medical records, existence of dispute between a consumer/merchant, intentions (re acquiring goods and services or changing jobs) but does not include the name, title, business address, business telephone number, fax or email of an employee of an organization.
(f) “Policy” means this Privacy, Data Security and Confidentiality Policy;
(g) “Proposal” means a proposal for funding under any funding program or agreement established or entered into by Energy Efficiency Alberta from time to time;
(h) “Proponents” means any and all persons, including without limitation, corporations, partnerships, joint ventures, unincorporated associations and natural persons who submit a Proposal to Energy Efficiency Alberta ;
This Policy applies to Energy Efficiency Alberta ’s directors, officers, employees and Consultants and to any other individuals, who may, by virtue of their relationship with Energy Efficiency Alberta , have or be given access to Confidential Information.
Confidential Information that is collected, used or disclosed by Energy Efficiency Alberta will be handled in a manner that recognizes both the right of the individual to have his or her Confidential Information protected and the need of Energy Efficiency Alberta to collect, use and disclose such information for purposes that are reasonable.
Energy Efficiency Alberta must comply with the Freedom of Information and Protection of Privacy Act, RSA 2000, c. F-25) in the course of performing duties and functions and exercising powers delegated to it by the Minister of Environment. All Data and records in the custody or under the control of Energy Efficiency Alberta that are required in the performance of duties or functions or the exercise of powers delegated to Energy Efficiency Alberta by the Minister of Environment are subject to the Records Management Regulation, Alta Reg. 244/2001.
Energy Efficiency Alberta follows ten principles:
Accountability – Energy Efficiency Alberta is responsible for Confidential Information under its control and will designate persons responsible for Energy Efficiency Alberta’s compliance with this Policy.
Identify purposes – Before or as Personal Information is collected, Energy Efficiency Alberta will identify and advise the individual why it is needed and how it will be used or disclosed.
Consent – the knowledge and consent of the individual are required for the collection, use or disclosure of Personal Information, with a few exceptions as described later.
Limit collection – Energy Efficiency Alberta will not collect Confidential Information indiscriminately and will avoid actions that may mislead others about reasons for collecting Confidential Information.
Limit use, disclosure and retention – Confidential Information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the person’s organization providing it or as required by law. Confidential Information will be retained only as long as necessary for fulfillment of those purposes.
Accuracy – Confidential Information will be as accurate, complete and current as necessary.
Safeguards – Confidential Information will be protected against loss, theft, unauthorized access, disclosure, copying, use or modification regardless of the format in which it is held.
Openness – Energy Efficiency Alberta will make available to others specific information about its policies and practices related to management of Confidential Information.
Individual access – when requested in writing, Energy Efficiency Alberta will allow an individual, with some exceptions, to access his or her own Personal Information and advise the individual on how the information has been used and to whom it has been disclosed. The individual may correct or amend any Personal Information if accuracy and completeness is challenged and found deficient.
Provide recourse – an individual may address a challenge concerning compliance with the above noted principles to the persons accountable for Energy Efficiency Alberta ’s compliance.
Energy Efficiency Alberta will obtain an individual or organization’s consent when it collects, uses or discloses Confidential Information.
Confidential Information collected is to be restricted to information actually required.
Confidential Information can only be used for purposes for which it was collected. If needed for another purposes, specific consent for incremental purpose must be obtained.
Confidential Information must be kept current and accurate.
When no longer required, Confidential Information will be made anonymous or destroyed appropriately.
Individuals have the right to access their own Personal Information held by Energy Efficiency Alberta and to challenge its accuracy.
Data security is a necessity to Energy Efficiency Alberta because Data represents a concentration of valuable assets in the form of Confidential Information which is also proprietary to Energy Efficiency Alberta or its Proponents. Security therefore must focus on controlling unauthorized access to Data.
Each director, officer or Consultant who is or may be granted access to Data or Confidential Information is responsible for maintaining the privacy, security and confidentiality of that information and must do so in compliance with this Policy.
When using Energy Efficiency Alberta ’s Data or Confidential Information, Energy Efficiency Alberta ’s directors, officers, employees and Consultants must:
(a) protect the Confidential Information and Data from unauthorized access (b) not leave laptops, mobile phones, personal digital assistants containing any Confidential Information or Data or any other electronic device unattended or unsecured (c) use passwords which are difficult to guess and keep password confidential, passwords should not be with anyone and changed regularly (d) protect Confidential Information and do not disclose such information without authorization (e) do not violate any third party’s intellectual property, privacy or other rights (f) do not disable or disclose Energy Efficiency Alberta enabled security features including firewalls and antivirus programs
All Energy Efficiency Alberta employees and Consultants who are given access to Data or Confidential Information must execute a Confidentiality Agreement with Energy Efficiency Alberta .
Directors and officers with Energy Efficiency Alberta are bound by this Policy, the Conflict of Interest Policy and Energy Efficiency Alberta ’s governance and accountability framework.