An organization is responsible for the protection of personal information, the fair handling of it at all times within the organization and in dealings with third parties. These responsibilities are outlined in principles that an organization must follow including accountability, identification of purpose, obtaining consent, limits to collection, use disclosure and retention as well as accuracy, safeguards, openness, access and recourse.

The Act impacts personal information of our clients and our staff. It is imperative that a proper Privacy Policy, in conjunction with the right controls, procedures and training to support the policy, be established, maintained and communicated. It will be these activities that will protect the organization's reputation, encourage employee morale and support and foster client relations.