Registered Insurance Brokers of Ontario Company Logo
Search Button

Banner Picture of RIBO
Quick Links Heading
General Overview
Mission, Values & Vision
RIBO History
Presidents
General Managers
Contact Us
Council
Privacy Statement
Home
Consumers
Licensing
Continuing Education
Broker Resources
Publications
Accessibility
The page you are trying to access does not exist.
Please select a page from the Main Menu.
Download Acrobat Reader
Privacy Statement

RIBO VOLUNTARY PRIVACY AND ACCESS CODE

PRIVACY STATEMENT

The Personal Information Protection and Electronic Documents Act (PIPEDA) applies to the collection, use or disclosure of personal information by an organization in the course of a commercial activity.  It is arguable that this Act does not apply to RIBO, in that RIBO is a provincial regulatory organization that is required by provincial law to regulate the conduct and financial affairs of all general insurance brokers in Ontario, in the public interest. RIBO does not engage in commercial activity.

Notwithstanding this technicality, RIBO will voluntarily comply with all of the “principles” of PIPEDA to the fullest extent reasonably possible, in the circumstances.  It is clear that all registered insurance brokers in Ontario will be required to comply with PIPEDA. Accordingly, RIBO as the organization responsible for licensing and regulating these registered firms and individuals in the public interest, will also endeavour to comply to the extent reasonably possible consistent with its statutory responsibilities under the RIB Act, and other applicable laws and regulations.

Moreover, since its inception in 1981, RIBO has continuously maintained the confidentiality of information within its possession or control, subject to exceptions as provided by law. Indeed, RIBO and anyone employed by RIBO in the administration of the Registered Insurance Brokers Act (RIB Act) is required by that Act to preserve secrecy with respect to all matters that come to his or her knowledge in the course of his or her duties, employment, inquiry or investigation under that Act and shall not communicate any such matters to any other person except, in very limited circumstances, namely:

  1. as may be required in connection with the administration of the RIB Act, its regulators or by-laws or any proceedings under that Act or its regulations,
  2. to his or her lawyer, or
  3. with the consent of the person to whom the information relates.
RIBO, its Council members and staff from time to time are well practiced in the requirements of maintaining the privacy and confidentiality of information in its possession or control. The new federal privacy obligations and requirements contained in PIPEDA does not really add any new requirement for the privacy of personal information that was not already being observed by RIBO.  Nevertheless, RIBO has developed a voluntary PRIVACY AND ACCESS CODE in compliance with the PIPEDA legislation and will act in the spirit of that legislation, according to its Code, as if PIPEDA had direct application to RIBO.

RIBO’s commitment is to:

  1. protect personal information
  2. allow individuals to request information, seek amendments to their personal information and file complaints against RIBO with our Privacy Officer,
  3. train and educate staff; and
  4. develop publicly available information on our practices and procedures relating to the Code.

DEFINITIONS

PERSONAL INFORMATION

The term “personal information” refers to information about an identifiable individual.  In other words, information that specifically identifies you as an individual and is provided to, or collected by RIBO.
It does NOT include the name, title, business address or telephone number of an employee of an organization.  In other words, it does NOT include “business information” or “business contract” information as shown on our Register.

Every registered insurance broker is required to provide RIBO with an official “address for service” of RIBO documents, for example, renewal forms and the like.  This “business address” is public information that may be given to or used by members of the public to verify the existence of a valid current registration.  RIBO does not provide “home” address information, except in rare cases where this information has been provided by a broker as their official “business” address, on our Register.

Similarly, the findings and decisions of the Q&R Committee and Discipline Committee are published in the RIBO Bulletin and may be made available to anyone, on request, including other regulatory organizations.

RIBO PRIVACY OFFICER

The term RIBO Privacy Officer means the individual or individuals appointed from time to time by RIBO to be accountable for RIBO’s compliance with the policies and procedures contained in the RIBO Privacy and Access Code.

1. ACCOUNTABILITY

RIBO is responsible for all personal information under our control.  We will designate one or more individuals who will be accountable for the organization’s compliance with the policies and procedures described in this Code.

1.1 The individual appointed to be accountable for RIBO’s compliance will be known as our Privacy Officer. We will appoint an appropriate person in this capacity who has sufficient authority within our organization to ensure compliance.

1.2 Our Privacy Officer may be contacted as follows:

Title:    Privacy Office
Name of Organization: RIBO
Address: 401 Bay Street, Suite 1200, Box 45
Toronto, ON M5H 2Y4
Telephone:   (416) 365-1900 (800) 265-3097
Fax:    (416) 356-7664
Internet:  www.ribo.com
E-mail: (see staff list on website for Privacy Officer)

1.3 Our commitment is to:

  1. protect personal information,
  2. allow individuals to request information, seek amendments to their personal information and file complaints against RIBO with our Privacy Officer,
  3. train and educate staff; and
  4. develop publicly available information on our practices and procedures relating to the Code.

2. IDENTIFYING PURPOSES

We will identify the purposes for which we collect personal information at or before the time the information is collected.

2.1 We may choose to identify such purposes orally or in writing.  Written notification will be used whenever practical to do so.  This Code itself will be used to identify such purposes.

2.2 We collect, use and disclose personal information for one overriding reason:  to fulfil our mandate under the Registered Insurance Brokers Act to regulate the profession in the public interest.

2.3 RIBO is responsible under that Act to establish and maintain standards of qualification for registration as well as to enforce standards of conduct established in the Act and its regulations and by-laws.

2.4 In that regard, RIBO maintains a file on every applicant for registration every member of the organization, including those who once were but have ceased to be registered for any reason and every complaint that is processed through our complaints and/or discipline processes.

Accordingly, we may collect, use and disclose personal information:

  1. to verify an applicant’s or member’s identity
  2. to determine if an applicant meets RIBO’s qualification and registration requirements
  3. to satisfy our statutory obligations regarding the continuing suitability of applicants or members under our qualification standards
  4. to satisfy our statutory obligations regarding investigating complaints against members and the prosecution of complaint and/or disciplinary proceedings
  5. to detect or prevent fraud or other criminal or quasi-criminal offences.

2.5 We use this information to make decisions on applications for registration or renewal, reinstatements, or exemptions, or a review of a member’s continuing qualification for registration.

2.6 For these purposes, we may collect, use and disclose personal information largely as provided on our application forms or other forms required to be submitted to RIBO on an on-going basis.

Examples of such information include name and address, age, gender, employment history, references, education levels, criminal record, civil actions, bankruptcy or other personal financial information.  Some of this information is provided to RIBO by third parties, such as employers, police organizations, trustees, the Financial Services Commission or other regulatory organizations. 
All of this information is collected, used and disclosed with the express consent of the applicant or member.

2.7 We collect, use and disclose financial information regarding trust funds on a regular basis from each registered firm, as required by law.

2.8 We collect, use and disclose personal information in the investigation of complaints against brokers, whether instituted by RIBO, or as a result of an information provided by a members of the public, another broker, a lawyer, accountant, or another regulatory organization.

2.9 Personal information may be collected, used or disclosed by RIBO for any of the above identified purposes.

If your personal information is not needed for one of these identified purposes, we will not disclose it without first obtaining additional consent from you.  For example, from time to time prospective employers wish to confirm information in a member’s file.  This information or access to this information is never disclosed or given without first obtaining the express consent of the member to whom the information relates.

2.10 For some of the identified purposes, we may need to share your personal information with others, in order to fulfil our mandate as outlined above.


These other parties commonly include:

  1. the Financial Services Commission or other government  or regulatory organizations.
  2. the Ontario Provincial Police or other law enforcement organizations, such as the RCMP or the Insurance Crime Prevention Bureau.
  3. insurance companies, in the investigation of an act of misconduct, whether involving trust funds or otherwise.
  4. our legal counsel.

2.11 We will identify any new purposes that may arise during the course of dealing with personal information and obtain prior consent for this new use, even if we have already identified certain initial purposes.  However, we will only do this when the intended new purpose truly constitutes a “new” use, such as, when the purpose being proposed is materially different from the purpose initially identified.

2.12 There may be situations in which we are not required to explain purposes, including those situations outlined under paragraph 3 of this Code.

CONSENT

We will obtain the appropriate consent from applicants or members for the collection, use or disclosure of their personal information, except where the law provides an exemption.
3.1 We may obtain express consent for the collection, use or disclosure of personal information, or we may determine that consent has been implied by the circumstances.
3.2 Express consent is a specific authorization given by the applicant or member to RIBO, either orally or in writing.  Implied consent is one in which RIBO has not received a specific authorization, but the circumstances allow us to collect, use or disclose personal information.
3.3 Express written consent includes an applicant or a member:
. signing a specific authorization, such as on application forms
. providing a letter or other document authorizing certain activities
. providing an authorization electronically (by computer).

3.4 Express oral consent can be given in person or over the telephone.  If RIBO obtains an express oral consent, we will normally make note of that consent and the date obtained in the applicant’s or member’s file.
3.5 We ordinarily seek express consent at the stage where an applicant signs the initial application form to become a registered insurance broker.  However, we may determine that by an individual or firm seeking registration with RIBO, consent has been implied for us to collect, use and disclose personal information in a reasonable manner.
3.6 All applicants for registration with RIBO consent to the collection, use and disclosure of personal information as set out in this Code.  This is an on-going consent in respect of the current and all future applications for registration and applies during each year that RIBO maintains either an applicant file or a member file on that individual or firm, should the applicant become a member.
3.7 Subject to legal exceptions, consent may be withdrawn at any time.  We generally require such withdrawal to be in writing.  There may be serious consequences to failing to provide or to withdrawing consent to the specific authorization on the application form, such as an inability of RIBO to register or continue to register an applicant or a member.
Where the consent is for use or disclosure situations unique to an individual applicant or member, such as a prospective employer confirmation, this consent may be withdrawn at any time, as above.
3.8 Depending on whether a new purpose is identified during the course of dealing with an applicant’s or a member’s personal information, we may choose to seek a new consent. We do not, however, consider a regular updating of information in an applicant’s or a member’s file to be a new purpose and, therefore, we will not seek a new consent for this purpose.
3.9 There are circumstances in which RIBO is not required to obtain an applicant’s or a member’s consent or to explain purposes for the collection, use or disclosure of their personal information.
These include but are not limited to:
. COLLECTION -We may collect personal information without consent where it is in the applicant or member’s interest and timely consent is unavailable, or to investigate an alleged act of misconduct, or a contravention of law.
. USE -We may use personal information without consent for similar reasons as in “collection” above, and also in an emergency situation in which an individual’s life, health or security is threatened.
. DISCLOSURE -We may disclose personal information without consent for the reasons listed above or for law enforcement, regulatory or national security purposes.

3.10 There are circumstances where it may be impractical or impossible to obtain consent, such as gathering information to investigate a complaint against a member.  Obviously, RIBO cannot be in a position where it can’t proceed without the consent of the member.  RIBO has to fulfil its mandate.
1 Investigations may also include gathering personal information about clients of a member without those clients’ consent.  Members however, are bound by the Code of Conduct in the regulations under the Registered Insurance Brokers Act to report potential acts of misconduct by other members, where this information comes to their attention, including information about clients where it would be impractical or impossible to obtain their consent.
2 LIMITING COLLECTION

The personal information we collect will be limited to that which is necessary for the purposes we have identified.
4.1 We only collect personal information for specific, legitimate purposes.  We will not collect personal information indiscriminately.  For example, we do not ask for more information on registration applications than is needed to determine if the applicant meets our registration requirements.
4.2 We will only collect information by fair and lawful means and not by misleading or deceiving individuals about the purpose for which information is being collected.
NOTE: There may be situations in which we collect personal information for legitimate purposes not identified to the individual, including those situations outlined under paragraph 3.9 of this Code.

5. LIMITING USE, DISCLOSURE AND RETENTION
Personal information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the firm or individual or as required or authorized by law.  We will only retain personal information as long as necessary for the fulfillment of those purposes.
5.1 We will only use or disclose personal information for legitimate, identified purposes.
5.2 We will retain personal information only as long as necessary for the fulfillment of the purposes for which it was collected.
5.3 Personal information that is no longer required to fulfil identified purposes will be destroyed, erased or made anonymous.
5.4 We keep registration information and complaint or discipline information for as long as the member is registered, and beyond where we need it to effectively meet our mandate, for our identified purposes, or as required by law.
NOTE: There may be situations in which we use, disclose or retain personal information for legitimate purposes not identified to the individual, including those situations outlined under paragraph 3.9 of this Code.

6. ACCURACY
The personal information we collect will be as accurate, complete and up-todate as is necessary for the purposes for which it is to be used.
6.1 Individuals who provide their personal information to us must do so in an accurate and complete manner, and thereafter promptly report any change in registration information, within 30 days of such change.
6.2 RIBO, on an on-going basis, endeavours to ensure the accuracy and completeness of personal information under our care and control.  For example, our files are updated whenever an applicant’s or a member’s registration status, or discipline status as the case may be, changed.
1 As more particularly described under Paragraph 9 “Individual Access”, we will provide recourse to individuals who appear to have legitimate corrections to make to information on their file.  Once significant errors have been identified, we will correct or amend the information as appropriate and/or we will direct you to the source of the information so you can correct it yourself directly with the third party responsible.  Where necessary, we will send such corrected or amended information to third parties who have had access to the information in question.
2 SAFEGUARDS

RIBO will safeguard the security of personal information under our control in a manner that is appropriate to the sensitivity of the information.
7.1 Whether in electronic or paper-based format, RIBO maintains strict security systems to safeguard personal information.
7.2 We will protect the security of personal information, regardless of the format in which it is held against loss or theft, against unauthorized access, disclosure, copying, use or modification.
7.3 Our methods of protection may include:
. physical measures, such as locked filing cabinets and/or restricted access
. organizational measures, such as security clearances and limiting access on a “need to know” basis; and
. technological measures, such as blocking access, the use of passwords and/or encryption.

7.4 In determining what safeguards are appropriate, we will consider the following factors:
. the sensitivity of the information
. the amount of information held
. the parties to whom the information may be disclosed
. the format in which the information is held, and 
. the way in which the information is physically stored.

7.5 We will ensure that our policies and procedures on safeguarding personal information are clearly communicated and accessible to our employees by:
. training staff on the subject of personal information protection; and
. having regular staff meetings in which we will review our procedures and revise where appropriate.

7.6  We will take precautions in the disposal or destruction of personal information to prevent unauthorized parties from gaining access to the information.  These measures may include:
. ensuring that no one may retrieve personal information after it has been disposed of;
. shredding documents before recycling them; and
. deleting electronically stored information.

8. OPENNESS
RIBO will make specific information about our policies and procedures, relating to the management of personal information that is under our control, readily available to anyone.
8.1 Anyone may inquire about our policies and procedures and access will be easily available.
8.2 We will communicate our policies and procedures for the management of personal information to our staff, our members and the public.
8.3 We will provide the name of our Privacy Officer to our receptionist and staff, so that members of the public can be easily advised.
8.4 We may choose to make information about our policies and procedures available in a variety of ways, for example:
. making this Code available on our website
. publishing information about the Code in our Bulletin, including the existence of a toll-free telephone number
. making the Code available in printed form on request
. mailing out information.

8.5 The information we make publicly available will include:
. the name, title and contact particulars of RIBO’s “Privacy Officer”
. the means by which access to information may be obtained
. a description of the types of information held by RIBO and a general description of its uses; and
. a description of information that is disclosed to related organizations.

1 RIBO will make this entire Code publicly available.
2 INDIVIDUAL ACCESS

Upon request, RIBO will inform individuals of the existence, use and disclosure of his or her personal information that is under our control, and may be given access to and may challenge the accuracy or completeness of that information.
9.1 Upon written request, RIBO will inform an individual whether or not we hold personal information about him or her.  If we do hold such personal information, upon written request, we will provide access to the information, as well as a general explanation of how it is used.
9.2 The manner in which access is given may vary, depending on the format in which the information is held (hard copy or electronic), the amount of information held and other factors. For example, if there is a large volume of information, we may simply provide a summary of the information instead of providing a copy of the entire file.
9.3 Individuals will be required to provide RIBO with sufficient details to permit us to provide an explanation of the existence, use and disclosure of personal information.
9.4 An individual to whom RIBO provides access to their personal information is entitled to challenge the accuracy and completeness of that information.  RIBO will provide recourse to any individual that appears to have a legitimate correction to make to information on their file, or if the information is found to be deficient in any respect.  Once significant errors have been identified, RIBO will forthwith correct or amend the information as appropriate and /or we will direct you to the source of the information so you can correct it yourself directly with the third party responsible.  Where necessary, RIBO will send such corrected or amended information to third parties who have had access to the information in question.
9.5 Upon written request, we will provide a list of third parties to whom we may have disclosed an individual’s personal information.  If we are unsure exactly which third parties may have received the information, we will provide a list of third parties likely to have received the information.
9.6 The procedure for making a request is as follows:
1 Please make your requests in writing to RIBO’s Privacy Officer stating as specifically as possible which personal information you are requesting.
2 We will respond to a request promptly, but in any event, not longer than within 10 business days after receipt of the request, unless we first advise you that we need a longer period to respond.
3 If we refuse a request, we will inform the individual in writing of the refusal, explaining the reasons and any recourse the individual may have, including the possibility that they may file a complaint with the Privacy Commissioner of Canada.
4 Notwithstanding 2 and 3 above, if we do not respond within the above time limit, we will be deemed to have refused the request.

9.7 These are also exceptions that will prevent RIBO from providing access in some situations, including where:
. personal information about another person might be revealed
. commercially confidential information might be revealed
. someone’s life or security might be threatened
. the information was collected without consent for the purposes related to an investigation of an allegation of misconduct, or for purposes related to the detection and prevention of fraud or other contravention of the law, where provision of such information would undermine the investigation
. the information was generated during the course of formal complaint or disciplinary proceeding under our Regulations; or
. the information is protected by privilege, such as solicitor-client privilege, or RIBO is otherwise prevented by law from disclosing such information.

10. CHALLENGING COMPLIANCE
Any individual may address a challenge concerning compliance with the above policies and procedures to RIBO’s Privacy Officer.
10.1 Upon request individuals who wish to inquire or to file a complaint about the manner in which RIBO handled their personal information, or about the policies and procedures contained in this Code, will be informed of RIBO’s applicable complaint procedure.
10.2 Please make inquiries or complaints in writing addressed to RIBO’s Privacy Officer stating as specifically as possible the nature of your inquiry or complaint.
10.3 Upon receipt of such inquiry or complaint, RIBO will forthwith:
. Acknowledge receipt of the inquiry or complaint, 
. If an inquiry only, clarify facts directly or respond to the nature of the inquiry as appropriate,
. If a complaint, assign someone to investigate the matter,
. Any investigator so assigned will be given unfettered access to files and personnel as required,
. Advise the complainant in writing of the outcome of our investigation, including any appropriate measures taken to correct RIBO’s information handling practices and policies, if applicable.

10.4 We will document all complaints made by clients, as well as our actions in response to complaints, by noting these details in the individual’s file where appropriate and also in a master privacy file.
10.5 Updated versions of this Voluntary Privacy and Access Code are posted on RIBO’s website at www.ribo.com, or you can direct any queries or complaints to RIBO’s Privacy Officer as follows:
. For more information, to make inquiries or to file a complaint, please contact:
Patrick Ballantyne, LL.B
RIBO Privacy Officer and General Counsel
401 Bay Street, Suite 1200, P.O. Box 45
Toronto, Ontario M5H 2Y4

(416) 365-1900
(800) 265-3097 (toll free)
(416) 365-7664 (fax)
www.ribo.com (website) 
This e-mail address is being protected from spambots. You need JavaScript enabled to view it

. In his absence, or if you are otherwise unable to contact him, you may direct your request, enquiry or complaint of his designate:
Timothy Goff
Manager of Complaints and Investigations
401 Bay Street, Suite 1200, P.O. Box 45
Toronto, Ontario M5H 2Y4

(416) 365-1900
(800) 265-3097 (toll free)
(416) 365-7664 (fax)
www.ribo.com (website) 
This e-mail address is being protected from spambots. You need JavaScript enabled to view it

. For additional information on PIPEDA’s obligations or if you are unsatisfied about RIBO’s handling of any request, inquiry or complaint, you may address this by contacting the Office of the Federal Information and Privacy Commissioner, as follows:
Privacy Commissioner of Canada
112 Kent Street
Ottawa, Ontario K1A 1H3

(613) 995-8210
(800) 282-1376 (toll free)
www.privcom.gc.ca (website)

• PRIVACY AND ACCESS CODE JANUARY, 2004

 
Page Footer Heading
 
Search Broker/Brokerage Member Login Area