Any and all information concerning the business affairs of ERA* and its directors, officers, employees and Proponents is to be kept private, secure and confidential. To regulate the use and disclosure of such information, ERA has adopted this Privacy, Data Security and Confidentiality Policy.
(a) “ERA” means Emissions Reduction Alberta; (b) “Confidential Information” means all information, Data, material and documents obtained by ERA or its directors, officers, employees or Consultants or any of them and includes Proposals and all other information furnished or disclosed to directors, officers, employees or Consultants by ERA, the Proponents and their respective employees, agents, contractors, subcontractors, or any of them, whether directly or indirectly, whether in written, oral, magnetic, electronic, optical or other tangible or intangible forms, together with any other variation or conversion of any nature whether in written, oral, magnetic, electronic, optical or other tangible or intangible forms to any element of the data, material or documents and includes information that is non-public, protected, confidential, privileged or proprietary in nature, which may have actual or potential economic value, in part, from not being known, or which could expose ERA or Proponents to potential harm if it were to be disclosed or released to third parties, including, without limitation Personal Information, but does not include information that: (i) is in the public domain at the date of disclosure or which after that date enters the public domain; (ii) is already known to the directors, officers, employees or Consultants (as evidenced by written records) at the time of its disclosure; (iii) was lawfully acquired by a director, officer, employee or Consultant from a third party (as evidenced in written records); or (iv) was independently developed by a director, officer, employee or Consultant who had no access to the Confidential Information (as evidenced in written records); (v) was released due to a compulsory disclosure order under a judicial process or under a compulsory regulatory (including securities) requirement or as otherwise required by law. (c) “Conflict of Interest Policy” means that ERA’s Conflict of Interest Policy, approved by the Board of Directors of the ERA on June 24, 2009, as amended from time to time; (d) “Consultants” means the ERA’s service providers, contractors, Consultants, and agents and any other individual who may by virtue of this relationship with ERA, have or be given access to Confidential Information; (e) “Data” means a record of information in any form and includes notes, images, audiovisual recordings, x-rays, books, documents, maps, drawings, photographs, letters, vouchers and papers, and any other information that is written, photographed, recorded, or stored in any manner; (f) “Personal Information” means information about an identifiable individual, including, without limitation: (i) age, name, ID numbers, income, ethnic origin, blood type, religion (ii) opinions, evaluations, comments, social status, disciplinary actions (iii) employee files, credit records, loan records, medical records, existence of dispute between a consumer/merchant, intentions (re acquiring goods and services or changing jobs) but does not include the name, title, business address, business telephone number, fax or email of an employee of an organization. (g) “Policy” means this Privacy, Data Security and Confidentiality Policy; (h) “Proposal” means a proposal for funding under any funding program or agreement established or entered into by the ERA from time to time; (i) “Proponents” means any and all persons, including without limitation, corporations, partnerships, joint ventures, unincorporated associations and natural persons who submit a Proposal to the ERA;
This Policy applies to ERA’s directors, officers, employees and Consultants and to any other individuals, who may, by virtue of their relationship with ERA, have or be given access to Confidential Information.
Confidential Information that is collected, used or disclosed by ERA will be handled in a manner that recognizes both the right of the individual to have his or her Confidential Information protected and the need of the ERA to collect, use and disclose such information for purposes that are reasonable. ERA must comply with the Freedom of Information and Protection of Privacy Act, RSA 2000, c. F-25) in the course of performing duties and functions and exercising powers delegated to it by the Minister of Environment. All Data and records in the custody or under the control of ERA that are required in the performance of duties or functions or the exercise of powers delegated to ERA by the Minister of Environment are subject to the Records Management Regulation, Alta Reg. 244/2001. Principles ERA follows ten principles:
- Accountability – ERA is responsible for Confidential Information under its control and will designate persons responsible for ERA’s compliance with this Policy.
- Identify purposes – Before or as Personal Information is collected, ERA will identify and advise the individual why it is needed and how it will be used or disclosed.
- Consent – the knowledge and consent of the individual are required for the collection, use or disclosure of Personal Information, with a few exceptions as described later.
- Limit collection – ERA will not collect Confidential Information indiscriminately and will avoid actions that may mislead others about reasons for collecting Confidential Information.
- Limit use, disclosure and retention – Confidential Information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the person’s organization providing it or as required by law. Confidential Information will be retained only as long as necessary for fulfillment of those purposes.
- Accuracy – Confidential Information will be as accurate, complete and current as necessary.
- Safeguards – Confidential Information will be protected against loss, theft, unauthorized access, disclosure, copying, use or modification regardless of the format in which it is held.
- Openness – ERA will make available to others specific information about its policies and practices related to management of Confidential Information.
- Individual access – when requested in writing, ERA will allow an individual, with some exceptions, to access his or her own Personal Information and advise the individual on how the information has been used and to whom it has been disclosed. The individual may correct or amend any Personal Information if accuracy and completeness is challenged and found deficient.
- Provide recourse – an individual may address a challenge concerning compliance with the above noted principles to the persons accountable for ERA’s compliance.
- ERA will obtain an individual or organization’s consent when it collects, uses or discloses Confidential Information.
- Confidential Information collected is to be restricted to information actually required.
- Confidential Information can only be used for purposes for which it was collected. If needed for another purposes, specific consent for incremental purpose must be obtained.
- Confidential Information must be kept current and accurate.
- When no longer required, Confidential Information will be made anonymous or destroyed appropriately.
- Individuals have the right to access their own Personal
Information held by ERA and to challenge its accuracy.
E. Data Security
Data security is a necessity to ERA because Data represents a concentration of valuable assets in the form of Confidential Information which is also proprietary to ERA or its Proponents. Security therefore must focus on controlling unauthorized access to Data. Each director, officer or Consultant who is or may be granted access to Data or Confidential Information is responsible for maintaining the privacy, security and confidentiality of that information and must do so in compliance with this Policy. Principles When using ERA’s Data or Confidential Information, ERA’s directors, officers, employees and Consultants must: (a) protect the Confidential Information and Data from unauthorized access (b) not leave laptops, mobile phones, personal digital assistants containing any Confidential Information or Data or any other electronic device unattended or unsecured (c) use passwords which are difficult to guess and keep password confidential, passwords should not be with anyone and changed regularly (d) protect Confidential Information and do not disclose such information without authorization (e) do not violate any third party’s intellectual property, privacy or other rights (f) do not disable or disclose ERA enabled security features including firewalls and antivirus programs
- All ERA employees and Consultants who are given access to Data or Confidential Information must execute a Confidentiality Agreement with ERA.
- Directors and officers with ERA are bound by this Policy, the Conflict of Interest Policy and ERA’s governance and accountability framework.
*Emissions Reduction Alberta (ERA) is a registered trade name of the Climate Change and Emissions Management (CCEMC) Corporation.