PPO Privacy Policy

KEY TAKEAWAYS

May 11, 2022 / Effective Date of Policy

PRIVACY POLICY OF POPULIST PARTY ONTARIO

Our Commitment to Protecting your Privacy / Scope of the PolicyThe Populist Party of Ontario understands the importance of protecting your personal information. We have designed our privacy policy to meet or exceed the requirements of the Personal Information Protection and Electronic Documents Act (PIPEDA) and the ten principles found in the Canadian National Standard for the Protection of Personal Information as well as the Guidelines for the Use of Electoral Products, published by Elections Ontario.This Privacy Policy applies to all personal information obtained by the Party from any source, any person and or entity. This is inclusive of all information that the Party finds itself in receipt and or carriage of without regard to how the Party has obtained same said information. This includes all personal information, and the Party specifically states that it applies to all personal information derived from the Permanent Register of Electors for Ontario or the Register of Absentee Electors that the Party, our members of the Legislative Assembly of Ontario, our Candidates, their staff, and any person or entity that represents or works for us may receive from Elections Ontario.This policy applies while using our website, you do not have to identify yourself or divulge personal information. If you choose to give us your personal information, you decide the amount of information you wish to provide. We will respect your privacy through the protection of the personal information you provide to us. We take great care in keeping confidential and secure all personal information in our possession.Personal Information consists of details about an identifiable individual. It may include information such name, address, telephone number and other contact information.Additionally, training is provided to all representatives of the Party to ensure compliance with privacy safeguards and controls.What is Personal InformationThe Populist Party of Ontario collects personal information to communicate with you, to facilitate your participation as a volunteer, to better expand online activism and to give
you the information you need in a timely manner. As a result, we may ask you to provide information such as your name, address, phone number and email address in an effort to improve our ability to work with you. If you choose not to give us any information, we will not be able to provide you the requested content or give you access to timely information regarding issues that may be important to you.Purpose of CollectionWhen you join any Populist Party of Ontario mailing list, we collect your name, contact details, email address, and certain other information. We use your email address to send you the email updates to which you subscribed. You may request that your email address be removed by sending your request to Matthew Olson.
matthewcolson1974@outlook.com

Sources of Collection.
Our sources of collection are: Mailing Lists / Door to Door or Telephone Canvassing / Surveys or Polls / Donations / Events / Website Analytic Tools / social media / Service Providers.
Your opinion matters to us and from time to time we may use surveys to help us understand which issues you are interested in. Throughout your online experience, we treat your name and any comments as public information. We may, for example, provide compilations of surveys or online forums, with your comments without disclosing email addresses. We may also make comments available to the media and public online. When you contribute money online, we use state-of-the-art security protocols to protect sensitive data, such as personal information and credit card numbers. As required by Elections Ontario we are required to collect and report the name and mailing address of individuals whose contributions exceed $20. We also make a note of your telephone number and email address, which helps us to contact you quickly if follow-up on your contribution is necessary. We strive to use your personal information in a responsible and respectful manner. We retain any personal information that you provide, unless otherwise stated. By completing any of our online forms, attendance at any events, social media interaction, and any collection source noted above you are consenting to our collection and retention of the information you provide. We limit the collection of personal information to that which is necessary to fulfill the purpose for which it was collected.Information we receive from Elections OntarioElections Ontario supplies the Party, our members of the Legislative Assembly of Ontario, and our Candidates with personal information from the Permanent Register of Electors for Ontario and from the Register of Absentee Electors. We collect this information and other information mentioned above for the purpose of communicating with you so you can be involved in the Party, facilitate participation in the Party, solicit donations, issue tax receipts, invite participation at events, and provide you with updates that you have asked for and or subscribed to. If you choose not to give us any information, we may not be able to give you access mentioned directly above.Any and all information we receive form Elections Ontario will only be used for electoral purposes allowed under the Elections Act. We do not use this information for commercial reasons.Restriction on Use / Limiting use, disclosure and or retentionThe Party, its Agents, Members, Employees, and Volunteers will only use private information for electoral purposes and will never use private information for commercial purposes. The Party only uses information it receives for electoral purposes permitted under the Elections Act. Some of those purposes are communicating with electors, soliciting elector contributions, soliciting campaign support during a writ period, and recruiting Party members.Information you supply to usWe use your information in a respectful manner. We retain information that you provide to us for only as long as is required to fulfill the purpose that that same said information was collected for. By using one of our sources of collection mentioned above you consent to our use and retention of your information. We limit collection of personal information to the period of time required to fulfill the reason it was given to us for.We maintain security systems to safeguard your personal information from unauthorized access, disclosure or misuse, and from loss or unauthorized alteration. All paper documentation containing personal information is shredded for your safety. Our website has a number of security measures in place to protect against the loss, misuse or alteration of the information under our control. Computer systems have restricted access limited only to those persons and organizations necessary to its proper functioning. Highly sensitive data including credit card information is additionally secured through the use of encryption, such as the Secure Socket Layer (SSL) protocol. All information will remain confidential to the Populist Party of Ontario and to individuals working for us.

Information we receive form Elections Ontario

Personal information we receive form Elections Ontario will only be disclosed to our members of the Legislative Assembly of Ontario, and our Candidates. If we use a third Party, we only do so with and after obtaining a written acknowledgement from the recipient that will use the information for electoral reasons. Our members of the Legislative Assembly of Ontario, our Candidates require this information also as such they are required to read, review, and adhere to this Privacy Policy. This policy permits us, Our Members, and our Candidates to terminate the supply of information at any point and to demand the return of any such information given.Our Members, Candidates, and the Party will track all data received from Elections Ontario by date of receipt, name of person information was disclosed to, format provided, confirmation of signed privacy policy, and confirmation of the date when the information was returned.Privacy Requirements / Implementation and Enforcement of Privacy ControlsAdministrative ControlsInformation is kept private and confidential and only released on a need to know basis, and only where required. Only persons who have a need to know information will be provided information. Only individuals who have read, reviewed, and completely understand this policy will be provided access, and only with the additional approval of the Chief Privacy Officer.Written approval for use of, and sharing of, information is to be approved by the Chief Privacy Officer before dissemination of any information occurs. The Chief Privacy Officer is responsible for implementing and ensuring compliance with any and all privacy related matters.Limit the number of people who have access to electoral products to reduce the chances of a privacy breach.Only authorized employees, volunteers and/or agents of Political Entities who require access to electors’ personal information should be provided with secure access to the Political Entity’s database.Ensure that all individuals who are given access to electors’ personal information understand the importance of protecting the privacy of electors’ information.Obtain from each individual an acknowledgement that the individual will abide by the restrictions on the use of electors’ personal information using the sample in the guidelines at appendix B of the Elections Ontario Guidelines.Technical ControlsInformation is stored on a hard drive, and not on a cloud drive. The hard drive is located in a locked office, or an office which is unlocked only when staff are present within the
office. Email is only to be sent and received from a list of persons approved by the Chief Privacy Officer, and only candidate and staff are to be on the approved list.All files will be sent encrypted and with a password associated. The Chief Privacy Officer will assign all contact persons with a password for access, each password will be unique to each person.Passwords and keys should be strictly controlled by the person responsible for privacy safeguards. Individual and unique passwords should be provided to authorized employees, volunteers and/or agents of Political Entities who require access to electors’ personal information on the entity’s database.Passwords must be kept confidential by each user and must be sufficiently complex.Passwords should be encrypted in transmission, and where passwords must be stored, they must also be encrypted in storage.Encryption of stored passwords should ensure that both the password, and any information describing the use or systems to which the password corresponds, are both encrypted.Electronic records containing electors’ personal information must be stored and encrypted on password-protected data storage devices and applications or removable drives, rather than on the hard drive of a laptop or home computer.Access to laptops and home computers must be password controlled, and any data on the hard drive must be encrypted and stored in a secure location.Safeguards such as anti-virus software and personal firewalls could also be installed.Password enabled screen lock must be activated on laptops and home computers that are temporarily unattended.When working at home or other locations outside the office, employees, volunteers and/or agents should avoid sending electors’ personal information by e-mail.If personal information must be sent by email, the email must be encrypted, including any file attachments.Physical ControlsAll Hardcopies of information will be kept in a secured fire resistant and locked cabinet or cabinets as required. While information is in use nothing will be publicly displayed, or otherwise permitted to be viewed by the public. The Chief Privacy Officer or designee will be the only person who will have keys to the locked cabinet or cabinets as required. The cabinet, or cabinets, further are kept within a locked room, which only the Chief Privacy Officer has access to.Paper records should be kept in locked filing cabinets when not in use.
While in transit, paper records must be securely packaged and sealed while in the possession of the employees, volunteers and/or agents of the Political Entity.If used at home, records must be accessible only by employees, volunteers and/or agents of the Political Entity.Where photocopies of List Products are required, photocopy machines must not be left unattended while conducting the task.Original documents must be securely stored and should remain in the office. Employees, volunteers and/or agents of the Political Entity must obtain the necessary approvals to remove documents from the office, and a record of the information removed and by whom must be kept.Electors’ personal information, whether in printed or electronic format, must never be accessed by employees, volunteers and/or agents of the Political Entity while travelling on public transportation or in other public spaces.Disposition ProtocolA secure shredding service provider may be procured to securely destroy lists containing electors’ personal information; however, the Populist Party of Ontario will be responsible for specifying how the destruction is to be accomplished, under what conditions and by whom.All Party members will create or obtain from the service provider a certificate of destruction that documents the following:Records and/or list products that are being destroyed. Date, time, and location of destruction.Method of destruction.Name and signature of the individual responsible for destruction or the operator.The requirements for the party on how to dispose of electors’ personal information in a safe and secure manner:Methods used must ensure that personal records cannot be reconstructed.Electronic data must be permanently erased using methods that prevent the restoration of such data.Data erasure software must conform to the standard set by the Communication Security Establishment Canada wiping method.Destruction of printed copies of documents means cross-cut shredding, not continuous (single strip).All decommissioned electronic media that was used to store elector data must be permanently erased. Political Entities must return electoral products to Elections Ontario
if they are unable to destroy the products. For additional questions on the secure destruction of electoral products, please contact Elections Ontario. If a Member of the Legislative Assembly resigns or has forfeited the office to which they were elected or ceases to be a member of a Political Party and becomes an independent Member of the Legislative Assembly, the Member must either destroy and/or return all documents containing electors’ personal information and election-related information to the Chief Electoral Officer within 30 days of their resignation or removal.Training on Privacy ControlsThe Chief Information Officer will provide training on privacy controls to all volunteers, staff, and any other person who may come into contact with any sensitive information, or information pertaining to electors. That training will include:Reporting breaches or suspected to the Chief Privacy OfficerReporting anything lost or stolen to the Chief Privacy OfficerNot displaying or showing any information to the publicA mandatory Non-disclosure agreementEnsuring that it is understood that no information is to be used, save for the expressly permitted purposes under legislation, and that any questions or concerns are to be directed to the Chief Privacy OfficerAs well stressing the importance of avoiding erroneous exposure of information to the public.Data Breach ManagementIf any of the data under our control is mishandled, lost or stolen we will contain the breach, attempt to identify same, document the circumstance that led to the breach, review our policies and procedures to prevent it from occurring in the future. If the data breached was provide to us by Elections Ontario, we will notify the Chief Electoral Officer for Ontario. As needed where we believe that the breach poses a significant risk of harm to an individual as defined in PIPEDA we will notify the Privacy Commissioner and any individual affected.Populist Party Ontario / Candidate’s ResponsibilitiesAll Candidates, their employees, volunteers, and or agents must comply with this Privacy Policy. Any and all personal information received by Elections Ontario must be limited in its use to electoral purposes only required under the Elections Act and not commercially, obtain written acknowledgements from each party they disclose such information that it may only be used for electoral purposes, track per our policy the distribution of information supplied to the Candidate, and notify the Party of any loss or theft of that information so as to comply with the policy above. Finally, the destruction and or return of all copies provide to the Candidate once it is no longer authorized.Populist Party Ontario / Legislative Member’s ResponsibilitiesThe Populist Party Ontario Members, their employees, and agents in addition all the above, are also required to comply with the applicable filing requirements of the Guidelines for the Use of Electoral products, published by Elections Ontario.Populist Party Ontario / Chief Privacy Officers Responsibilities.
The Chief Privacy Officer’s role is to safeguard against any accidental or unauthorized access of elector’s data, disclosure, use, modification, and disposal, in accordance with legislation and best industry practices where legislation is silent on directives. The Chief Privacy Officer will comply with all the filing guidelines/requirements of Elections Ontario. The Chief Privacy Officer is responsible for enforcing this policy and may take any reasonable action, as is necessary to ensure compliance and protection of all elector’s data, including but not limited to dismissing volunteers, staff, and recommending the removal of candidates from the Party.
The Following entities and their roles and responsibilities expanded: The Populist Party of Ontario, the “Party” is responsible for ensuring that all candidates mandate the tightest possible security and privacy controls at all locations, whether remote, in home, or in office. The Populist Party of Ontario is responsible for ensuring all candidates maintain security of information that may be stored within their offices. And to have knowledge of this policy. Candidates are responsible for ensuring the privacy, safety, and security of all information as may be in their possession, and further that they may bring out while canvassing. Candidates are responsible for providing the Chief Privacy Officer a list of volunteers, and staff, along with their respective criminal record checks. Further, Candidates must communicate any breaches, or suspected breaches to the Chief Privacy Officer. And to have knowledge of this policy.Members of the Legislative Assembly, any member of the party who is a member of the Legislative Assembly shall adhere to this policy and is responsible for reporting directly to the Chief Privacy Officer, any and all concerns that may relate to, or pertain the data or information of any elector, or any other document which the Party may be in possession of.
Employees, volunteers, and agents, are responsible for reporting directly to their supervisor, candidate, or the Chief Privacy Officer any and all breaches or suspected breaches of data privacy, or confidentiality. Employees, volunteers, and agents are responsible for upholding, and maintaining the security of all premises, or data which may be in their possession, and to have knowledge of this policy.Access, Updates and CorrectionsWe acknowledge that your information may change. You can contact us to change that information as you wish or have that information removed.Questions or Comments / Request for RemovalIf you have any questions, comments, or would like your information removed please feel free to contact us. We will be happy to investigate and act on your requests as soon as possible. The Populist Party Ontario is committed to adhering to and enforcing this policy.

Last Update / May 11, 2022. Matthew C. Olson, Chief Privacy Officer / Populist Party Ontario