Farm Mutual Foundation Other Organizations Glossary Contact Us Login
CAMIC
Who Are We?
History
Code Of Ethics
Board and Management
Our Members
Search
Demutualization
Employment Available
Members Only
Board Of Directors Only
Why Do Business With Us
Consumer Protection
Photo Gallery

Who Are We?

Code Of Ethics

MINIMUM CODE OF BUSINESS CONDUCT AND PRACTICE FOR P&C MUTUAL INSURANCE COMPANIES, THEIR BOARD OF DIRECTORS, EMPLOYEES AND AGENTS

Foreword

The following guidelines are recommendations concerning a minimum code of business conduct and practice which should be adhered to by mutual insurance companies, their board of directors, employees and agents. It has been drawn up, among other things, in accordance with the principles figuring in the CSA Standard CAN/CAS Q830, Model Code for the Protection of Personal Information.

Recognizing that the financial services industry is, must be, and will likely continue to be, highly regulated, mutual insurance companies, as well as their agents and brokers, are committed to strict adherence to the letter and the spirit of the laws, rules and guidelines governing the industry.

The objective of these guidelines is to gain and maintain the client's and the public's trust while serving the clients and operating the company in the most appropriate manner. The guidelines cover the management of personal information (collection, possession, protection, use, disclosure, verification and correction) and the conduct of companies' Board of directors, employees and agents.

Note :

(1) Although the following clauses use prescriptive language (ie, the words "shall" or "must"), this document is a voluntary standard. Should an organization choose to adopt the principles and general practices contained in this Standard, the clauses containing prescriptive language become requirements.

I - DEFINITIONS

The following definitions apply to the Guidelines:

A "company" refers to a mutual insurance company which is a member of the Canadian Association of Mutual Insurance Companies.

"Personal information" refers to any information relating to an identifiable individual that is recorded in any form, including, but not limited to, a person's name, address, telephone number, age, family status, occupation, medical and health records, assets, liabilities, income, credit and payment records, previous insurance records, driving records and history of claims filed.

II - SCOPE AND PURPOSE OF THE GUIDELINES

The guidelines are to assist Canadian mutual insurance companies in developing and implementing:

- policies concerning the conduct of board of Directors, employees, agents and brokers, and;

- minimum standards of practices with respect to the management of personal information.

III - TREATMENT OF COMPANY ASSETS AND OF PERSONAL INFORMATION, CONFLICT OF INTEREST AND HUMAN RIGHTS

The mutual insurance company owns assets of property and information to which it is legally entitled. These assets are not to be used in any way, shape or form, for personal gain. Included in these assets are systems, programs and processes developed internally which may provide a competitive advantage.

If a director, an employee or agent has access to the company's computer, he/she must ensure that the company's computer hardware or software systems, and the information thereof, are not used for personal gains.

Any external personal or business interests that could compromise sound judgment or diminish the director, employee or agent's personal commitment to policyholders or the company should be avoided.

Company directors, personnel and agents will maintain, utilize and dispose of all personal information in a manner commensurate with the sensitivity of the information. They will grant access to such information only to those with legitimate business needs.

The company supports and conducts its business in accordance with human rights legislation. Discrimination or harassment in the workplace with respect to such matters as race, colour, sex, sexual orientation, age, citizenship, creed, handicap is strictly forbidden. To maintain objectivity, members of one's immediate family who work with the company will not ordinarily have direct reporting relationships.

IV - PURPOSE SPECIFICATION OF PERSONAL INFORMATION COLLECTION

The company will collect personal information on the policyholder only for the purposes of:

- establishing and maintaining communications with the individual,

- underwriting risks on a prudent basis,

- investigating and paying claims,

- offering and providing products and services,

- complying with the law, and

- compiling statistics.

The purposes for which personal information is collected shall be specified to the individual before the collection of the information, except in cases where information is being collected for the detection and prevention of fraud or for law enforcement.

V - QUALITY OF PERSONAL INFORMATION COLLECTED

The personal information being collected should be pertinent to the purpose identified.

Efforts should be made to ensure that the personal information so collected is as accurate, complete, and up-to-date as possible for the purposes for which it is collected.

VI - LIMITATION OF PERSONAL INFORMATION COLLECTION

The company will collect personal information only for the purposes identified in section IV.

The company will use only lawful means to obtain personal information. The information will be collected directly from the individual, whenever possible. If it must be requested from a third party such as brokers, the Insurance Crime Prevention Bureau, the Insurers' Advisory Organization and underwriting or claims information networks, the individual's prior authorization must be obtained.

The authorization sought from the policyholder should be clear and simple, and sufficiently broad in scope to avoid the need for several authorizations with respect to one insurance policy. If the information previously provided is to be used for other purposes than those previously stated to the policyholder, a new authorization should be obtained from the policyholder.

VII - USE, DISCLOSURE AND RETENTION OF PERSONAL INFORMATION

As stated in section VI, the company should obtain the policyholder's consent if the personal information is to be used for purposes other than those specified at the time his or her consent was sought, except:

- where it is required by law;

- when served with subpoenas, search warrants and other court or government orders from other parties empowered by legislation;

- in the discharge of public duty;

- for, as part of the underwriting process, the transfer of personal information to other insurance companies which share in the risk.

Personal information shall be retained only as long as necessary for the fulfilment of the purposes identified. Companies shall develop guidelines and implement procedures with respect to the retention and the destruction of personal information, with minimum and maximum retention periods being specified. Personal information that is no longer required should be destroyed, erased or made anonymous.

VIII - SECURITY SAFEGUARDS FOR PERSONAL INFORMATION

Personal information should be protected by security safeguards. Comprehensive safeguards should protect personal information from loss or theft, unauthorized access, disclosure, copying, use or modification, regardless of the format in which it is held.

The company should take measures to make their employees aware of the importance of maintaining the confidentiality of personal information. Directors, employees and agents should recognize in writing their obligation to preserve the confidentiality of personal information.

The company should ask businesses providing it with goods and services such as brokers, data processors, loss control managers, claims adjuster, etc. to treat personal information as confidential, complying with these guidelines, or as regulated by law.

IX - POLICYHOLDER'S ACCESS TO PERSONAL INFORMATION

A policyholder shall be given access to the personal information (on him or her) retained by the company. He or she shall be able to challenge the accuracy and completeness of the information and have it amended, erased or completed, as appropriate. The company shall provide the information:

- in an understandable form;

- within reasonable time and, if necessary, for a reasonable fee.

The company shall put procedures in place to receive and respond to complaints or inquiries about their policies and practices relating to the handling of personal information. The company shall also designate a person, or persons, responsible for the protection of personal information.

Exceptions to the above access rights should be limited and specific. It may include information that is prohibitively costly to provide, information containing references to other individuals, information that cannot be disclosed for legal, security or commercial proprietary reasons, and information subject to solicitor-client or litigation privilege.

When a challenge is not resolved to the satisfaction of the individual, it should be recorded by the company. A dissatisfied policyholder should be given accurate information as to how to complain to the appropriate provincial authorities.

Top
Built by Biz-Zone