Access and Privacy

December 2017

Commitment

In implementing its mandate under the Resource Recovery and Circular Economy Act, 2016 (RRCEA) and the Waste Diversion Transition Act, 2016 (WDTA), the Authority is committed to protecting the Commercially Sensitive Information and Personal Information it receives or creates in the course of conducting its business operations and performing its regulatory functions while allowing access to Public Information.

Definitions

  • Access means access by an individual or an organization to information in the custody or control of the Authority.
  • Authority means the Resource Productivity and Recovery Authority.
  • Commercially Sensitive Information means information that, if disclosed, could reasonably be expected to prejudice the commercial interests of a person.
  • Confidential Information means information that the Authority obtains in performing a duty or exercising a power under the RRCEA or the WDTA and which is required by those Acts to be kept confidential by the Authority. Confidential Information includes Personal Information and Commercially Sensitive Information.
  • Personal Information means information about an identifiable individual, or by which an identifiable individual can be deduced, whatever the format.
  • Public Information means any information, other than Confidential Information, obtained by the Authority in performing a duty or exercising a power under the RRCEA, the WDTA and made available pursuant to section 57 of the RRCEA and section 70 of the WDTA.
  • Registrar means the person appointed pursuant to section 45 of the RRCEA.
  • Registry means the electronic registry required to be established pursuant to section 50 of the RRCEA.

Principles

The following principles apply to the management of information by the Authority:

  1. Information collected by the Authority will be managed in compliance with the Authority’s obligations under the RRCEA and WDTA;
  2. Information will be collected only to the extent necessary to fulfil the Authority’s mandate;
  3. Information will only be used for the purpose of fulfilling the Authority’s mandate;
  4. Confidential Information will be kept confidential, except where the RRCEA and WDTA permit disclosure;
  5. Everyone will have access to Public Information; and
  6. The Authority’s Registry will be the primary method of collecting information and providing access to Public Information.

Application

This Code applies to the Authority’s Board of Directors, staff and contractors.

Purposes for which information is collected, used or disclosed

The Authority is subject to the RRCEA and the WDTA and has specific obligations under each statute to protect Confidential Information that is collected by the Authority.

The Authority will collect, use, disclose and retain information solely for purposes related to the performance of its duties or exercise of its powers, and in compliance with its confidentiality obligations contained in section 57 of the RRCEA and section 70 of the WDTA.

Specifically, those provisions require that the Authority, including the members of the Board and its officers, employees and agents, preserve secrecy and not communicate any information, including Confidential Information, obtained in the course of performing a duty or exercising a power under the Acts, except in specified circumstances as set out in section 57 of the RRCEA and section 70 of the WDTA.

These sections contain a number of exceptions, which allow the Authority and people acting on behalf of the Authority to disclose information:

  1. As may be required in connection with a proceeding under the Acts or in connection with the performance of its duties and exercise of its powers under the Acts;
  2. To the Minister, the Ministry or an employee or agent of the Ministry;
  3. To a peace officer, as required under a warrant, to aid an inspection, investigation or similar proceeding undertaken with a view to a law enforcement proceeding or from which a law enforcement proceeding is likely to result;
  4. With the consent of the person to whom the information relates;
  5. To the counsel of the person to whom the information relates;
  6. To the extent that the information is required or permitted to be made available to the Minister or the public under the RRCEA, WDTA or any other Act; or
  7. Under further circumstances that may be prescribed by regulation.

Examples of regulatory functions that may result in the collection, use, disclosure or retention of information include, but are not limited to:

  1. The operation of the Registry to collect the information required to be provided to the Authority under the RRCEA and the WDTA;
  2. Acquiring evidence related to enforcement of the RRCEA and WDTA;
  3. Receiving and reviewing complaints about alleged contraventions of those Acts; and
  4. Collecting and using information to facilitate the Authority’s performance of its duties and exercise of its powers.

At the time of collection, the Authority shall inform persons of the purpose for which the information is being collected and could be used or disclosed, except where information is being collected as part of an inspection or investigation.

Personal Information will be collected, wherever possible, directly from the individual to whom it belongs, but under certain circumstances and consistent with its duties and powers, the Authority may also collect Personal Information from third parties who have the authority to disclose the Personal Information or where the collection is otherwise authorized by law.

Consent

The Authority respects and values an individual’s right to provide or withhold consent in relation to his or her Personal Information. Except where the law authorizes collection and use of Personal Information without consent, prior to collecting and using Personal Information, the Authority will obtain the consent of the individual to whom the Personal Information belongs or from someone duly authorized to act on that individual’s behalf. The Authority will obtain that consent at the point of collection. Consent will not be sought where Personal Information is required by law to be provided to the Authority.

Accuracy

Accurate information is vital to the Authority’s ability to carry out its objects. The Authority will take reasonable steps to ensure that the information that it collects, uses, discloses and retains is accurate. This may include contacting individuals who have provided the Authority with information in order to verify accuracy or refusing to accept information that does not comply with the requirements of the RRCEA and WDTA and any other steps considered necessary to ensure accuracy of the information.

Any information that is submitted to the Registry will be accessible to the submitter and there will be a procedure for updating information or providing corrections to previously submitted information contained in the Registry.

Access to Information

1. Confidential Information

In accordance with the Authority’s legal obligations under the WDTA and RRCEA, the Authority is obliged to keep confidential information that it acquires while performing its duties and exercising its powers under the Acts, unless a specific statutory exception or requirement applies. Registry procedures will be in place to protect that information and will include controls for access and use of that information by Authority staff.

2. Public Information

The Authority will provide the public with access to Public Information that is published by the Authority on the Registry, subject to any regulations under the RRCEA.

Examples of the type of Public Information published by the Authority on the Registry include:

  1. Procedures for submitting information to the Registry;
  2. Information and activities related to persons with responsibilities under Part IV of the RRCEA as required by the regulations made under the RRCEA;
  3. Information for consumers looking to return end-of-life products for resource recovery;
  4. Information relating to the collection and management of designated products and packaging;
  5. Information about orders issued by the Registrar, Deputy Registrar and inspectors, and other compliance actions taken;
  6. Description of consultation activities carried out by the Authority and the outcomes;
  7. Governance documents of the Authority including its by-laws, Operating Agreement, business plans and annual reports;
  8. Fees, costs and charges established by the Authority;
  9. Minutes of meetings of the Authority’s Board of Directors; and
  10. Agreements between the Authority and industry funding organizations and industry stewardship organizations that form part of waste diversion programs under the WDTA.

While the Registry will be the method of making Public Information accessible to the public, those who wish to request information not published on the Registry may contact the Authority directly by email to info@rpra.ca or by mail at 4711 Yonge Street, Suite 408, Toronto, Ontario M2N 6K8.

The Authority may require a requestor to cover the Authority’s reasonably incurred costs to provide such information.

While the Authority will provide a response to requests for information, the Authority will not release certain information; including but not limited to:

  1. Personal Information;
  2. Confidential Information, except where authorized by the RRCEA or WDTA;
  3. Information subject to legal privilege;
  4. Commercial agreements between the Authority and other parties and related documents and communications;
  5. Minutes of meetings of committees of the Authority’s Board;
  6. In camera minutes of meetings of the Authority’s Board; and
  7. Information related to inspections, investigations and other compliance activities that are in progress.

3. Personal Information

Since Personal Information will be submitted primarily through the registration process to meet requirements imposed by regulation, access to a registrant’s Personal Information will be available whenever the registrant logs in to the Registry. Registry procedures will govern the process for correcting or changing Personal Information.

Training

The Authority’s Board of Directors and staff will receive training on the requirements of this Code and all procedures related to the management and use of information acquired by the Authority.

Accountability

The Registrar is accountable for monitoring compliance with the requirements of this Code.

Safeguards

The Registry is designed to protect information in the Registry with technological, administrative and physical safeguards that represent best practices related to cyber security.

Registry procedures govern access to the Registry on the basis that the Confidential Information stored in the Registry is properly protected against theft, loss and unauthorized use or disclosure.

As part of the registration process, registrants will have to agree to the terms of use that will govern their interaction with the Registry.

Paper records maintained for compliance purposes will be protected in accordance with procedures developed for the purpose.

Complaints

Any person wishing to make a complaint related to the Authority’s management of information may do so by email to information@rpra.ca or by mail at 4711 Yonge Street, Suite 408, Toronto, Ontario M2N 6K8.

Any complaint received will be addressed and recorded in accordance with Registry procedures, which will be publicly available on the Registry, along with this Code.

Effective Date

This Code comes into effect on December 14, 2017 and will be reviewed from time to time as required by the Authority’s Board of Directors.