Blue Pebble Inc. is committed to excellence and focused on improving client outcomes. We ensure that by partnering with our clients, we provide the expertise to implement and support secure, interoperable and sustainable business and technology solutions that realize tangible benefits for the system and its users. We maintain a firm commitment to our client’s security and privacy. In that effort, we implement applicable security safeguards to protect the privacy of those who use our services.
Our Privacy and Security Framework is based on standards that utilize several proven methodologies and provide a comprehensive approach towards conducting risk management and meeting compliance objectives both for the government and the private sector clients within Canada.
Blue Pebble generally does not collect client’s information that personally identifies individuals except when individuals provide such specific information on a voluntary basis. If Blue Pebble consultants require access to personal information while conducting client services, our consultants strictly adhere and comply with the guidelines set out in Blue Pebble's Privacy and Security policies and procedures. It is the policy of Blue Pebble to control the collection, use, and disclosure of personal information. In certain circumstances personal information may be collected, used, or disclosed without the knowledge and consent of the individual. Exemptions include, but are not limited to, personal information gathered for:
- Legal, medical, or security reasons
- Detection and prevention of fraud or for law enforcement
- Journalistic, artistic or literary purposes if its use is confined to those purposes
Blue Pebble shall meet the following requirements unless exempted by the provisions stated above:
Blue Pebble is responsible for personal information under its control and shall designate a Privacy Officer to be accountable for Blue Pebble's compliance with all relevant Privacy regulations.
II. Identifying Purposes
The purposes for which personal information is accessed or collected shall be identified by Blue Pebble at or before the time the information is accessed or collected.
The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information.
IV. Limiting Collection
The access or collection of personal information shall be limited to that which is necessary for the purposes identified by Blue Pebble.
V. Limiting Use, Disclosure and Retention
Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as permitted by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.
Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
Blue Pebble shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
IX. Individual Access
Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
X. Challenging Compliance
An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for Blue Pebble's compliance.
Security and Privacy Standards
Blue Pebble Security and Privacy Standards are based on guiding principles set out at the following:
- ISO/IEC 27002:2005
- IPC or Office of the Information Privacy Commissioner of Ontario
- PIPEDA or Personal Information Protection and Electronic Documents Act
- PHIPA or Personal Health Information Protection Act
- FIPPA or Freedom of Information and Protection of Privacy Act
- RCMP/CSE Harmonized TRA Methodology
- SANS - Overview of Threat and Risk Assessment or TRA
Blue Pebbles Internal Security and Privacy Policies
All Blue Pebble staff are required to comply with the internal polices:
- Information Security Classification and Labeling Policy
- Security and Privacy Incident Management Policy
- IT Acceptable Use Policy
- Client Communication Policy
- Compliance Management Policy
- Security and Privacy Management Framework
All Blue Pebble members who collect, maintain and/or use personal information, are responsible for insuring that the collection, use and disclosure of this information is carried out in accordance with this policy and relevant procedures.
The Privacy Officer is accountable for Blue Pebble's policies and practices with respect to the management of personal information, and is the individual to whom complaints and inquiries can be forwarded.
How to Register a Privacy Complaint
You may register a privacy-related complaint by contacting Blue Pebbles Privacy Officer by using one of the following methods:
- Call: 416.363.3900
- Fax: 416.363.2872, Attn: Privacy Officer
- E-mail: firstname.lastname@example.org
84 Gerard St W
Toronto, Ontario M5G 1J5
Attention: Privacy Officer