Personal Information Protection
The purpose of this policy is to govern the collection, use and disclosure of personal information by Obsidian Energy Ltd. (the Company) in a manner that recognizes both the right of an individual to have his or her personal information protected and the need of the organization to collect, use or disclose personal information for business purposes.
Personal Information Definition
Personal information is defined as: any factual or subjective information about an identifiable individual. It includes age, name, weight, height, medical records, id numbers, income, ethnic origin, blood type, opinions, evaluations, comments, social status, disciplinary action, credit records, loan records, disputes and the like. It does not include business information that might be contained on a business card or information that is publicly available. In terms of Obsidian Energy’s day-to-day business, this information is collected from landowners, vendors, and neighbours. For example, the banking information of landowners and emergency contact information of people residing next to our gas plants are considered personal.
The collection of personal information must only be done with written and/or verbal consent from the individual. Implied consent can be used when the collection of personal information is clearly for the benefit of the individual. Collection of personal information includes electronic data and paper records, i.e. information in any form. Collection must be done with a stated intended purpose for the information and the timeline for retention of the material.
All personal information will only be used for the intended purpose when collected. When any personal information is collected, Obsidian Energy must identify why it is needed and how it will be used. Consent to use the information for a new purpose must be obtained. For example, an emergency contact list cannot be shared for the purpose of organizing a community barbeque.
All personal information will only be disclosed to employees and contractors who have needs in their jobs which require the data. Additional consents may be requested to disclose the information for new uses. For example, the additions of a person’s information on an emergency response plan after they have signed a lease with us.
When requesting personal information, the timeline of retention must be given. Landowner information, for example, should be kept the length of time the Company owns the property plus seven years.
Individuals have access to their personal information at all times. Requests to view personal information, once received by the Privacy Officer will be met within 30 days. To be able to meet these requests please keep all personal information in one secure location.
All reasonable attempts will be made to keep all personal information secure regardless of the format of the information. This demands that we store files in a locked, secure environment with ease of access during normal business hours and, as necessary, the ability to access the files in off hours.