Privacy Principles

Lakeridge Health (LH) has a robust Corporate Privacy Policy which outlines our commitment to the collection, use, disclosure, retention, and destruction of personal health information in accordance with applicable legislation, and with the following Canadian Standards Association’s internationally recognized set of information privacy principles.


Lakeridge Health has designated a Privacy Officer who is accountable for the organization’s compliance with the following principles. Accountability for the organization’s compliance with the principles rests with the designated Privacy Officer and his or her delegates, who will be made known upon request.

Identifying Purposes

The purposes for which personal information is collected shall be identified by the organization at, or before, the time the information is collected, in order to comply with the principles of Openness, Individual Access, Limited Collection, and Limited Use, Disclosure, and Retention,


The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate. Consent typically is sought at the time of collection of information, but in certain circumstances, it may be sought after the information has been collected but before use. Consent may be implied or explicit, verbal or written, depending on the circumstances and the type of information collected. An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. The organization shall inform the individual of the implications of such withdrawal.

Limiting Collection

The collection of personal information, both the amount and the type of information, shall be limited to that which is necessary for the purposes identified by the organization, and be obtained by fair and lawful means.

Limiting Use, Disclosure and Retention

Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes.


Personal Information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.


Personal information shall be protected by security safeguards appropriate to the sensitivity of the information, protecting the information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. Organizations shall protect personal information regardless of the format in which it is held. Methods of protection include: physical measures (i.e., locked filing cabinets and restricted offices); organization measures (i.e., security clearances and limiting access to a “need-to-know” basis); and, technological measures (i.e., passwords and encryptions). Care shall be used in disposal or destruction of personal information, to prevent unauthorized parties from gaining access to the information.


An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.

Individual Access

Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate. An organization shall respond to an individual’s request within a reasonable time and at minimal cost to the individual. When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, the organization shall amend the information as required, by correction, deletion, or addition of information. When a challenge is not resolved to the satisfaction of the individual, the substance of the unresolved challenge shall be recorded by the organization. The information amended or in question shall be transmitted to third parties having access to the information when appropriate.

Challenging Compliance

An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual accountable for the organization’s compliance.