BREB endeavors to maintain adequate physical, procedural and
technical security with respect to its office and information storage
facilities so as to prevent any loss, misuse, unauthorized access, disclosure, or
modification of Personal Information.
BREB further protects Personal Information by restricting access
to Personal Information to those employees and External Associates that the
management of BREB has determined need to know that information in order that
BREB may provide its services. BREB has a policy under which employee misuse of
Personal Information is treated as a serious offence for which disciplinary
action may be taken.
BREB attempts to strike a reasonable balance between security and
convenience. Staff will receive requests from members, in person, in writing,
bye-mail or by telephone, for Personal Information that the Board maintains on
each member. The best examples are a member's account information and education
information.
Personal Information requested or provided by telephone should not
be released or accepted to amend Board records until reasonable steps have been
taken to verify the identity of the person requesting or providing the Personal
Information. An example would be to request the member's password, as this
information can be verified from the membership database and is known only to
the Board staff and the member, before either providing the information
verbally or sending it by mail, fax or e-mail or using the information provided
to update the member's Personal Information. Personal Information may only be
provided to the individual, not to anyone else in the individual's firm,
including the manager, office secretary or a co-worker. Where feasible,
document consent to gather or disclose Personal Information when such consent
is provided verbally.
Staff will frequently receive requests from the public to either
verify if someone is a member or to locate that member. It is permissible to
confirm merely that someone is a member and if required, provide the member's
business contact information as displayed on the Board's public website.
Please refer to the policies on
i)
Information
Security,
ii)
Physical
Security,
iii)
Record
Retention,
iv)
Collection,
Use and Disclosure of Personal Information, Employee Privacy Policy
v)
the
Board's Privacy Policy for further information on how Personal Information is
handled by employees.