Personal information is information that pertains to a natural person and allows others to identify this person. 
This information may be written, drawn, audio, visual, electronic, etc. and may, for example, take the form of e-mails, notes in a file, photographs, recordings of telephone conversations or videos. 

Often, the following personal information is found in insurance files: 

• Identification information: name, home address, home or cell phone number, e-mail address.
• Financial information: credit file, bank account or credit card numbers.
• Information on personal business: report from the Automobile Claims Database or the Société d’assurance automobile du Québec.  

You must obtain consent for collecting, using and communicating personal information from each of the co-insureds. 

Yes. The Act provides for certain exceptions to the principle of confidentiality. 

For example, if a file is under investigation by the syndic of the Chambre de l’assurance de dommages, he may ask for and obtain this information without the consent of the insured. Similarly, a tribunal may, under certain circumstances, allow a representative to testify regarding the personal information of an insured. 

Also, an insurance broker who wishes to recover a sum of money owed to him may hire a collection agency that holds a licence from the Office de la protection du consommateur and provide it with the information necessary for the agency to carry out its work.

The Chambre de l’assurance de dommages has created a form entitled Consent for the collection and communication of personal information when making a claim. This form respects the principles of the Act and may be used as a model consent form for the collection and communication of information for other purposes. 

It contains the following details: 

• The object of the file; 
• The identity of the persons from whom the insured authorises the collection of personal information; 
• The identity of the persons to whom the insured authorises the communication of personal information; 
• The use that will be made of information collected or communicated; 
• The nature of the information exchanged; 
• The period of time during which the consent is valid; 
• The place where the file thus constituted will be held; 
• The right to access and rectify the file.  

When you receive a request to access or rectify personal information, you must: 

• Verify the identity of the person requesting the information and validate his right to access; 
• Note the date you received the request; 
• Follow up on the request as quickly as possible, at most, within 30 days of having received the request; 
• If you refuse a request for access, inform the person requesting the information in writing. Explain the reasons behind your refusal and refer to the provisions of the Act that you have used to justify your decision. Furthermore, you must inform the person of his right to contest your decision. The Commission d’accès à l’information provides individuals with a model notice of recourse; 
• If you refuse an application for access, keep the information for which this application was made until the person requesting it has exhausted all avenues of recourse provided for under the Act; 
• If you receive an application for rectification in order to add or change personal information recorded in a file: send the person making the request, free of charge, a copy of any personal information that has been changed or added to his file; 
• If you remove personal information from a file following a request for rectification: send the person making the request an attestation that the personal information has been removed.