My clients are my business. As an advisor, I am trusted with some of my clients’ most sensitive personal information. I must respect that trust and need my clients to be aware of my commitment to protect the information they provide in the course of doing business with me
I collect personal information in compliance with applicable laws and ethical business practices, in order to provide services and to conduct business. I limit the information that I collect to that which it is necessary for, or related to, these purposes
I abide by the Ten Privacy Principles. The Principles are based on the federal government’s privacy legislation, the Personal Information Protection and Electronic Documents Act
- Accountability: An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance with the following principles.
- Identifying Purposes: The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
- Consent: The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except when inappropriate.
- Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
- Limiting Use, Disclosure, and Retention: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by the law. Personal information shall be retained only as long as necessary for fulfillment of those purposes.
- Accuracy: Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
- Safeguards: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
- Openness: An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
- Individual Access: Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
- Challenging Compliance: An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals for the organization's compliance.
Infomation Collection and Use
I collect the information required to complete the task for which I am engaged, whether that is insurance, money products or financial plans.
Personal information is information that refers to you specifically. I will use fair and lawful means to collect your personal information. I will only collect information that is pertinent and consistent with the purposes of the collection. Whenever practical, I will collect the required information directly from the client, or from their authorized representative(s), in completed applications and forms, through other means of correspondence, such as the telephone, mail or the internet, and through their business dealings with me.
What I need to know and why
I collect information from my clients and about them, only with their consent, or as required or permitted by law. In general, I will collect personal information such as their name, address, telephone number(s) or other identifying information, such as their Social Insurance Number (SIN) or date of birth.
The type of additional information that I gather will depend on the type of product or service involved. The information gathered may be financial, which would include such information as place of employment, annual income, assets and liabilities. It may be investment or advice related, requiring information on such things as your financial goals and retirement plans. If the client is applying for insurance or group insurance benefits, it may also include health information or lifestyle related information, such as their occupation, travel history and plans, driving record or criminal record.
The consent is for me to establish a file and collect and maintain personal, medical & financial information and is to be signed by the client and placed in their file.
Protection of Personal Information
As the advisor, I am granted access to client information and must understand the need to keep the information protected and confidential. My procedures clearly communicate that I am to use the information only for the intended purpose(s).
If I hire a staff member, he/she will be required to sign a confidentiality agreement upon commencement of employment.
Retention of Personal Information
I will only keep clients personal information in my records for as long as it is needed to fulfill the identified purposes, or as required or permitted by law.
Clients may request copies of my privacy policies and procedures at any time.
Clients may request access to their information. I must respond to this request as quickly as possible, but no later than 30 days after the receipt of the request.
Clients may withdraw their consent at any time by contacting me as the Privacy Officer. However, they will be made aware that failure to provide adequate information may prevent me from completing the task for which we were engaged.
Exception to client access
Organizations must refuse an individual access to personal information:
- if it would reveal personal information about another individual unless there is consent or a life-threatening situation
- if the organization has disclosed information to a government institution for law enforcement or national security reasons. Upon request, the government institution may instruct the organization to refuse access or not to reveal that the information has been released. The organization must refuse the request and notify the Privacy Commissioner. The organization cannot inform the individual of the disclosure to the government institution, or that the institution was notified of the request, or that the Privacy Commissioner was notified of the refusal.
Organizations may refuse access to personal information if the information falls under one of the following:
- solicitor-client privilege
- confidential commercial information
- disclosure could harm an individual’s life or security
- it was collected without the individual’s knowledge or consent to ensure its availability and accuracy, and the collection was required to investigate a breach of an agreement or contravention of a federal or provincial law (the Privacy Commissioner must be notified)
- it was generated in the course of a formal dispute resolution process.