Law Firm Compliance: Key Privacy Considerations for Lawyers and Law Firms in Ontario
|
|
- Brianne Wheeler
- 8 years ago
- Views:
Transcription
1 PRIVACY COMPLIANCE ISSUES FOR LAW FIRMS IN ONTARIO By Sara A. Levine 1 Presented at Law Firm Compliance: Key Privacy Considerations for Lawyers and Law Firms in Ontario Ontario Bar Association, May 6, of Fasken Martineau DuMoulin LLP. This paper expresses the personal views of the author and does not necessarily reflect the position of Fasken Martineau DuMoulin or its clients.
2 This paper addresses certain issues that may arise for lawyers and law firms in Ontario in the context of ensuring compliance with the Personal Information Protection and Electronic Document Act (Canada) (the "PIPEDA"). This paper is not intended to present a comprehensive picture of the issues and challenges presented by this new legislation; rather it attempts to highlight particular issues arising as a result of the tension between our traditional duties and modes of practice and the requirements of the statute. 1. Overview of the Legislation The PIPEDA regulates private sector organizations in respect of the collection, use and disclosure of personal information by the organization in the course of commercial activity. Pursuant to the PIPEDA, an organization must obtain the informed consent of the subject individual prior to collecting, using or disclosing his or her personal information in the course of commercial activity. The PIPEDA provides that, subject to certain exceptions, an organization shall not collect, use or disclose an individual s personal information in the course of a commercial activity without that individual s prior knowledge and consent. Although agency law principles arguably raise issues with respect to the application of some privacy law obligations to lawyers, there is little doubt that in most contexts, a law firm is engaged in commercial activities when providing services or otherwise operating its business. Further, the organization may only collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances. While the impact of this requirement is not further explored in this paper, law firms should be cognizant that it may have implications for the extent to which they use personal information for purposes other than the provision of services, and ask the question: regardless Privacy Compliance Issues for law Firms in Ontario
3 Page 3 of whether we may rely on a consent, is it appropriate in the circumstances to use or disclose this personal information for this purpose? The PIPEDA also imposes a number of administrative obligations on organizations, the first of which is to designate an individual to oversee the firm s privacy compliance (generally referred to as the Chief Privacy Officer ). The Chief Privacy Officer must ensure that the organization establishes, and trains its employees to apply, policies and procedures to ensure that it, among other things: limits the collection of personal information to what is necessary to fulfil the identified purposes; limits use and disclosure of personal information to those purposes for which it has consent or are otherwise permitted by law; limits the disclosure to persons in the organization who need to know the personal information; retains the personal information only so long as is necessary; maintains the accuracy of the personal information; and establishes and maintains security measures against loss, theft, unauthorized access, disclosure, copying, use and modification. The organization must also make public its privacy polices and practices, ensure that an individual may generally within 30 days of a request obtain access to the personal information it has about him or her, and must receive and respond to complaints made by individuals regarding compliance with the legislation.
4 Page 4 The PIPEDA does not apply to information about an organization s employees that is collected, used or disclosed by the organization for employment purposes. Provincial privacy legislation does apply to the collection, use and disclosure of personal information for employment purposes. Accordingly, national law firms must be mindful of the impact of provincial privacy laws on their national privacy policies and practices. Provincial privacy legislation is not discussed in detail in this paper, but it should not be forgotten that Quebec, 2 British Columbia 3 and Alberta 4 each has enacted private sector privacy legislation. Quebec s law has been declared substantially similar" to the PIPEDA and, at the time of writing, the necessary Orders-in-Council to declare B.C. s and Alberta s statutes to be substantially similar have been proposed. When those Orders come into force, organizations to which those Acts apply will be exempt from the PIPEDA within the respective province. In addition, Manitoba, Saskatchewan and Alberta have health sector privacy legislation and Ontario s Bill 31, the Personal Health Information Protection Act, is expected to come into force on January 1, The other provinces do not currently have any generally applicable private sector privacy legislation, and it is expected that they will not enact their own legislation but simply rely on the PIPEDA. 2 An Act respecting the protection of personal information in the private sector, R.S.Q. c. P Personal Information Protection Act, S.B.C. 2003, c Personal Information Protection Act, S.A. 2003, p. P-6.5
5 Page 5 2. Key Definitions Personal information is broadly defined in s. 2 of the PIPEDA as any information about an identifiable individual, with the exception of the name, title, business address or telephone number of an employee of an organization. This includes, but is not limited to, an individual s address, gender, age, ethnic origin, race, ID numbers, financial and credit information, personal health information, shareholdings, criminal records, family status, sexuality, relationships, religious affiliations, employment history, education, personal habits, personal interests and personal history. Obviously, all of these types of information can be found in retainers, s, memos, letters, agreements, wills, trust documents, opinions, pleadings, releases and other documents, and the drafts of any such documents. Departments within a firm, such as accounting, marketing, corporate services and human resources will also contain significant amounts of personal information. An individual s name need not be attached to the information in order for it to qualify as personal information. If it can be linked with identifying information, it will be personal information. Conversely, personal data that has been anonymized" or stripped of any personal identifiers, will not be personal information. Commercial activity is defined in s. 2 as any particular transaction, act or conduct or a regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fundraising lists.
6 Page 6 An organization is defined to include a partnership and a person. Obviously, then, based on the sheer breadth of these definitions, the PIPEDA has the potential to impose significant restrictions on the ability of lawyers and law firms to deal with personal information. 3. The Difference between the Right to Privacy and the Duty of Confidentiality The basic premise of the PIPEDA is that organizations have a duty to protect personal information and individuals have a corresponding right to control how the organization handles their personal information. Therefore, regardless of who generated the personal information, the subject individual has the right to control what a law firm does with it, to have access to it upon request, and to have it corrected, subject to limited exceptions. It is this right of control that distinguishes the right to privacy from the duty of confidentiality the obligation of an individual to keep confidential any information communicated in circumstances of confidence. Now, the duty of confidence is incorporated into this broader obligation to protect personal information. This broader duty raises two issues for lawyers. First, PIPEDA mandates protection of all the information the organization has about any identifiable individual, located anywhere in the firm. Accordingly, non-clients now are owed duties in respect of their personal information that a lawyer collects, uses and discloses. All lawyers are familiar with their fundamental fiduciary
7 Page 7 obligations to their clients, but the PIPEDA s imposition of these broader obligations - especially to non-clients - is new. Secondly, the security obligations under PIPEDA require organizations to use safeguards that are appropriate to the sensitivity of the information. These safeguards must protect information against loss or theft, and also against unauthorized access, disclosure, copying, use or modification. More sensitive information should be safeguarded by a higher level of protection. Safeguards include physical measures such as locked filing cabinets, and organizational measures such as limiting access on a need to know basis. 5 The impact of the security obligations on law firms is unresolved and the matter of some debate. In the context of a law firm, which is in the business of providing advice in respect of sensitive personal matters, how is the notion of sensitivity applied to limit access to personal information? When a document contains sensitive personal information, can different members of a law firm utilize it as a precedent? When a research memorandum sets out the particular client s facts in detail including personal information, must access to the memo thereafter be strictly limited? Is use of the document also use of the personal information? How does a law firm engage in the cost-effective provision of service, thereby increasing access to justice, if privacy laws are applied to create what may amount to walls around each client file or matter? How is lawyer training accomplished when young lawyers may not have access to existing research memoranda for reference purposes? How can a law firm effectively supervise, or administer its billing and 5 PIPEDA, clause 4.7.3
8 Page 8 accounting functions, if access to sensitive personal information is strictly limited? In a profession in which the sharing of confidences among partners and associates is a common-law presumption, the tension between these duties and obligations poses real challenges. 4. Access Rights and Privilege The PIPEDA requires organizations to put into place policies and procedures to enable an individual to request from the organization, and with certain limited exceptions, to be provided, access to the personal information about that individual. The PIPEDA contains detailed provisions requiring organizations to disclose to the individual, generally within 30 days of receipt of the written request, any personal information about the individual that the organization has in its possession. These access provisions present very specific problems for lawyers. First, locating all the personal information of an individual may be difficult, depending on the nature of the file or the location of the records. In addition, with limited exceptions, clients are entitled to have access to most of the contents of the client file in any event, but now, non-clients may also be granted access to information in a file, in certain circumstances. What this means for the administration of access requests is uncertain. Access may only be refused for very limited reasons including (per subsection 9(3)(a)) when the information is solicitor-client privileged (but note, there is no statutory exception for litigation or work product privilege, raising issues about the extent of the privilege exception). In light of the
9 Page 9 limits placed on solicitor-client privilege by the Courts in recent years, the question of whether a particular piece of information is solicitor-client privileged is not straightforward. There is also an exception to the right of access if the information is generated in the course of a formal dispute resolution process (ss. 9(3)(d)), but outside the litigation context this exception may provide little assistance. A law firm also possesses a great deal of personal information that is not client-related. For example, personal information includes the information stored on the marketing database, and in employee files (for example, resumes and other information about individuals the firm considered hiring but ultimately did not hire, or information regarding former employees). An individual s right of access extends to the information located in these files as well. 5. General Issues with Respect to the Personal Information Held by a Law Firm The PIPEDA governs a law firm in respect of the personal information it collects, uses and discloses for its own business purposes and in respect of the personal information it collects from its client or on their behalf, to use or disclose in the course of the retainer. A law firm collects from clients and others, personal information that is about clients, non-clients, adverse parties, third parties, witnesses, employees of clients, experts and consultants relied upon by clients, and sometimes personal information about opposing counsel. Such personal information is often located in a number of places. Paper files contain a great deal of personal information about a potentially very large number of identifiable individuals. Personal information about clients and
10 Page 10 others will also be held in electronic form in the documents prepared by lawyers and clerks in the course of the retainer. Further, many lawyers use a customer relationship management database, to collect personal information on clients and others for use by the lawyers in their client development and management activities. Research memoranda may be retained to be used as reference material. A precedents database may also be used to keep and categorize useful precedents. The effect of PIPEDA on these areas should not be overlooked. In the next section of this paper the potential impact of privacy law on the major departments in a law firm is briefly discussed. Regardless of the size of a law firm, the principles of the following discussion remain the same. Information Technology: This is obviously the department with overall responsibility for the way in which much of the information held by a law firm is stored. For the IT department, the major issues will be limiting access to information those individuals who need to know the information to carry out their job function, and developing other security safeguards such as the use of anonymizing technology and operational safeguards. For example, a hierarchy of roles or functions may be assigned, with roles assigned levels or degrees of access. Access may also be limited by department, with walls established between the professionals and their assistants, and the staff who have access to accounting information or human resources information, but not to client information. Passwords, firewalls and secure encryption may also be utilized. Laptops, handheld devices and wireless networking also raise security issues.
11 Page 11 Website: The firm website must also be considered. If personal information is collected through the website, the appropriate procedures will be required. Cookies are frequently used on websites in order to facilitate better utilization of the site by the user. Cookies often collect personal information, which raises privacy issues. For example, in a finding of the Privacy Commissioner of Canada, the use by an airline of permanent and temporary cookies on its website to permanently collect language and country of choice and temporarily collect name, mileage balance, country code and language preference amounted to a collection under the Act. Because the website was coded in such a way that a user could not proceed until the cookie had been stored, a user who had configured his browser to disable cookies could not access the site. The Commissioner found that because the denial of access to the site amounted to a requirement to provide, as a condition of the provision of service, more personal information than was necessary, the organization was in breach of the Act. 6 Human Resources: While the PIPEDA does not apply in respect of employee information, HR departments often contain a great deal of personal information related to prospective employees (i.e., applicants), past employees and partners. Such personal information is subject to the PIPEDA. And, in any event, provincial legislation does apply to to personal information about employees in B.C., Alberta, and Quebec and, accordingly, law firms with offices in those provinces will have to treat such information in accordance with the applicable legislation. 6 PIPED Act Case Summary #162
12 Page 12 Administration: Often an administration department is responsible for third party contracts with service providers, some of which provide services that involve personal information. Accordingly, those contracts will need to be examined to ensure compliance. For example, closed client files are frequently stored in off-site storage, provided by a third party storage company. Mail rooms, copying services and other administrative matters may be outsourced. Where personal information is transferred by a law firm to a third party service provider for processing, the law firm remains responsible for ensuring a comparable level of protection while the information is being processed. Accordingly, those departments must be assessed and the agreements with these service providers will have to be reviewed and updated. Billing and Accounting: Time dockets contain details of the work done on the client s behalf, and client information includes financial and accounts receivable status, record of payments and other financial information. Where this information is about an identifiable individual, it will be personal information. The ways in which such personal information is collected, used and disclosed for accounting purposes must be assessed and the contracts with any third party providers such as systems providers or contract accounting professionals must be examined and updated. In addition, a law firm may wish to consider its policies with respect to, for example, file naming conventions and conflict searches, which may raise issues relating to the security obligations and the "need to know" principle. Marketing: Client databases are often maintained by a marketing department. Contact information and other client details (such as family status, number of children, interests or
13 Page 13 education) may be added to the database in an ad-hoc manner whenever instructions are received from any lawyer or staff member. Frequently law firms communicate with clients for marketing purposes through , newsletters or legal updates. These communications may use personal information (i.e., personal addresses, interests or preferences). An assessment of the number and types of databases maintained for marketing purposes, and the information contained therein, should be undertaken. Corporate Services: Many law firms maintain corporate records on behalf of clients. These records contain personal information about shareholders, officers and directors. This information may reside on a database, and may also be contained in paper files in a corporate records department. The nature and extent of such information will require assessment and the appropriate procedures should be addressed. 6. Balancing Legal Requirements and Business Goals At the foundation of all privacy legislation is the requirement that an organization must obtain the informed consent of the individual prior to collecting, using or disclosing his or her personal information. A large proportion of the personal information held by a law firm is obviously about clients. But an equally large proportion is about non-client third parties: relatives or business associates of individual clients, adverse parties, witnesses, officers or employees of clients, experts and consultants, and various other third parties, many of whom might ordinarily never know that the law firm has such personal information. The administrative obligations imposed
14 Page 14 by the legislation require all organizations, including law firms, to ensure that safeguards appropriate to the sensitivity of the information are implemented to prevent unauthorized access, use, disclosure, modification or destruction of the personal information in its possession. It remains to be seen how the PIPEDA will be applied to law firms, in light of the unique nature of the work that lawyers do and the central function lawyers fulfil within the justice system. There is no doubt, however, that the application of privacy laws to lawyers in private practice is going to change the way we all do business.
The Manitoba Child Care Association PRIVACY POLICY
The Manitoba Child Care Association PRIVACY POLICY BACKGROUND The Manitoba Child Care Association is committed to comply with the legal obligations imposed by the federal government's Personal Information
More informationTHE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK
THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK REVISED August 2004 PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK Introduction
More informationPersonal Information Protection and Electronic Documents Act (PIPEDA)
Introduction Personal Information Protection and Electronic Documents Act (PIPEDA) Policy and The Insurance Brokers Association of Alberta is committed to respect the privacy rights of individuals by ensuring
More information3. Consent for the Collection, Use or Disclosure of Personal Information
PRIVACY POLICY FOR RENNIE MARKETING SYSTEMS Our privacy policy includes provisions of the Personal Information Protection Act (BC) and the Personal Information Protection and Electronic Documents Act (Canada),
More informationTaking care of what s important to you
A v i v a C a n a d a I n c. P r i v a c y P o l i c y Taking care of what s important to you Table of Contents Introduction Privacy in Canada Definition of Personal Information Privacy Policy: the ten
More informationBoys and Girls Clubs of Kawartha Lakes B: Administration B4: Information Management & Policy: Privacy & Consent Technology
Effective: Feb 18, 2015 Executive Director Replaces: 2010 Policy Page 1 of 5 REFERENCE: HIGH FIVE 1.4.3, 2.2.4, 2.5.3, PIDEDA POLICY: Our Commitment Boys and Girls Clubs of Kawartha Lakes (BGCKL) and the
More informationDoing Business. A Practical Guide. casselsbrock.com. Canada. Dispute Resolution. Foreign Investment. Aboriginal. Securities and Corporate Finance
About Canada Dispute Resolution Forms of Business Organization Aboriginal Law Competition Law Real Estate Securities and Corporate Finance Foreign Investment Public- Private Partnerships Restructuring
More informationCredit Union Code for the Protection of Personal Information
Introduction Canada is part of a global economy based on the creation, processing, and exchange of information. The technology underlying the information economy provides a number of benefits that improve
More informationCloud Computing: Privacy and Other Risks
December 2013 Cloud Computing: Privacy and Other Risks by George Waggott, Michael Reid and Mitch Koczerginski, McMillan LLP Introduction While the benefits of outsourcing organizational data storage to
More informationSUBJECT: VOYAGEUR TRANSPORTATION CORPORATE POLICIES/PROCEDURES TITLE: PRIVACY OF PERSONAL HEALTH INFORMATION
SUBJECT: VOYAGEUR PAGE 1 1.0 PURPOSE: 1.1 To establish and document a policy which defines Voyageur s commitment to the protection of an individual s personal health information in the course of providing
More informationCredit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information
Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information INTRODUCTION Privacy legislation establishes legal privacy rights for individuals and sets enforceable
More informationPROTECTION OF PERSONAL INFORMATION
PROTECTION OF PERSONAL INFORMATION Definitions Privacy Officer - The person within the Goderich Community Credit Union Limited (GCCU) who is responsible for ensuring compliance with privacy obligations,
More informationADMINISTRATIVE MANUAL Policy and Procedure
ADMINISTRATIVE MANUAL Policy and Procedure TITLE: Privacy NUMBER: CH 100-100 Date Issued: April 2010 Page 1 of 7 Applies To: Holders of CDHA Administrative Manual POLICY 1. In managing personal information,
More informationPACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation )
PRIVACY POLICY (Initially adopted by the Board of Directors on November 16, 2007) PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation ) The Corporation is committed to controlling the collection,
More informationPERSONAL INFORMATION PRIVACY POLICY FOR EMPLOYEES AND VOLUNTEERS [ABC SCHOOL]
[Insert Date of Policy] PERSONAL INFORMATION PRIVACY POLICY FOR EMPLOYEES AND VOLUNTEERS of [ABC SCHOOL] Address Independent schools in British Columbia are invited to adopt or adapt some or all of this
More informationTEACHERS ACT [SBC 2011] Chapter 19. Contents PART 1 - DEFINITIONS
[SBC 2011] Chapter 19 Contents 1 Definitions PART 1 - DEFINITIONS PART 2 COMMISSIONER AND DIRECTOR OF CERTIFICATION 2 Appointment of commissioner 3 Commissioner s power to delegate 4 Recommendations about
More informationData Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005
Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad Toronto, Ontario June 14, 2005 Outsourcing Update: New Contractual Options and Risks Lisa K. Abe June 14, 2005
More informationQuestions and answers for custodians about the Personal Health Information Privacy and Access Act (PHIPAA)
Questions and answers for custodians about the Personal Health Information Privacy and Access Act (PHIPAA) This document provides answers to some frequently asked questions about the The Personal Health
More informationCloud Computing Contracts. October 11, 2012
Cloud Computing Contracts October 11, 2012 Lorene Novakowski Karam Bayrakal Covering Cloud Computing Cloud Computing Defined Models Manage Cloud Computing Risk Mitigation Strategy Privacy Contracts Best
More informationCorporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
More informationCollege of DuPage Information Technology. Information Security Plan
College of DuPage Information Technology Information Security Plan April, 2015 TABLE OF CONTENTS Purpose... 3 Information Security Plan (ISP) Coordinator(s)... 4 Identify and assess risks to covered data
More informationAlixPartners, LLP. General Data Protection Statement
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
More informationConducting Surveys: A Guide to Privacy Protection. Revised January 2007 (updated to reflect A.R. 186/2008)
Conducting Surveys: A Guide to Privacy Protection Revised January 2007 (updated to reflect A.R. 186/2008) ISBN 978-0-7785-6101-9 Produced by: Access and Privacy Service Alberta 3rd Floor, 10155 102 Street
More informationINSTITUTE FOR SAFE MEDICATION PRACTICES CANADA
INSTITUTE FOR SAFE MEDICATION PRACTICES CANADA PRIVACY IMPACT ASSESSMENT (PIA) ON ANALYZE-ERR AND CURRENT DATA HANDLING OPERATIONS VERSION 3.0-2 JULY 11, 2005 PREPARED IN CONJUNCTION WITH: ISMP Canada
More informationGeneralTerms. andconditions
LSTariffs GeneralTerms andconditions General Terms and Conditions Introduction Welcome to LSS Tariffs, the guide to how the Legal Services Society compensates lawyers for their work on legal aid referrals.
More informationBritish Columbia Personal Information Protection Act. Frequently Asked Questions:
British Columbia Personal Information Protection Act Frequently Asked Questions: (Further queries may be sent to Bob Stewart at the B.C. Conference Archives.) (1) What is the Personal Information Protection
More informationCultural Human Resources Council (CHRC) Personal Information Protection and Electronic Documents Act (PIPEDA) Privacy Policy
Cultural Human Resources Council (CHRC) Personal Information Protection and Electronic Documents Act (PIPEDA) Privacy Policy September 2004 1.0 INTRODUCTION... 3 2.0 CHRC POLICY STATEMENT... 3 3.0 PRIVACY
More informationIndex All entries in the index reference page numbers.
Index All entries in the index reference page numbers. A Audit of organizations, 37-38, Access to personal information 162-163 by individual, 22, 31, 151-154 B assistance by organization, Biometrics, 123-125
More informationPRIVACY POLICY. Last updated February 2, 2009 INTRODUCTION
PRIVACY POLICY Last updated February 2, 2009 INTRODUCTION This Privacy Policy explains how personal information about you may be collected, used, or disclosed by the Canadian Education and Research Institute
More informationPRIVACY POLICY. Consent
PRIVACY POLICY car2go N.A. LLC and car2go Canada Ltd. (collectively, car2go ) recognize the importance of protecting your personal information. We take the protection of your personal information seriously
More informationPersonal Information Protection Act. Information Sheet 5: 1. Personal Employee Information
Personal Information Protection Act Information Sheet 5 Introduction The Personal Information Protection Act (PIPA) governs the collection, use, disclosure, retention and protection of personal information
More informationPrivacy Impact Assessment Of the. Office of Inspector General Information Technology Infrastructure Systems
Privacy Impact Assessment Of the Office of Inspector General Information Technology Infrastructure Systems Program or application name: Office of Inspector General Information Technology Infrastructure
More informationHow To Ensure Health Information Is Protected
pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health
More informationNORTHWESTEL CODE OF FAIR INFORMATION PRACTICES. Effective January 1, 2001
NORTHWESTEL CODE OF FAIR INFORMATION PRACTICES Effective January 1, 2001 The Northwestel Code of Fair Practices complies fully with the Personal Protection and Electronic Documents Act and incorporates
More informationCANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS. White Paper
CANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS White Paper Table of Contents Addressing compliance with privacy laws for cloud-based services through persistent encryption and key ownership... Section
More informationPIPEDA and Online Backup White Paper
PIPEDA and Online Backup White Paper The cloud computing era has seen a phenomenal growth of the data backup service industry. Backup service providers, by nature of their business, are compelled to collect
More informationQUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt
QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.
More informationCHARITY LAW BULLETIN NO. 302
CHARITY LAW BULLETIN NO. 302 FEBRUARY 27, 2013 EDITOR: TERRANCE S. CARTER GOING MOBILE: LEGAL CONSIDERATIONS FOR MOBILE APP DEVELOPMENT By Colin J. Thurston * A. INTRODUCTION Canadian charities and not-for-profit
More informationPRIVACY POLICY. Effective: January 1, 2014 Revised: March 19, 2015. Privacy Policy Page 1 of 7
PRIVACY POLICY Effective: January 1, 2014 Revised: March 19, 2015 Privacy Policy Page 1 of 7 WAJAX CORPORATION PRIVACY POLICY GENERAL POLICY Privacy Overview Wajax Corporation (Wajax) and its business
More informationThe Importance of collecting Personal Information
Ottawa Valley Veterinary Professional Corporation Personal Information Policy Introduction The Personal Information Protection and Electronics Documents Act ( PIPEDA ) is a federal legislation which came
More informationTaking care of what s important to you
National Home Warranty Group Inc. Privacy Policy Taking care of what s important to you Table of Contents Introduction Privacy in Canada Definition of Personal Information Privacy Policy: the ten principles
More informationInformation Governance Policy
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
More informationData Protection Policy.
Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data
More informationPrivacy 101: A Guide to Privacy Legislation for Fundraising Professionals and Not-For-Profit Organizations in Canada (Version I)
Privacy 101: A Guide to Privacy Legislation for Fundraising Professionals and Not-For-Profit Organizations in Canada (Version I) This guide was prepared by a cross-sector working group representing: Association
More informationPUBLIC INTEREST DISCLOSURE (WHISTLEBLOWER PROTECTION) ACT
Province of Alberta Statutes of Alberta, Current as of June 1, 2013 Office Consolidation Published by Alberta Queen s Printer Alberta Queen s Printer 7 th Floor, Park Plaza 10611-98 Avenue Edmonton, AB
More informationThe Winnipeg Foundation Privacy Policy
The Winnipeg Foundation Privacy Policy The http://www.wpgfdn.org (the Website ) is operated by The Winnipeg Foundation (the Foundation ). The Winnipeg Foundation Privacy Policy Foundation is committed
More informationE-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY
E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY Oana Dolea 7 th Annual Leg@l.IT Conference March 26th, 2013 Montreal, Canada INTRODUCTION Mobile e-commerce vs. E-commerce Mobile e-commerce:
More informationCOMPLYING WITH THE PERSONAL HEALTH INFORMATION ACT
COMPLYING WITH THE PERSONAL HEALTH INFORMATION ACT The Personal Health Information Act, S.N.S. 2010, c.41 (referred to as PHIA or the Act ) was passed by the Nova Scotia government on December 10, 2010.
More informationInsurance Journal. Defending Until the End When Does the Duty to. Volume 1, Issue 3 Editor Keoni Norgren. May 1, 2013
Insurance Journal May 1, 2013 In this Issue Volume 1, Issue 3 Editor Keoni Norgren Defending Until the End When Does the Duty to Defend End? Cyber Liability Laws in Canada Dolden Wallace Folick Welcomes
More informationWe will not collect, use or disclose your personal information without your consent, except where required or permitted by law.
HSBC Privacy Notice HSBC's Privacy Principles HSBC Bank Canada is a subsidiary of HSBC Holdings plc which, together with its subsidiaries and affiliates, is one of the world s largest banking and financial
More informationNational Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada
Introduction National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada This Privacy Policy describes the manner in which the National Association of Pharmacy
More informationPersonal Information Protection Act ( PIPA ) Privacy-Proofing Your Retail Business Tips for Protecting Customers Personal Information 1
Personal Information Protection Act ( PIPA ) Tips for Protecting Customers Personal Information 1 More than ever before, retailers have to be prepared to deal with customers who ask questions about the
More informationMCOLES Information and Tracking Network. Security Policy. Version 2.0
MCOLES Information and Tracking Network Security Policy Version 2.0 Adopted: September 11, 2003 Effective: September 11, 2003 Amended: September 12, 2007 1.0 POLICY STATEMENT The Michigan Commission on
More informationPOLICE RECORD CHECKS IN EMPLOYMENT AND VOLUNTEERING
POLICE RECORD CHECKS IN EMPLOYMENT AND VOLUNTEERING Know your rights A wide range of organizations are requiring employees and volunteers to provide police record checks. Privacy, human rights and employment
More informationBest Practices in Data Management - A Guide for Marketers -
Best Practices in Data Management - A Guide for Marketers - Prepared with support from the Office of the Privacy Commissioner of Canada s Contributions Program INTRODUCTION As consumers personal information
More informationReport of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:
Information and Privacy Commissioner of Ontario Report of the Information & Privacy Commissioner/Ontario Review of the Canadian Institute for Health Information: A Prescribed Entity under the Personal
More informationPrivacy Policy. 30 January 2015
Privacy Policy 30 January 2015 Table of Contents 1 Overview 3 Purpose 3 Scope 3 2 Collection 3 What information do we collect? 3 What if you do not give us the information we request? 4 3 Use of information
More informationVIDEO SURVEILLANCE GUIDELINES
VIDEO SURVEILLANCE GUIDELINES Introduction Surveillance of public spaces has increased rapidly over recent years. This growth is largely attributed to the significant advances in surveillance technology
More informationHuman Resources Policy documents. Data Protection Policy
Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and
More informationAusgrid Privacy Policy
Ausgrid Privacy Policy Ausgrid is responsible for the safe and reliable supply of electricity to homes and businesses throughout Sydney, the Hunter and the Central Coast. Its network is made up of more
More informationAssume that the following clause was included in the retainer agreement between SK Firm LLP and the Corporation (the Relieving Clause ):
ETHICAL SCENARIO #3 I. FACT PATTERN A Saskatchewan law firm ( SK Firm LLP ) acts on behalf of an out of province (e.g. national) corporation (the Corporation ). SK Firm LLP s role has been solely to file
More informationProtecting your privacy
Protecting your privacy Table of Contents Answering your questions about privacy Your privacy... 1 Your consent... 1 Answering your questions about privacy... 2 About cookies... 9 Behavioural Advertising/Online
More informationSASKATCHEWAN OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER INVESTIGATION REPORT F-2012 003. Saskatchewan Workers Compensation Board
Date: August 29, 2012 File No.: 2008/101 SASKATCHEWAN OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER INVESTIGATION REPORT F-2012 003 Saskatchewan Workers Compensation Board Summary: The Commissioner
More informationA Privacy Handbook for Lawyers PIPEDA AND YOUR PRACTICE
A Privacy Handbook for Lawyers PIPEDA AND YOUR PRACTICE Table of Contents Introduction...1 Privacy Issues in Managing a Law Practice...6 Privacy issues in Civil Litigation...16 Conclusion...26 Endnotes...28
More informationInformation Management and Protection Policy
Document Title: Information Management and Protection Policy Document Type: Policy No. Of Pages (11) Scope: Government of Newfoundland and Labrador and Public Bodies supported by the Office of the Chief
More informationPERSONAL HEALTH INFORMATION PROTECTION ACT, 2004: AN OVERVIEW FOR HEALTH INFORMATION CUSTODIANS
PERSONAL HEALTH INFORMATION PROTECTION ACT, 2004: AN OVERVIEW FOR HEALTH INFORMATION CUSTODIANS Note: This document provides a general overview of the Personal Health Information Protection Act, 2004,
More informationUniversity of Liverpool Online Programmes - Privacy Policy for Visitors and Students
University of Liverpool Online Programmes - Privacy Policy for Visitors and Students PLEASE NOTE: The following privacy terms relate to the University of Liverpool s online programmes and not The University
More informationData Protection Policy
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
More informationProtecting Personal Information. A Workbook for Non-Profit Organizations Discussion Draft, March 2010
Protecting Personal Information A Workbook for Non-Profit Organizations Discussion Draft, March 2010 The Office of the Information and Privacy Commissioner of Alberta and Access and Privacy, Service Alberta,
More informationOffice of the Information and Privacy Commissioner Province of British Columbia Order No. 16-1994 July 8, 1994
Office of the Information and Privacy Commissioner Province of British Columbia Order No. 16-1994 July 8, 1994 INQUIRY RE: A Request for Access to Records of the Insurance Corporation of British Columbia
More informationCarriers Insurance Brokers Pty. Limited
Our Privacy Policy At Carriers Insurance Brokers Pty. Limited, ABN 66 001 609 936, we are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian
More informationFederation of Law Societies of Canada. Ottawa, November 26, 2013
Submission to the Standing Senate Committee on Banking, Trade and Commerce in Respect of Bill C-4 (a second Act to implement certain provisions of the budget tabled in Parliament on March 21, 2013 and
More informationThe Manitowoc Company, Inc.
The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational
More informationTHE QUÉBEC PRIVATE SECURITY ACT
AUGUST 2010 THE QUÉBEC PRIVATE SECURITY ACT AND ITS APPLICATION TO ELECTRONIC SECURITY FIRMS Construction, Engineering, Surety and Fidelity Group CONSTRUCTION LAW BULLETIN www.blgcanada.com In 2004 the
More informationInformation Handling Policy
Information Handling Policy 10 December 2015 Information Handling Policy 1. Who We Are 1.1 In this Information Handling Policy, references to we, our, us and ClearView are to ClearView Wealth Limited and
More informationPrivacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates. Reference Manual
Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates Guidelines on Requirements and Good Practices For Protecting Personal Health Information Disclaimer
More informationWhat to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER
What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER INFORMATION AND PRIVACY COMMISSIONER/ONTARIO Table of Contents What is a privacy breach?...1
More informationGUIDANCE FOR EMPLOYED BARRISTERS. Part 1. General
GUIDANCE FOR EMPLOYED BARRISTERS Part 1. General 1.1 This guidance has been issued by the Professional Standards Committee, the Professional Conduct and Complaints Committee and the Employed Barristers
More informationFIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS
FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),
More informationOffice of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers
Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in
More informationDisclosure is the action of making new or secret information known.
/PURPOSE OF POLICY Pty Limited (Momentum) is required and committed to comply with the Australian Privacy Principles (APPs) in the Privacy Act 1998 (Cth) (Privacy Act). The APPs regulate the manner in
More informationInsurance Adjusters Council Code of Conduct
Insurance Adjusters Council Code of Conduct TABLE OF CONTENTS INTRODUCTION... 1 EXECUTIVE SUMMARY... 2 INTERPRETATION... 4 CODE OF CONDUCT PRINCIPLES... 6 1. INTEGRITY AND TRUSTWORTHINESS... 6 2. GOOD
More informationPersonal Information Protection and Electronic Documents Act
PIPEDA Self-Assessment Tool Personal Information Protection and Electronic Documents Act table of contents Why this tool is needed... 3 How to use this tool... 4 PART 1: Compliance Assessment Guide Principle
More informationDISASTER RECOVERY INSTITUTE CANADA WEBSITE PRIVACY POLICY (DRIC) UPDATED APRIL 2004
DISASTER RECOVERY INSTITUTE CANADA (DRIC) UPDATED APRIL 2004 This website privacy policy is intended to provide DRIC website visitors with information about how DRIC treats private and personal information
More informationSCOTIA DEALER ADVANTAGE RETAIL FINANCING PROGRAM DEALER AGREEMENT
SCOTIA DEALER ADVANTAGE RETAIL FINANCING PROGRAM DEALER AGREEMENT This Agreement executed on by Scotia Dealer Advantage Inc ( SDA ) and (the Dealer ). (Dealership Legal Name) WHEREAS the Dealer carries
More informationAC&E Insurance Services Pty Ltd Privacy Statement Effective: 1 August, 2010
AC&E Insurance Services Pty Ltd Privacy Statement Effective: 1 August, 2010 AC&E means AC&E Insurance Services Pty Ltd (ABN 69 137 720 757). AC&E has always valued the privacy of personal information.
More informationThe Workers' Compensation Act - A Review of Records
ORDER P-660 Appeal P-9400005 Workers' Compensation Board ORDER On March 28, 1994, the undersigned was appointed Inquiry Officer and received a delegation of the power and duty to conduct inquiries and
More informationPrivacy Law in Canada
Privacy Law in Canada Federal and provincial privacy legislation has a profound impact on the way virtually all organizations carry on business across the country. Canada s privacy laws, while likely the
More informationThe HR Skinny: Effectively managing international employee data flows
The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study
More informationChangeIt Privacy Policy - Canada
ChangeIt Privacy Policy - Canada 1. Policy on Privacy of Personal Information Formulating Change Inc. ( FCI, we, us or our ) is committed to protecting the privacy and security of your Personal Information
More informationDATA PROTECTION AND DATA STORAGE POLICY
DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether
More informationElements of Alberta's Cancer - Part 1
Province of Alberta CHARITABLE FUND-RAISING ACT Revised Statutes of Alberta 2000 Current as of November 5, 2014 Office Consolidation Published by Alberta Queen s Printer Alberta Queen s Printer 7 th Floor,
More informationAN INTRO TO. Privacy Laws. An introductory guide to Canadian Privacy Laws and how to be in compliance. Laura Brown
AN INTRO TO Privacy Laws An introductory guide to Canadian Privacy Laws and how to be in compliance Laura Brown Air Interactive Media Senior DMS Advisor A Publication of 1 TABLE OF CONTENTS Introduction
More informationData Compliance. And. Your Obligations
Information Booklet Data Compliance And Your Obligations What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection
More informationThe Mortgage Brokerages and Mortgage Administrators Act
MORTGAGE BROKERAGES AND 1 The Mortgage Brokerages and Mortgage Administrators Act being Chapter M-20.1* of The Statutes of Saskatchewan, 2007 (effective October 1, 2010), as amended by the Statutes of
More informationKingsway Financial Services Inc. Privacy Policy
Kingsway Financial Services Inc. Privacy Policy Table of Contents Notice... i 1. Introduction... 1 2. Responsibility... 1 3. Personal Information... 2 4. Why Kingsway Collects & Discloses Personal Information...
More informationAn Executive Overview of GAPP. Generally Accepted Privacy Principles
An Executive Overview of GAPP Generally Accepted Privacy Principles Current Environment One of today s key business imperatives is maintaining the privacy of your customers personal information. As business
More informationThe Ten privacy principles and our commitment to them are as follows:
Your Privacy is Our Concern Federated Insurance Company of Canada 1 is committed to protecting your personal information, whether you are a customer of Federated or not, and, no matter how we came to be
More informationPersonal Information Protection Act (PIPA) Privacy & Landlord - Tenant Matters Frequently Asked Questions
Personal Information Protection Act (PIPA) Privacy & Landlord - Tenant Matters Frequently Asked Questions Are landlords in Alberta bound by privacy law? Yes. The Personal Information Protection Act (PIPA)
More informationROHIT GROUP OF COMPANIES PRIVACY POLICY This privacy policy is subject to change without notice. It was last updated on July 23, 2014.
ROHIT GROUP OF COMPANIES PRIVACY POLICY This privacy policy is subject to change without notice. It was last updated on July 23, 2014. The Rohit Group of Companies ( Rohit Group, Company, our, we ) understands
More information