1. Privacy and Our Business
Clients provide me/us with personal information that is essential to my/our business and protecting this information is important to maintaining their trust and confidence. The federal privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), governs the collection, use and disclosure of personal information. Personal information is defined as any information about an identifiable person (including health and financial information), with the exception of the person’s name, business address and business phone number where the person is an employee of an organization.
I am/We are responsible for taking appropriate steps to safeguard the personal and confidential information in my/our possession. In some situations, this will mean I/We must adopt new business practices to safeguard personal information.
I/We abide by Kesler & Associates privacy guidelines, which are based on principles recognized in PIPEDA.
2. Concerns and general requests
Any concerns or general requests related to privacy and my/our practice will be addressed with the client as soon as possible and no later than 48 hours from the request or if I’m/We are away no later than 48 hours after my/our return.
Any concerns or general requests related to privacy and my/our practice are to be made in writing and sent to:
Kesler & Associates Inc.
204, 1921 Mayor Magrath Drive So.
Client requests for personal information
Under PIPEDA, clients have the right to request information about them held in files maintained by either me or Kesler and Associates.
Any client requests for access to personal information held in client files will be addressed within 48 hours. The client has the option of receiving a copy mailed to their home address or access in person through a scheduled meeting in my office.
Misuse of personal information:
All reports of misuse of personal information must be reported to the compliance officer and the compliance officer will report as required.
Any misuse of personal information relating to Kesler & Associates services should be reported immediately to the chief compliance officer at:
Kesler & Associates Inc.
204, 1921 Mayor Magrath Drive So.
3. Collection of personal information:
I/We only collect personal information that is necessary for the purposes identified.
I/We take reasonable efforts to ensure client and prospect information held in client files is accurate and is updated or corrected as needed.
I/We take appropriate measures to ensure that information I’ve/we’ve collected is used for the purposes identified and that it is not used for another purpose or disclosed to a third party without the client’s or prospect’s consent, except as may otherwise be allowed by law. Procedures to determine appropriateness of a third-party service provider to store, process or manipulate client personal information and safeguards used by that third party are outlined in Appendix C.
4. Use, disclosure and retention:
Personal information that is no longer required to fulfill the purpose(s) identified when it was collected is destroyed or erased. If I/we believe I/we have a need to keep any additional information I/we have the client sign the appropriate area of the authorization form allowing me/us to retain this material.
I/we am solely responsible for the safe keeping of this material, for maintaining its confidentiality and for its return to the client.
When paper materials containing any client or prospect personal information are to be destroyed, this should be done by shredding, not recycling.
Appropriate safeguards must be taken in the storage and disposal of client information. When information is no longer required I/we dispose of client information by shredding paper and ensuring all information has been deleted from end user devices including personal computer (desktop or laptop), consumer device (e.g., personal digital assistant (PDA), smart phone), or removable storage media (e.g., USB flash drive, memory card, external hard drive, writeable CD or DVD) that can store information. Storage devices must destroyed when being disposed of to ensure the information is not retrievable.
I/We take appropriate precautions to safeguard client information from third parties who may have access to the premises, i.e., security, cleaning services and suppliers.
See Appendix D – Safeguards for additional information for safeguarding personal information.
When collecting information from clients and prospects, I/we must be prepared to explain the purposes behind why I am/we are collecting this information. While client consent to our collection and use of personal information does not necessarily need to be stated directly or in writing, I/we provide information to a client or prospect about my/our own privacy practices – see Appendix E My Commitment to Protecting Your Privacy. This information can be given verbally to clients or provided on paper at an initial meeting. In keeping with good client file practices, I/we document in the client’s file that this information was reviewed with the client or prospect.
I/we only disclose personal information about clients to another person or company if I/we have the verbal or written consent of the client, or if I am/we are otherwise allowed or required to do so by law. I/We can recommend other professionals or advisors to clients if they ask me or if I/we believe they may benefit from such services. I/We never provide any client names or other information to third parties who may use it to market their services unless I/we have the client’s consent.
Steps to obtaining client consent
I/We obtain consent from all clients for new access to their information. This includes sales of business to another advisor or providing access to a new administrative support person The consent requirement can be handled a number of ways – by telephone, fax, email, letter, newsletter or a personal visit. I/We send a letter.
The letter should name the new advisor and contain a contact name and number for the current advisor, in case the client, on receiving the letter, objects to the transfer of his or her information or to its access by another advisor.
If a client objects to this transfer or new access, depending on the situation, the client has the right to:
Request that his/her information not be disclosed to the new advisor
Request a new advisor
Receive the names of other advisors to contact or be provided with the name and number of the regional director, or vice-president where they can request another advisor
The new advisor should not use or access information in the client file until consent is obtained. I/We recommend allowing 10 to 20 business days for the client to voice an objection, after which time it can be assumed consent has been obtained.
The new advisor is responsible for handling the file/information appropriately going forward.
Temporary access to a client’s information – a short-term or temporary absence from my practice
If I am/we are not able to provide service to clients for an extended period of time and I/we seek help from another advisor or new administrative support person, I/we obtain consent(s) from client(s) to allow servicing of the business by another advisor or new administrative person (and therefore access by a new person to their records). The process to obtain these consents is the same as that described above under Steps to obtaining client consents.
The selling advisor should protect client information during the valuation process or when seeking a buyer for the book of business. While there may be other suitable methods to accomplish this, I/we:
Block out identifying client information on documents shared with third parties, or contact our legal counsel to draft a suitable confidentiality agreement that should be signed by third parties involved in the process of valuing the book for potential sale.
As outlined above, in Steps to obtaining client consent, the selling advisor should obtain client consent to the transfer of his/her information prior to the completion of the sale.
Agent of Record (AOR) changes
Since clients initiate AOR transfers, I/we can assume that I/we have implied consent to transfer access to their information and their files (or a copy of their files), if applicable to the new advisor. Therefore, there’s no need to have official consent included along with instructions from the client.