Shelemey Financial is subject to the Personal Information Protection and Electronic Documents Act (PIPEDA). This federal act, governed by the Privacy Commissioner of Canada (PCC) requires certain minimum standards for protecting personal information that we collect, use, disclose and hold in the course of carrying on business. The act is based upon 10 principles. This is a highly summarized version of the principles and some basic guidelines that we will follow.
PRINCIPLE 1 – ACCOUNTABILITY
We are responsible for the proper management of all personal information under our control, and shall designate one or more persons to be accountable for compliance.
Must have a designated person who has responsibility for compliance, training, awareness, control and decisions on releasing information to clients, changing procedures, interfacing with authorities, third parties and so forth. The person responsible will be Troy Shelemey.
PRINCIPLE 2 – IDENTIFYING THE PURPOSES OF PERSONAL INFORMATION
We shall identify the purposes of collecting information before or at the time the information is collected.
We must disclose why we need information, what we will do with it and what information we need.
PRINCIPLE 3 – OBTAINING CONSENT
The knowledge and consent of the client are required for the collection, use or disclosure of personal information except where inappropriate.
PRINCIPLE 4 – LIMITING COLLECTION OF PERSONAL INFORMATION
We shall limit the collection of personal information to that which is necessary for the purposes identified.
PRINCIPLE 5 – LIMITING USE, DISCLOSURE AND RETENTION OF PERSONAL INFORMATION We shall use or disclose personal information only for the reason it was collected, except with the consent of the client or as required by law.
As with personal tax information, the MFDA and IDA require client records to be maintained for seven years. It is necessary that we return a client’s personal information at their request.
PRINCIPLE 6 – ACCURACY OF PERSONAL INFORMATION
We shall keep personal information as accurate, complete, current and relevant as necessary for its identified purpose.
We must update what we need and we may not update what we do not need. We will need to make some decisions and design a process to deal with this.
PRINCIPLE 7 – PROTECTING INFORMATION
We shall protect personal information with safeguards appropriate to the sensitivity of the information.
PRINCIPLE 8 – OPENNESS CONCERNING POLICIES AND PRACTICES
We shall make readily available to clients specific information about our policies and practices relating to the management of personal information.
We have a corporate brochure that describes this in great detail.
PRINCIPLE 9 – CONSUMER ACCESS TO PERSONAL INFORMATION
Upon request, we shall inform a client of the existence, use and disclosure of his or her personal information and shall give the individual access to that information.
PRINCIPLE 10 – CHALLENGING COMPLIANCE
A client shall be able to address a challenge concerning compliance with the above principles to the designated accountable person or persons.