Don’t panic over privacy legislation, says Advocis

(December 19, 2003) It won’t take a lot of extra effort for ethical advisors to comply with the federal government’s new privacy requirements, according to the country’s largest association of professional advisors. Advocis has released a paper on the legislation in an attempt to explain how it will affect advisors’ business.

“This appears to be complex legislation, but in reality it’s just about the ownership and control of personal information,” says Advocis president Steve Howard. “What we have done in this paper is set out the concepts contained in the act and provided our members with a roadmap for compliance.”

Beginning January 1, 2004, all businesses will be required to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), which governs the collection, use and disclosure of personal information.

PIPEDA sets out 10 principles organizations must follow when dealing with private information, such as accountability, consent, safeguards and disclosure.

“There seems to be a misunderstanding in the financial community and some are suggesting that this legislation will be wrenching for the advisor,” says the Advocis paper’s author, Rick Johnson, director of practice advisory services.

Johnson concedes that the legislation is a bit of a “moving target” because every client relationship is unique. But he says it’s mostly a matter of good business, using the analogy of house-sitting.

“It’s reasonable you would make appropriate decisions as to who you would let in the home and why. You’d also be expected to keep the owner apprised of any decisions you make along the way and get permission,” he says.

“Ethical advisors already do this with their clients’ money. Ethical advisors have been doing this with their clients’ personal information. Now they’re required to do it by law, which simply legislates that one cannot traffic in personal information without permission.”

Still, Johnson says advisors have a “heavy” responsibility to treat personal information with care. “It’s a trustee responsibility,” he says. “This means an individual’s personal information must be treated with the same safeguards as their money, investments or any other assets of value.”

On the thorny issue of consent, Johnson says that technically, advisors will be required to have consent from clients to use or disclose personal information, including information that has already been collected.

Related News Story

Playing it safe: Helping you comply with the new privacy requirements for 2004

But he says some common sense is in order, suggesting that although advisors should consider sending privacy statements, he believes it’s not necessary to rush out and get blanket permission from every client to use personal information.

“It would be prudent for advisors to approach the privacy issue as part of their next regularly scheduled client meeting and get permission in writing for the file,” he says.

On prospecting, Johnson suggests that advisors use the “best practices” process of personal introduction or referral. “This will eliminate any concern of being offside the legislation.”

There are a few practical considerations related to PIPEDA. Johnson suggests appointing a senior person within the business organization who would accept responsibility for privacy standards.

He also suggests protecting information using “reasonable” security precautions, such as locked filing cabinets with a control on the key.

“Electronic security should have firewalls or routers for any computer connected to the Internet,” Johnson adds. “Encrypting all fax and e-mail may be a little overkill, but it certainly wouldn’t hurt.”

• • •

To read the Advocis paper on privacy standards, please click here.

• • •

Advisor.ca has assembled a special package on the privacy legislation, including a checklist to gauge your readiness for PIPEDA. Please click here to read “Playing it safe: Helping you comply with the new privacy requirements for 2004.”

• • •

Filed by Doug Watt, Advisor.ca, doug.watt@advisor.rogers.com

(12/19/03)

Doug Watt