Advisors asked to participate in privacy law review

(June 2005) Most advisors now are aware, at least, that privacy and the way they collect and protect personal client information is covered by legislation like the Personal Information Protection and Electronic Documents Act (PIPEDA). Those who understand the rules however say there are still quite a few inconsistencies and “holes you could drive a truck through” that need to be addressed when the legislation is reviewed in the coming year.

“So far, Industry Canada seems to think only a few minor changes are needed,” says Brian Keith, a lawyer with Borden Ladner Gervais LLP and member of the executive of the privacy law section of the Ontario Bar Association. “I think, frankly, that they are living in a dream world.”

In his presentation to insurance advisors gathered at the Independent Financial Brokers (IFB) of Canada spring summit in Toronto, Keith discussed different several decision case studies, described the process companies face when the commission receives a customer or client complaint and encouraged business owners to take an interest and give feedback to the government about how the legislation affects they way they do business.

He says the Canadian Bar Association and other “pointy-headed lawyers” types will make long and boring submissions to comment on the legislation, but it is important that business people also speak up about how it affects the way they operate.

He says several parts of the legislation need to be clarified and many other business concerns that aren’t addressed at all by the legislation need to be added. Transfer of business, for example, is not covered by the legislation. An advisor selling their book of business technically can’t show the client list to the would-be buyer without getting consent from each client.

Also business addresses, any information that would appear on a business card or any information that could be accessed by the public were long considered to be fair game and exempt from privacy standards.

A recent decision however found that a business e-mail address, even if it was publicly available on an association website for example, was still personal information and not fair game for the Cadillac salesman or an advisor trying to target a certain group of clients. In this case, the privacy commissioner found that a university sports team violated PIPEDA when it sent e-mail to a list of professors trying to sell tickets to an event. Keith says the “agency concept” also needs to be clarified and addressed in the legislation for companies that may outsource work to a third party.

The federal government will begin looking at PIPEDA again in 2006. The act includes a five-year review mandate that requires a House of Commons committee review the legislation’s structure, rules and their application and the way investigations are conducted. The committee has up to one year to deliver their report.

Filed by Kate McCaffery, Advisor.ca, kate.mccaffery@advisor.rogers.com