Using new privacy requirements to deepen client relationships

(January 2004) Lawyers e-mail private information every day. It is a fast, efficient way to work out the wording of agreements, add necessary details and express differing points of view. No lawyer wants to go back to the old days.

They may not have a choice. The Personal Information Protection and Electronic Documents Act (PIPEDA), which came into effect January 1, 2004, makes regular e-mail a risky proposition. E-mail is not secure enough for personal information — certainly not for sensitive personal information.

But lawyers are trained to argue. I recently spent five minutes with one explaining why an encrypted e-mail service is a feasible solution to the secure communication problem. I then spent 30 minutes hearing why encryption was not needed.

Real point is point-of-view

A lawyer can see the detailed reasons why a particular agreement can be sent in open e-mail. Who would care? What information could be lost and what would it matter if it were to be misplaced or intercepted? There is no value, so there is no likelihood of a breach. And so on.

He has a point. There likely is no problem, but that is not really the point at all.

This meeting was worthwhile because I came away with a new understanding of the PIPEDA problem. It isn’t about the law. It isn’t about the process — it is about how you think about it.

The lawyer may say that the information has no value and I might agree with him. But the same lawyer who would e-mail the agreement would not put a copy of it on the bulletin board in front of city hall. He would not dream of putting it in the recycling box. He unquestionably has instructed his assistants that everything they do at work is confidential.

Why? Because the client sees security differently. This is where the mindset comes in.

Adjusting mindset to meet expectations

Business people need to change their privacy attitude so that it matches what the client wants and expects. They can do that because it is the law or they can do it because it is good business. Either way, they must do it.

The lawyer has to “think private” to continue to get fees from the client relationship. If the client knows that the lawyer uses insecure processes for one aspect of his business, he might wonder about others. If they ever reach that point, there won’t be enough trust to do business. No more fees.

A unique challenge

More Private Practice

Prospecting and privacy: Is your secondary marketing up to code? Putting privacy into practice: A sample consent document PIPEDA primer: How new privacy act affects advisors An advisor’s PIPEDA checklist Using new privacy requirements to deepen client relationships

Back to Private Practice main page

Insurance and investment advisors have a more challenging problem.

First, the information advisors hold about clients is more far-reaching than information held by doctors or lawyers. I looked in my files and found everything from date of birth, social insurance numbers, credit card information, brokerage account identifiers and medical histories. A treasure trove for the identity-theft criminal — and identity theft is well up the scale of client concerns these days.

Not much of the information is crucial by itself, but as a whole, it certainly is. Financial advisors have the most general information on their clients, so they have the greater responsibility to look after it.

The benefit to advisors

Second, clients are already a little shy about trust. We need their trust to do our jobs. We have all experienced the situation where the client failed to tell us everything we needed to know. It is never pleasant.

Privacy awareness is a good trust builder. Use it.

PIPEDA may well be an unpleasant chore, but some aspects of it are so compelling from a business standpoint that you have no choice but to implement them. They are the visible ones.

Clients will expect to see notice and consent agreements. They will know if you send them open e-mail or fax things to untended machines. They will be able to assess physical security. If you miss on the obvious things, they will wonder.

Spend a little time thinking about how much you need clients to trust you. Think about how valuable privacy can be in building the relationship. Then decide whether PIPEDA compliance is worth the effort.

• • •

To download and print the complete Private practice: Helping you comply with the new privacy requirements for 2004 package, please click on the icon below:

• • •

For more information on how the new privacy legislation affects advisors, be sure to check out the mid-January issue of Advisor’s Edge. To read archived Advisor’s Edge stories or to subscribe, please click here.

• • •

Don Shaughnessy is an associate in the Peterborough, Ontario, office of The Protectors Group, a life insurance, investment and employee benefit advisory firm. He is a retired partner in an international public accounting firm and is president of Medisar Security Inc., a Canadian developer of high security communication software, including HideMail, an e-mail encryption service. Don can be reached at 705-927-4770 or by e-mail at don@hidemail.net.

• • •

This article is part of an Advisor.ca Special Report sponsored by:

(01/28/04)