Beware! Loose lips can violate privacy act

(May 12, 2004) Advisors must take a serious, systematic approach to guarding clients’ privacy or they run the risk of violating Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), according to the regional compliance officer at one investment firm.

“All this law really is is a balance of common sense,” says Jennifer Givlin, IQON Financial’s provincial compliance officer for Ontario and Atlantic Canada. “The problem is, when you try to align common sense with human nature, you end up with some funny situations.”

Givlin was speaking at IFIC’s third annual Compliance Forum on the everyday risks advisors take and how they can avoid transgressions.

“From the minute your advisor walks into the office, from the time they turn on the computer till they shut the door at the end of the day, can you honestly say they met all the privacy requirements?” she challenged the audience of compliance officers.

Many advisors think they fully understand PIPEDA, but violate the law by using client information to cross-market products other than what the client came to them for in the first place.

This is not done out of malice, of course, and the average advisor considers this to be an integral part of providing service. If a client files information indicating the need for a product, it’s only human nature to want to offer that service.

But if the client has not given explicit consent for the advisor to use the information, this proactive marketing runs afoul of the law.

The good news is that there is an easy way around this. When presenting a new client with the privacy agreement, the advisor should include a provision stating that, from time to time, they may suggest other products which would compliment the client’s overall financial plan.

The advisor’s responsibility for client privacy does not end at the office door. If he is sending a fax to a client, how confident can he be that the client is the only person with access to it? The advisor should call the client first and make sure he is aware the fax is coming, so he can collect it themselves when it comes through.

As Givlin points out, standard e-mail is about as secure as a postcard, so she recommends implementing a secure e-mail system to protect against hackers.

R elated Stories

PIPEDA primer: How new privacy act affects advisors SROs issue warning on privacy legislation Putting privacy into practice: A sample consent document Eye on privacy (from the Mid-January edition of Advisor’s Edge)

But shortcuts taken in the office for the sake of convenience can mean an advisor is breaking the new privacy rules. Givlin says it’s great to put files away in a locking cabinet when they aren’t needed, but they aren’t really secure if the key is left in the lock. Leaving open mail lying on the desk can be another common breach of security.

To be on the safe side, advisors should make sure the office door is closed when discussing a client’s information. Technically, an open door with other clients sitting in reception can lead to a PIPEDA breach.

By demonstrating the processes in place to maintain privacy, the advisor adds value in the eyes of the client — simply by complying with the law.

Givlin also warns that the advisor might accidentally give away too much information, not only about a client, but to a client.

Because the law provides the client with access to the information gathered, it is important to keep your files not only accurate, but clean. Givlin warns that it is easy to include comments reflecting the advisor’s personal opinion on a difficult client. Are your personal opinions really something you want to share with your clients?

“If the client wanted access to all their information, which they are entitled to have, they might be surprised to find they were not as well received by the customer service advisor as they initially thought,” she warns.

Filed by Steven Lamb, Advisor.ca, steven.lamb@advisor.rogers.com

(05/12/04)