A Toronto Law Firm
McCAGUE BORLACK LLP
Located in the heart of the business community, our firm is dedicated to litigation and advocacy. With a strong focus on insurance defense and insurance coverage litigation, we also represent corporate, commercial and finance companies.
Canada ’s Personal Information Protection and Electronic Documents Act (PIPEDA) now extends to most businesses in Canada. PIPEDA changes the way businesses and other organizations are permitted to collect, use, and disclose personal information in the course of commercial activities.
What Is PIPEDA?
PIPEDA is a federal law that prohibits most businesses (wherever located) from collecting, using, or disclosing personal information about an individual in Canada in the course of commercial activities, unless the individual’s informed consent is first obtained. PIPEDA also creates mandatory operational standards for the handling of personal information.
What Is “Personal Information”?
“Personal information” is broadly defined. Essentially, it is any personal information about an identifiable individual, including a person’s address, birth date, identification numbers, income, ethnicity, blood type, passwords, interests, hobbies, habits, sexual orientation, medical records and history, loan and credit records, etc.
“Personal information” does not include the name, title, business address, or telephone number of a person. This “business card information” exception exists to permit day-to-day commercial activity. For example, an employer may post the business card information about an employee on its website (e.g. as a representative that the public, customers, or suppliers can contact). Such information is public information.
Personal information in a professional or business directory is publicly available only if it is used for the purpose for which it appears. Therefore, a business could use the personal information in a professional directory to hire a professional, but could not market vacations to them without their prior consent.
What Is The Scope of PIPEDA?
PIPEDA does not apply to governments or to personal information collected, used, or disclosed for personal, domestic, journalistic, artistic, or literary purposes. For example, a parent may obtain a reference from a third party about a prospective nanny without the nanny’s consent. Likewise, a journalist may collect, use, and disclose personal information about a subject without the subject’s consent. Furthermore, PIPEDA does not apply to the personal information of employees of provincially regulated businesses (but does apply to the personal information of employees of federally regulated businesses). It also does not apply to charitable or not-for-profit organizations (such as schools or hospitals), except when they collect, use, or disclose personal information for commercial activities (e.g. selling donor lists).
McCague Borlack LLP’s Privacy Principles
In the course of its commercial activities and, in particular, providing services to its clients, McCague Borlack LLP (MB)collects personal information about its clients, its employees, and others. This information may be used for contact purposes, for general human resources purposes, and, more broadly, to communicate with our clients and others respecting legal affairs and the services that we provide.
When MB is retained to act on behalf of a client, we use, retain, and disclose personal information on behalf of, and as instructed by, that client in connection with our advice. Our use, retention, and disclosure of such information is governed by our duty of confidentiality to our client, and, as applicable, by solicitor-client privilege.
MB recognizes the importance of protecting the personal information that has been entrusted to us. This policy outlines the framework of MB’s policies and procedures regarding its collection, use, retention, and disclosure of personal information in respect of its clients and others. This policy supplements, where applicable, our professional obligations of confidentiality and solicitor-client privilege.
Why Does McCague Borlack Collect Personal Information?
MB collects personal information in order that we may provide legal services and products to our clients. In addition, we produce newsletters and papers, and hold seminars, concerning legal developments, which we provide as a service to our clients and others in the business community.
How Do We Collect Your Personal Information?
MB only collects personal information by lawful and fair means, and only that information which is reasonably necessary for the purposes identified. Whenever possible, we collect personal information about clients and other individuals directly from those parties or through referrals by persons who such parties have requested to provide us with such information.
Occasionally, MB may obtain information about you from other sources. These sources typically include, but are not limited to, government agencies or registries, accountants or other professional advisors, financial institutions, insurance companies, credit bureaus, insurance adjusters, private investigators, and other third parties that represent that they have the right to disclose such personal information.
How Do We Use Your Information?
MB may use your personal information for purposes such as, but not limited to, providing legal services, billing, record-keeping, and other client contact and service matters, accessing new clients' eligibility for credit, audit and record-keeping purposes, account collection purposes, managing and developing business and operations, learning about the needs of current and potential clients, developing or offering services and products tailored to our clients’ needs, communicating with clients regarding current and future products and services, and responding to client comments and suggestions.
When Do We Disclose Your Personal Information?
MB will only disclose personal information for purposes related to its provision of services, or with express consent, or if required or authorized by law. For example, we may disclose information when the legal services we are providing require us to give information to third parties (e.g. reciprocal disclosure during litigation), where it is necessary to establish or collect fees, if we engage expert witnesses, if we retain other law firms in other jurisdictions, and if a court issues a subpoena or requires us to do so under order.
MB may obtain consent to our collection, use, and disclosure of information either expressly for stated purposes (such as in a retainer), or impliedly when the purposes are not stated expressly but are indicated by the relevant circumstances or follow logically from other expressly stated purposes (e.g. providing our regular publications and updates in areas of law in which we have provided advice previously). Individuals may withdraw or amend any consent previously given by contacting our Privacy Officer, subject to any legal or contractual restrictions and upon reasonable notice to us. For example, if an individual informs us that he/she no longer wishes to receive our publications or information about our services, we will conform to this request.
Consent to our collection of certain personal information may be required in order for us to provide legal services. However, we will not require, as a condition of providing our services, that personal information not related to providing such service be collected.
Updating Your Information
Since MB uses personal information to provide legal services, it is important that the information be accurate and up-to-date. If any information changes, we may require the individual to inform us so that we can make any necessary changes.
MB uses appropriate security measures to protect against loss, theft, unauthorized access, disclosure, use, or modification of personal information. Such measures will vary depending on the sensitivity, amount, format, nature, and storage of the personal information, and will involve, as applicable, physical, organizational, and electronic security measures, including premises security, restricted file access to personal information, technological safeguards including security software and firewalls to prevent unauthorized computer access, and password and security policies. In communicating with us, individuals should be aware that e-mail is not a fully secure medium.
MB requires that third party service providers to whom personal information may be transferred provide a level of security for such personal information that meets standards established by MB.
Access To Your Personal Information
MB will respond promptly to any request for access to personal information. There will be no cost for reasonable requests for access, unless the request is for copies of records or involves significant retrieval costs. MB will advise of the cost, if any, prior to the retrieval of such records or information. MB will not respond to requests for access to personal information that are frivolous, vexatious, or repetitious.
In certain circumstances, MB may be unable to provide access to some or all of the personal information that we hold. Such circumstances include, but are not limited to, those in which the personal information cannot be separated from the records of others, cannot be disclosed for reasons of personal security or commercial confidentiality (including in relation to MB), or is protected by professional standards relating to confidentiality or solicitor-client privilege.
If MB holds information about an individual and the individual advises us that it is not accurate, complete, or up-to-date, we will take appropriate steps to correct it.
Questions And Requests For Access
Any questions or concerns with respect to access to personal information, requests to change preferences regarding our use of information, or any other privacy matter should be directed to:
Gary Caplan, Partner
McCague Borlack LLP
Suite 2700 , P.O. Box 136
The Exchange Tower
130 King Street West,
Toronto, Ontario M5X 1C7
Last Revised - May 2010