MacKay
Landau Chartered
Accountants
|
||
|
|
PRIVACY AND PERSONAL INFORMATION POLICY INTRODUCTION
Effective
January 1, 2004, new rules came into force concerning privacy of personal
information and the information handling practices of organizations. MacKay Landau is strongly committed to a
“best practices” approach to information privacy, for the benefit of our
clients, employees and others who interact with our organization.
In
this privacy policy, “we”, “our” and “us” refers to MacKay Landau and our
related partnerships and corporations controlled collectively by the partners
of MacKay Landau.
WHY
WE COLLECT, USE AND DISCLOSE PERSONAL INFORMATION
We
collect personal information about our individual clients for the purposes of
providing accounting advice and accounting services to them. Examples of
common retainers include estate planning, tax planning and the preparation
and filing of personal tax returns.
As
part of our client services these purposes include evaluating, monitoring and
assessing the tax and accounting requirements of our clients, recommending
changes to asset structures, recommending changes to liability provisions and
risk management, recommending retainer of other consultants such as brokers,
legal counsel and insurance agents, strategy consultations for items such as
tax disputes and inter-jurisdictional arrangements.
We
also collect information about individual shareholders, employees and
directors of organizations in the course of providing services to our
clients, which are organizations. This
information is collected as necessary to properly evaluate and plan the
structure and activities of these organizations as mandated by our retainer
with them. This information is not
utilized to review or analyze the personal financial affairs of any of these
individuals, unless that is the subject of a separate retainer.
If
an individual client also is involved in organizations for which we are
separately retained to provide services, we will use their personal
information for the purpose of coordinating the collective financial affairs
of the individual and these organizations, as well as crosschecking and
verifying the accuracy and consistency of information relevant to both
retainers.
If
instructed by you, we will add individual client names and contact details to
our client database, in order to allow us to send them newsletters,
brochures, tax updates, details of forthcoming seminars and other materials
relating to our general services. We
understand that not all of our clients may wish to receive this type of
material. If a client prefers that we
do not send this type of material they can let us know by writing their
engagement partner, and their contact details will then not be utilized in
this fashion.
WHAT
KINDS OF PERSONAL INFORMATION WE COLLECT
We
collect a wide variety of personal information in connection with our
services. This information primarily
relates to the financial, tax and business affairs of our clients.
In
connection with our estate planning and consulting work we collect and
analyze information on matters such as personal assets, family relationships,
retirement savings, lifestyle intentions, the financial affairs of family
members and intended beneficiaries, intended charitable giving, insurance
coverage, health status and the tax status of those persons and organizations
who may be impacted by the plan.
HOW
WE COLLECT PERSONAL INFORMATION
Most
of the personal information collected by us is provided directly by the
individual.
In
some cases, information is provided to us by an organization with which the
individual is associated as a director, officer or shareholder. In such circumstances, we are relying on
that organization to have obtained any necessary or appropriate consents.
In
some instances, for example in estate planning, a client may provide us
information about other individuals (e.g. spouses). Again, we are relying on our client to have
obtained any necessary or appropriate consents.
Occasionally,
we are provided information, with consent of our client, directly from other
advisers or representatives of our client.
Examples include legal counsel, brokers, bankers, insurance agents and
predecessor accountants. In these
circumstances, we infer that it is appropriate for us, in our best
discretion, to disclose client information to these other advisers in the
course of working directly with them on client projects, unless specific
restrictions are imposed in the engagement letter.
Information
is collected from government and regulatory bodies on instruction of and with
the consent of the client.
Information
is also collected from publicly available sources and as permitted by
applicable law.
CONFIDENTIALITY
As
accountants, we are concerned with the confidentiality of the personal
information entrusted to us in our engagements. Our firm adheres to the highest standards
of confidentiality and abides by the accounting institute standards and
ethics, which apply in Nunavut.
Our
employees receive training and instruction in client confidentiality. All staff are
required to sign a specific pledge of secrecy and independence, a copy of
which will be made available on request.
DISCLOSURE
As
a general rule, we only disclose personal information of our clients as
instructed by them. However, there are
a number of exceptions. Circumstances
of disclosure without consent include:
·
As
permitted or required by applicable law (e.g. compulsion by court order;
investigation of suspected fraud).
·
To defend our firm in
proceedings arising from statements or opinions issued by us in the cause of
our professional services (e.g. negligence claim on an audit letter).
·
To
service providers in circumstances where we remain in control of the
information (e.g. IT outsourcing).
·
To professional regulatory
bodies, as required by legislation, rules, policies or codes governing our
profession.
PERSONAL
EMPLOYEE INFORMATION
Where
an individual is an employee or a candidate for employment, we consider that
we have implicit consent to collect, use and disclose employee personal
information in circumstances set out below.
We
will only collect, use and disclose personal employee information without
express consent when it is reasonable for the particular purpose of the
establishment, administration, management and termination of the employment
relationship. Administration of the
employment relationship will include interaction with benefit providers and
others in the provision of our employee benefits and pension plans.
We
will disclose personal employee information without the individual’s consent
to another organization in responding to a request for a reference only when
you have provided specific consent for this to occur.
Personal
information of employees can also be collected, used and disclosed without
the individual’s consent where required or permitted by applicable law.
In
other circumstances, the consent of the employee will be required for any use
or disclosure of their personal information.
GIVING
ACCESS TO AND CORRECTING PERSONAL INFORMATION
Upon
written request, we will give an individual or his or her authorized
representative (an “applicant”) access to his or her personal information
that is in our custody or under our control.
We will also let the applicant know what the information is being used
for and how and under what situations the information is being or has been
disclosed by us.
If
we do not have an actual record of the persons or organizations that the
applicant’s personal information has been disclosed to, we will tell them who
or what organizations their information may have been disclosed to.
We
may require an applicant to give us evidence of his or her identity so we can
ensure that the applicant has the right to access the individual’s personal
information but we will only use such information for the purpose of
identification and authentication.
We
will act reasonably in searching for an applicant’s personal information.
We
may charge an appropriate fee, when permitted, for processing the
request. Information on applicable
fees will be provided to an applicant.
Clients
and employees may seek access to their personal information by contacting the
Partner in charge at the relevant local office of the firm.
We
may refuse access to all or part of an applicant’s personal information in
the following situations:
·
The information is
protected by any legal privilege;
·
The disclosure of the
information would reveal confidential business information and it is not
unreasonable to withhold the information;
·
The information was
collected for an investigation or legal proceeding;
·
The disclosure of the information
might result in that type of information no longer being supplied and it is
reasonable that the type of information be supplied; or
·
The information was
collected by a mediator or arbitrator.
If
we are reasonably able to sever the information contained in the above
exceptions from a requested record, we will give access to the remainder of
the information in the record.
We
are required by law to refuse access to all or part of an applicant’s
personal information in the following situations:
·
The disclosure of the
information could reasonably be expected to threaten the life or security of
another individual;
·
The information would
reveal personal information about another individual; or
·
The information would
identify the individual who gave an opinion about another individual and the
individual giving the opinion does not consent to the disclosure of his or
her identity.
If
we are reasonably able to sever the information contained in the above
exceptions from a requested record, we will give access to the remainder of
the information in the record.
We
will inform the applicant if he or she will be given access to all or part of
his or her personal information. If
access is to be given, we will inform the applicant of when access will be
given. If access to all or part of the
applicant’s personal information is refused, we will inform the applicant of
the reasons for refusal and the specific exception(s) to the right of access
on which the refusal is based. We will
also inform the applicant of the name of the person in our organization who
can answer questions regarding the refusal, and of the applicant’s right to
ask a Privacy Commissioner having jurisdiction for a review of our decision
to refuse access.
If
an individual believes that his or her personal information in our custody or
under our control has a mistake in it or is missing some information, he or
she may request that we correct the information.
If
we decide that the information should be corrected, we will do so as soon as
reasonably possible. As appropriate,
we will also send the corrected information to every organization that our
records show has received the wrong information.
If
we decide not to correct the information, we will make a note on the
individual’s personal information indicating that a correction was requested.
We
will not correct or change an opinion, including a professional or expert
opinion. We will make a note on the
individual’s personal information indicating that a correction or change was
requested.
ACCURACY
We
will ensure personal information used or disclosed by us will be sufficiently
accurate, complete and up-to-date to minimize the possibility that
inappropriate information may be used to make a decision about an individual.
We
will update personal information about clients and employees as and when
necessary to fulfill the identified purposes or upon notification by the
individual.
PROTECTION
We
will use reasonable security safeguards to protect personal information against
such risks as loss or theft, unauthorized access, disclosure, copying, use,
modification or destruction. We will
protect personal information regardless of the format in which it is kept and
used.
We
will protect personal information using physical, administrative and
technical safeguards that are appropriate to the sensitivity of the
information.
RETENTION
We
will keep personal information only as long as it remains necessary or
relevant for the identified purposes, as required for normal business
purposes, as required by law, or as otherwise stated in retainer letters with
our client.
Our
current policy is to permit or consider our closed files to be destroyed any
time after 6 years have passed since the file was closed, unless the nature
of the file or the engagement circumstances would require otherwise, in our
reasonable discretion.
We
will maintain reasonable and systematic controls, schedules and practices for
information and records retention and destruction that apply to personal
information that is no longer necessary or relevant for the identified
purposes or required by law to be retained.
We will destroy, erase or make such information anonymous.
PROCEDURE
FOR HANDLING COMPLAINTS
An
individual who believes that our organization has not complied with this
Policy has the right to make a written complaint about the matter to our
organization. We will use our internal
complaint handling procedure to investigate and attempt to resolve the
matter. Our internal complaint
handling procedure is as follows:
§
A
complaint in writing is made to the Chief Privacy Officer; §
The
Chief Privacy Officer conducts an internal review, consulting with the
engagement partner and other representative as appropriate; and §
The
Chief Privacy Officer will provide a written response to the individual
usually within 45 days. An
individual always has the right to make a complaint to a Privacy Commissioner
having appropriate jurisdiction or to ask the Commissioner to review a
decision we have made. However,
individuals are encouraged to use our internal complaint handling procedure
first.
We
will make our complaint handling procedure readily accessible to
individuals. We will provide brochures
or include information on our website about how to lodge a complaint, the
time within which a complaint will normally be handled, and the fact that
complaints will be handled by an officer of our organization with appropriate
authority to deal with the complaints.
We
will provide the complainant with a copy of this Policy, together with any
relevant explanatory materials, upon request.
We
may decide not to investigate a complaint if:
·
The complaint relates to an
act or practice that is not a possible breach of the privacy requirements;
·
The complaint relates to an
act or practice that is no longer reasonably able to be investigated because
of the length of time since it occurred;
·
The act or practice relates
to an event which occurred prior to the organization being subject to this
Policy;
·
The complaint is trivial, frivolous
or vexatious; or
·
The complaint relates to an
act or practice that is the subject of court proceedings that have commenced
or are intended to be commenced.
With
the exception of complaints that we have decided not to investigate we will
investigate and respond to all complaints within a reasonable period of time
(usually, within 45 days). If the
complaint is found to be justified, we will take appropriate steps to resolve
the complaint including, if necessary, amending our policies and procedures (or
this Policy).
A
complainant will be expected to provide sufficient details of how the
complaint arose, including the identification of the parties involved, if
known, copies of any relevant documentation and reasons why the complainant
believes his or her privacy may have been breached.
A
complainant may be represented by a legal practitioner or other advocate.
We
will inform the complainant of the outcome of our investigation regarding his
or her complaint.
MONITORING/REVIEWING
THE OPERATION OF THE CODE
We
will monitor compliance with this Policy.
Our
Chief Privacy Officer will review this Policy annually to ensure that the
Policy is still serving its stated purposes; that it is being complied with;
that the internal complaint handling procedure is still effective; and to
determine if there are any amendments that should be made to improve the
operation of the Policy.
Our
Chief Privacy Officer can be contacted as follows:
Shawn Lester, BBA (Hons), CA, CAFM MacKay Landau 917 Nunavut Drive PO Box 20 Iqaluit, NU, X0A 0H0 ONLINE
PRIVACY
For
a copy of our online privacy statement dealing with Web site and Internet
matters, please visit our Legal
disclaimer
|
|
|
|
|
|
|
© MacKay Landau, Chartered Accountants 2003 - 2012, All rights reserved, Legal disclaimer, Privacy |
||