|
Home
Partners
Contact Us
Affiliates
Links
|
PRIVACY AND PERSONAL INFORMATION POLICY
INTRODUCTION
Effective
January 1, 2004, new rules came into force concerning privacy of personal
information and the information handling practices of organizations. MacKay Landau is strongly committed to a
“best practices” approach to information privacy, for the benefit of our
clients, employees and others who interact with our organization.
In this privacy
policy, “we”, “our” and “us” refers to MacKay Landau and our related
partnerships and corporations controlled collectively by the partners of
MacKay Landau.
WHY WE COLLECT USE AND DISCLOSE PERSONAL INFORMATION
We collect
personal information about our individual clients for the purposes of
providing accounting advice and accounting services to them. Examples of
common retainers include estate planning, tax planning and the preparation
and filing of personal tax returns.
As part of our
client services these purposes include evaluating, monitoring and assessing
the tax and accounting requirements of our clients, recommending changes to
asset structures, recommending changes to liability provisions and risk
management, recommending retainer of other consultants such as brokers, legal
counsel and insurance agents, strategy consultations for items such as tax
disputes and inter-jurisdictional arrangements.
We also collect
information about individual shareholders, employees and directors of
organizations in the course of providing services to our clients, which are
organizations. This information is
collected as necessary to properly evaluate and plan the structure and
activities of these organizations as mandated by our retainer with them. This information is not utilized to review
or analyze the personal financial affairs of any of these individuals, unless
that is the subject of a separate retainer.
If an
individual client also is involved in organizations for which we are
separately retained to provide services, we will use their personal
information for the purpose of coordinating the collective financial affairs
of the individual and these organizations, as well as crosschecking and
verifying the accuracy and consistency of information relevant to both
retainers.
If instructed
by you, we will add individual client names and contact details to our client
database, in order to allow us to send them newsletters, brochures, tax
updates, details of forthcoming seminars and other materials relating to our
general services. We understand that
not all of our clients may wish to receive this type of material. If a client prefers that we do not send
this type of material they can let us know by writing their engagement
partner, and their contact details will then not be utilized in this fashion.
WHAT KINDS OF PERSONAL INFORMATION WE COLLECT
We collect a
wide variety of personal information in connection with our services. This information primarily relates to the
financial, tax and business affairs of our clients.
In connection
with our estate planning and consulting work we collect and analyze
information on matters such as personal assets, family relationships,
retirement savings, lifestyle intentions, the financial affairs of family
members and intended beneficiaries, intended charitable giving, insurance
coverage, health status and the tax status of those persons and organizations
who may be impacted by the plan.
HOW WE COLLECT PERSONAL INFORMATION
Most of the
personal information collected by us is provided directly by the individual.
In some cases, information
is provided to us by an organization with which the individual is associated
as a director, officer or shareholder.
In such circumstances, we are relying on that organization to have
obtained any necessary or appropriate consents.
In some instances,
for example in estate planning, a client may provide us information about
other individuals (e.g. spouses).
Again, we are relying on our client to have obtained any necessary or
appropriate consents.
Occasionally,
we are provided information, with consent of our client, directly from other
advisers or representatives of our client.
Examples include legal counsel, brokers, bankers, insurance agents and
predecessor accountants. In these
circumstances, we infer that it is appropriate for us, in our best
discretion, to disclose client information to these other advisers in the
course of working directly with them on client projects, unless specific
restrictions are imposed in the engagement letter.
Information is
collected from government and regulatory bodies on instruction of and with
the consent of the client.
Information is
also collected from publicly available sources and as permitted by applicable
law.
CONFIDENTIALITY
As accountants,
we are concerned with the confidentiality of the personal information
entrusted to us in our engagements.
Our firm adheres to the highest standards of confidentiality and
abides by the accounting institute standards and ethics, which apply in Nunavut.
Our employees
receive training and instruction in client confidentiality. All staff are required to sign a specific
pledge of secrecy and independence, a copy of which will be made available on
request.
DISCLOSURE
As a general
rule, we only disclose personal information of our clients as instructed by
them. However, there are a number of
exceptions. Circumstances of
disclosure without consent include:
·
As
permitted or required by applicable law (e.g. compulsion by court order;
investigation of suspected fraud).
·
To
defend our firm in proceedings arising from statements or opinions issued by
us in the cause of our professional services (e.g. negligence claim on an
audit letter).
·
To
service providers in circumstances where we remain in control of the
information (e.g. IT outsourcing).
·
To
professional regulatory bodies, as required by legislation, rules, policies
or codes governing our profession.
PERSONAL EMPLOYEE INFORMATION
Where an
individual is an employee or a candidate for employment, we consider that we
have implicit consent to collect, use and disclose employee personal
information in circumstances set out below.
We will only
collect, use and disclose personal employee information without express
consent when it is reasonable for the particular purpose of the establishment,
administration, management and termination of the employment
relationship. Administration of the
employment relationship will include interaction with benefit providers and
others in the provision of our employee benefits and pension plans.
We will
disclose personal employee information without the individual’s consent to
another organization in responding to a request for a reference only when you
have provided specific consent for this to occur.
Personal
information of employees can also be collected, used and disclosed without
the individual’s consent where required or permitted by applicable law.
In other
circumstances, the consent of the employee will be required for any use or
disclosure of their personal information.
GIVING ACCESS TO AND CORRECTING PERSONAL INFORMATION
Upon written
request, we will give an individual or his or her authorized representative
(an “applicant”) access to his or her personal information that is in our
custody or under our control. We will
also let the applicant know what the information is being used for and how
and under what situations the information is being or has been disclosed by
us.
If we do not
have an actual record of the persons or organizations that the applicant’s
personal information has been disclosed to, we will tell them who or what
organizations their information may have been disclosed to.
We may require
an applicant to give us evidence of his or her identity so we can ensure that
the applicant has the right to access the individual’s personal information
but we will only use such information for the purpose of identification and
authentication.
We will act
reasonably in searching for an applicant’s personal information.
We may charge
an appropriate fee, when permitted, for processing the request. Information on applicable fees will be
provided to an applicant.
Clients and
employees may seek access to their personal information by contacting the
Partner in charge at the relevant local office of the firm.
We may refuse
access to all or part of an applicant’s personal information in the following
situations:
·
The
information is protected by any legal privilege;
·
The
disclosure of the information would reveal confidential business information
and it is not unreasonable to withhold the information;
·
The
information was collected for an investigation or legal proceeding;
·
The
disclosure of the information might result in that type of information no
longer being supplied and it is reasonable that the type of information be
supplied; or
·
The information
was collected by a mediator or arbitrator.
If we are
reasonably able to sever the information contained in the above exceptions
from a requested record, we will give access to the remainder of the
information in the record.
We are required
by law to refuse access to all or part of an applicant’s personal information
in the following situations:
·
The
disclosure of the information could reasonably be expected to threaten the
life or security of another individual;
·
The
information would reveal personal information about another individual; or
·
The
information would identify the individual who gave an opinion about another
individual and the individual giving the opinion does not consent to the
disclosure of his or her identity.
If we are
reasonably able to sever the information contained in the above exceptions
from a requested record, we will give access to the remainder of the
information in the record.
We will inform
the applicant if he or she will be given access to all or part of his or her
personal information. If access is to
be given, we will inform the applicant of when access will be given. If access to all or part of the applicant’s
personal information is refused, we will inform the applicant of the reasons
for refusal and the specific exception(s) to the right of access on which the
refusal is based. We will also inform
the applicant of the name of the person in our organization who can answer
questions regarding the refusal, and of the applicant’s right to ask a
Privacy Commissioner having jurisdiction for a review of our decision to
refuse access.
If an
individual believes that his or her personal information in our custody or
under our control has a mistake in it or is missing some information, he or
she may request that we correct the information.
If we decide
that the information should be corrected, we will do so as soon as reasonably
possible. As appropriate, we will also
send the corrected information to every organization that our records show
has received the wrong information.
If we decide
not to correct the information, we will make a note on the individual’s
personal information indicating that a correction was requested.
We will not
correct or change an opinion, including a professional or expert
opinion. We will make a note on the
individual’s personal information indicating that a correction or change was
requested.
ACCURACY
We will ensure
personal information used or disclosed by us will be sufficiently accurate,
complete and up-to-date to minimize the possibility that inappropriate
information may be used to make a decision about an individual.
We will update
personal information about clients and employees as and when necessary to
fulfill the identified purposes or upon notification by the individual.
PROTECTION
We will use
reasonable security safeguards to protect personal information against such
risks as loss or theft, unauthorized access, disclosure, copying, use,
modification or destruction. We will
protect personal information regardless of the format in which it is kept and
used.
We will protect
personal information using physical, administrative and technical safeguards
that are appropriate to the sensitivity of the information.
RETENTION
We will keep
personal information only as long as it remains necessary or relevant for the
identified purposes, as required for normal business purposes, as required by
law, or as otherwise stated in retainer letters with our client.
Our current
policy is to permit or consider our closed files to be destroyed any time after
6 years have passed since the file was closed, unless the nature of the file
or the engagement circumstances would require otherwise, in our reasonable
discretion.
We will
maintain reasonable and systematic controls, schedules and practices for
information and records retention and destruction that apply to personal
information that is no longer necessary or relevant for the identified
purposes or required by law to be retained.
We will destroy, erase or make such information anonymous.
PROCEDURE FOR HANDLING COMPLAINTS
An individual
who believes that our organization has not complied with this Policy has the
right to make a written complaint about the matter to our organization. We will use our internal complaint handling
procedure to investigate and attempt to resolve the matter. Our internal complaint handling procedure
is as follows:
§
A complaint in
writing is made to the Chief Privacy Officer;
§
The Chief Privacy
Officer conducts an internal review, consulting with the engagement partner
and other representative as appropriate; and
§
The Chief Privacy
Officer will provide a written response to the individual usually within 45
days.
An individual
always has the right to make a complaint to a Privacy Commissioner having
appropriate jurisdiction or to ask the Commissioner to review a decision we
have made. However, individuals are
encouraged to use our internal complaint handling procedure first.
We will make
our complaint handling procedure readily accessible to individuals. We will provide brochures or include
information on our website about how to lodge a complaint, the time within
which a complaint will normally be handled, and the fact that complaints will
be handled by an officer of our organization with appropriate authority to
deal with the complaints.
We will provide
the complainant with a copy of this Policy, together with any relevant
explanatory materials, upon request.
We may decide
not to investigate a complaint if:
·
The
complaint relates to an act or practice that is not a possible breach of the
privacy requirements;
·
The
complaint relates to an act or practice that is no longer reasonably able to
be investigated because of the length of time since it occurred;
·
The act
or practice relates to an event which occurred prior to the organization
being subject to this Policy;
·
The
complaint is trivial, frivolous or vexatious; or
·
The
complaint relates to an act or practice that is the subject of court
proceedings that have commenced or are intended to be commenced.
With the
exception of complaints that we have decided not to investigate we will
investigate and respond to all complaints within a reasonable period of time
(usually, within 45 days). If the
complaint is found to be justified, we will take appropriate steps to resolve
the complaint including, if necessary, amending our policies and procedures
(or this Policy).
A complainant
will be expected to provide sufficient details of how the complaint arose,
including the identification of the parties involved, if known, copies of any
relevant documentation and reasons why the complainant believes his or her
privacy may have been breached.
A complainant
may be represented by a legal practitioner or other advocate.
We will inform
the complainant of the outcome of our investigation regarding his or her
complaint.
MONITORING/REVIEWING THE OPERATION OF THE CODE
We will monitor
compliance with this Policy.
Our Chief
Privacy Officer will review this Policy annually to ensure that the Policy is
still serving its stated purposes; that it is being complied with; that the
internal complaint handling procedure is still effective; and to determine if
there are any amendments that should be made to improve the operation of the
Policy.
Our Chief
Privacy Officer can be contacted as follows:
Shawn Lester, CA, BBA
MacKay Landau
P.O. Box 20
Iqaluit, NU,
X0A 0H0
ONLINE PRIVACY
For a copy of
our online privacy statement dealing with Web site and Internet matters,
please visit our Legal
disclaimer
|