Clients Privacy Rights
From January 1, 2004, all businesses engaged in commercial activities must comply with the Personal Information Protection and Electronic Documents Act, and the Canadian Standards Association Model Code for the Protection of Personal Information, which it incorporates. These obligations extend to lawyers and law firms, including Heming & Associates. The Act gives clients rights concerning the privacy of their personal information. Heming & Associates is responsible for the personal information we collect and hold. To ensure this accountability, we have developed this policy, and trained our lawyers and support staff about our policies and practices.
The Rationale to Collect Personal Information
Heming & Associates provides legal services and products to a wide range of clients. In doing so, it produces direct marketing materials concerning its services and developments in the law.
Personal information is any information that identifies a client, or by which client’s identity could be deduced. If we did not collect and use clients’ personal information, we could not provide our clients with legal services.
Collecting Personal Information
We collect information only by lawful and fair means, and not in an unreasonably intrusive way. Wherever possible we collect clients’ personal information directly from the client, both at the start of a retainer and in the course of our representation. Sometimes we may obtain information about a client from other sources, for example:
- insurance company;
- real estate agent in a property transaction;
- a government agency or registry;
- employer, if we are acting for the client, at his/her request;
In most cases, we shall ask clients to specifically consent, if we collect, use, or disclose clients’ personal information. Normally, we ask for a client’s consent in writing, but in some circumstances, we may accept client’s oral consent. Sometimes, clients’ consent may be implied through clients’ conduct with us.
Use of Clients’ Information
We use clients’ personal information to provide legal advice and services to clients, to administer our clients (time and billing databases) and to include clients in any direct marketing activities. If a client tells us that he/she no longer wishes to receive information about our services, or about new developments in the law, we will not send any further material.
Heming & Associates does not disclose clients’ personal information to any third party to enable them to market their products and services. For example, we do not provide our clients’ mailing lists to other law firms.
Disclosure of Personal Information
Under certain circumstances, Heming & Associates will disclose a client’s personal information:
- when we are required or authorized by law to do so, for example if a court issues a subpoena;
- when a client has consented to the disclosure;
- when the legal services we are providing to a client requires us give that client’s information to third parties (for example a lender in a real estate mortgage transaction) Client’s consent will be implied, unless you tell us otherwise;
- where it is necessary to establish or collect fees;
- if we engage expert witnesses on a client’s behalf;
- if we retain other law firms at the client’s request, and on the client’s behalf;
- if the information is Publicly Available Personal Information, as it is defined under the Personal Information Protection and Electronic Documents Act.
- Updating Information
Since we use clients’ personal information to provide legal services to clients, it is important that the information be accurate and up-to-date. If during the retainer, any client’s information changes, we expect that such client will inform us so that we can make any necessary changes.
Securing Client’s Information
Heming & Associates takes all reasonable precautions to ensure that the clients’ personal information is kept safe from loss, unauthorized access, modification or disclosure. Among the steps taken to protect clients’ information are:
- premises security;
- restricted file access to personal information;
- deploying technological safeguards like security software and firewalls to prevent hacking or unauthorized computer access;
- internal password and security policies.
- Accessing to Personal Information A client may ask for access to their personal information we hold about that Client. Summary information is available on request. More detailed requests which require archive or other retrieval costs may be subject to our normal professional and disbursement fees.
If Heming & Associates holds information about a client and that client can establish that it is not accurate, complete and up-to-date, Heming & Associates will take reasonable steps to correct it.
Denials to access to Personal Information
Clients’ rights to access their personal information are not absolute. We may deny access when:
- it is required or authorized by law (for example, when a record containing personal information about you is protected by solicitor-client privilege);
- to do so would reveal confidential commercial information, and the personal information cannot be severed from the record;
- to do so could reasonably be expected to threaten the life or security of another individual, and the personal information cannot be severed from the record; or
- the information was generated in the course of a formal dispute resolution process.
If we deny a client’s request for access to, or refuse a request to correct information, we shall explain why. Heming & Associates does not use client’s Social Insurance Number as a way of identifying or organizing the information we hold upon a client.
Whenever it is legal and practicable, we may offer the opportunity to deal with general inquiries without providing a client’s name (for example, by accessing general information on our website). The Act requires us to confirm the identity of all new clients. It may also require us disclose information to FINTRAC in relation to certain large cash transactions.
To help us make credit decisions about clients, prevent fraud, check the identity of new clients and prevent money-laundering, we may – with a client’s consent – request information about a client from the files of consumer reporting agencies.
Communicating with Us
Clients should be aware that e-mail is not a 100% secure medium, and clients should be aware of this when contacting us to send personal or confidential information.
Requests for Access
If a client has any questions, or wish to access his or her personal information, that client should write to our Privacy Officer at firstname.lastname@example.org.
When someone applies to Heming & Associates for a job, we need to consider his/her personal information, as part of our review process. We normally retain information from candidates after a decision has been made, unless that candidate ask us not to retain the information. If we offer that candidate a job, which that candidate accepts, the information will be retained in accordance with our privacy procedures for employee records.
Communications – To provide our website visitors with publications, information or requested services, visitors may voluntarily submit personal information to us for such purposes as subscribing to or downloading publications, participating in a seminar or other event, participating in surveys or asking a question. We use the personal information visitors provide only for the purpose for which visitors have provided it. If a subscriber or visitor has subscribed or attended a seminar or other event in the past, we may combine the information with information submitted on the web site. We provide an on-going opportunity to unsubscribe or opt-out of contact by the firm by accessing our web-site, or by e-mail to email@example.comE-Mail