The following policy is designed to ensure that respect for each employee and client’s right of privacy is maintained within reasonable limits, and with due consideration that all personal information is privileged.
All details relating to personal information contained in the files of any client, or employee will be kept in confidence by the staff of The Clark Companies.
All documents relating to a client’s or employees’ personal information are to be kept locked in designated file cabinets.
Employees may take documents containing personal information outside of the office when required to do so in the normal course of their duties, in the event of a fire or similar disaster, or as may be required by law. Staff members, who do take personal information outside of the company office, are responsible for ensuring the confidentiality and security of any documents in their possession.
Employees of The Clark Companies will neither collect nor disclose any information of a personal nature about a client without consent from the client, unless otherwise stipulated by law.
Information which is understood to be confidential includes: client records, information about a client which was acquired in the normal course of business, employee information, company related information, or any other information deemed confidential by The Clark Companies.
The company is compliant with the federal privacy legislation, specifically, the “Personal Information Protection and Electronic Documents Act” (PIPEDA). This policy governs our dealing with “personal “information. Personal information means any information such as age, gender, religion, ethnic background, family status, political affiliations, health, home address and home phone number. Personal information does not include business information such as the name, title, business address, or telephone number of an employee of an organization.
The company is responsible for all personal information in their possession or control. This includes information to which third parties who provide goods or services to The Clark Companies, such as, but not limited to, accountants, contractors, security and maintenance people may have access. The Clark Companies restricts such access to these third parties as much as is reasonably possible and requests their assurances that they follow appropriate privacy principles.
Why The Clark Companies Collects Personal Information
The primary purpose of collecting, use and disclosure of personal information is to serve our clients or potential clients, to market our services and other purposes which would be considered related or otherwise reasonable in the circumstances. It is also collected on employees for benefit enrollment and other payroll identification purposes. The Clark Companies primarily collects, uses and discloses personal information to evaluate client needs. If the company plans to use or disclose personal information for a purpose not previously identified, they will make every reasonable effort to specify the identified purposes, verbally, or in writing, to the individual from whom the personal information has been collected for use or disclosure.
Generally, all personal information is held in strict confidence and The Clark Companies will obtain consent, either express or implied, to use or disclose personal information about an individual unless otherwise permitted or required by law.
The way in which we seek consent, including whether it is expressed or implied, will vary depending upon the sensitivity of the information and the reasonable expectations of the individual. There are some circumstances where the company is permitted or required under law to collect, use or disclose personal information without the knowledge or consent of the individual. Such as when collection or use is clearly in the interests of the individual and consent cannot be obtained in a timely way, or to investigate a breach of an agreement or a contravention of a law or to act in respect to an emergency that threatens the life, health or security of an individual.
The Clark Companies will take appropriate steps to ensure adequate safeguards are in place to protect the personal information. Safeguards include ensuring the paper information is stored in a supervised or secure location, including locked file cabinets and restricted access to the offices. Additionally, sensitive and personal electronic information is always password protected. Third party contractors or agents who have access to personal information will be required to confirm that they follow appropriate privacy practices.
While we do not intend to keep personal information for longer than is reasonable, we do keep personal information for some time so that we are able to answer questions about our services and to account to normal business audit procedures. Inactive client or employee files are generally destroyed after seven (7) years. Our client contact information and directories are kept longer unless clients advise us that they wish to have the same removed. Our accounting and financial files are normally kept for a minimum of seven (7) years.
We destroy paper files with personal information by shredding or discarding the same in garbage receptacles; we destroy electronic information by deleting it.
Openness and Access
With some exceptions, we will give access to the personal information we retain about employees or clients upon request. We will confirm identity before providing such access. We ask that clients or employees provide any request or identify any problem relating to such personal information in writing. The Clark Companies will respond within 30 days with the information requested or if this is not possible, we will advise of the reason.
Other exceptions may include information that contains references to other individuals or contains confidential commercial information, where such information cannot be severed from the record.
BREACH OF CONFIDENTIALITY
The disclosure of confidential or personal information more often occurs through use of carelessness rather than deliberate intent. Employees are cautioned to familiarize themselves with the above policy and to monitor their behaviour to avoid such breaches as:
- Discussing clients (even when not using their names) outside of the normal course of duty, with persons who are not directly involved in the client work.
- Specifically naming clients or the nature of the contracted work in public places such as restaurants, public transit, elevators, social gatherings, etc.
- Reviewing client material/information or other documentation in public places.
- Leaving offices, desks or other work areas with confidential information open to view.
- Sharing specific customer information with other customers