Privacy legislation requires you to obtain clients’ consent for the collection, use and disclosure of personal information. Advisors should retain a signed Privacy Consent form in the client file for legal and compliance purposes as well as for future reference.
Best practices:
Obtain privacy consent from existing clients and update your client file.
- You are responsible for protecting all information in the file, so do not keep information that’s not required without client consent. Limit the information gathered and retained in a client file to what is necessary for identified purposes. This will reduce the risk of inappropriate use and disclosure.
- Collect information directly from the client and do not store information with a third party without appropriate consents. Out-of-country storage of personal information requires client notification (included in the Privacy commitment and your client file form).
- Safeguard clients’ personal information from initial collection to destruction:
- Secure emails when transmitting or transferring information.
- Use strong passwords.
- Have hardware safeguards, including virus protection, firewalls and encryption.
Receiving and maintaining privacy consent is more than just a legal and compliance requirement – it’s a measurement of professionalism. It builds trust and instills confidence in clients by showing you’re aware of the sensitivity of their personal information.
Remember,
Good Business is Compliant and Compliance Matters!