The purpose of this policy is to ensure personal and confidential information collected from clients is used for its stated purpose(s) and to safeguard such information as required by law.
Personal Information is governed by the Personal Information Protections and Electronic Delivery Act (PIPEDA) in Ontario, the provincial Personal Information Protection Act in Alberta and the Freedom on Information and Protection of Privacy Act in Manitoba (together, the “Acts”).
Privacy legislation governs the collection, use and disclosure of personal information in a manner that recognizes both the right of an individual to have their personal information protected and the need of organizations to collect, use or disclose personal information for purposes that are reasonable.
Privacy legislation gives individuals the right to:
- know why an organization collects, uses or discloses their personal information;
- expect an organization to collect, use or disclose their personal information reasonably and appropriately, and not use the information for any purpose other than that to which they have consented;
- know who in the organization is responsible for protecting their personal information;
- expect an organization to protect their personal information by taking appropriate security measures;
- expect the personal information an organization holds about them to be accurate, complete and up-to-date;
- obtain access to their personal information and ask for corrections if necessary; and
- complain about how an organization handles their personal information if they feel their privacy rights have not been respected.
Privacy legislation requires organizations to:
- obtain consent when they collect, use or disclose their personal information;
- supply an individual with a product or a service even if they refuse consent for the collection, use or disclosure of your personal information unless that information is essential to the transaction;
- collect information by fair and lawful means; and
- have personal information policies that are clear, understandable and readily available.
Definition of Personal Information
“Personal Information” is defined as information about an “identifiable individual”. This includes such things as age, income, education, home address and phone number. It does not cover general contact information such as name, title, business address, business phone number, etc. However, where Tower collects any information related to clients or prospective clients, this information is required to be kept confidential and maintained in accordance with this and other policies governing the protection of client information.
Information that Tower collects within the KYC Form or through the account opening process and other ongoing discussions with clients is subject to strict confidentiality regardless of whether or not it is deemed as “Personal Information”.
Consent to Collect Personal Information
The knowledge and consent of clients to the collection of personal information is required by privacy legislation. Tower’s purpose for collecting Personal Information from clients is to meet various regulatory obligations and to establish an appropriate investment mandate for its clients’ account(s).
The KYC Forms which collect Personal Information require client acknowledgement, and Tower receives express consent by the nature of other signed agreements (e.g. the Investment Management Agreement).
Retention and Destruction of Personal Information
Privacy legislation requires that for legal or business purposes, Tower may retain Personal Information for as long as is reasonable, but further requires that Tower have procedures to destroy the Personal Information when it is no longer required. Tower has policies and procedures in place regarding destruction of personal information.
Requests for Access to Personal Information
Pursuant to Privacy legislation, an individual may submit a written request to Tower’s Privacy Officer to provide them with:
- a record of their Personal Information in Tower’s custody or control;
- information about the purposes for which their Personal Information under Tower’s custody or control has been and is being used; and
- the names of persons to whom and the circumstances in which their Personal Information has been and is being disclosed.
The Privacy Officer is required to make a reasonable effort to assist each applicant as accurately and reasonably as possible. When a request is received, the Privacy Officer will respond to a client no later than 30 days after receiving the request.
Requests may be subject to certain fees and disbursements in accordance with the provisions of the Acts.
Content of response
In a response to a client request, if access to all or part of the personal information requested by the applicant is refused, Tower must tell the applicant:
- the reasons for the refusal and the provision of the Act on which the refusal is based,
- the name, position title, business address and business telephone number of an officer or employee of the organization who can answer the applicant’s questions about the refusal, that is Mark Maxwell, and
- that the applicant may ask for a review under the applicable Act(s).
Privacy legislation provides that Tower must not disclose personal information where:
- the disclosure could reasonably be expected to threaten the safety or physical or mental health of an individual other than the individual who made the request;
- the disclosure would reveal personal information about another individual and consent is not obtained; or
- the disclosure would reveal the identity of an individual who has, in confidence, provided Tower with an opinion about another individual, and the individual providing the opinion does not consent to the disclosure of their identity.
Privacy legislation further provides that Tower may choose not to disclose personal information where the Personal Information:
- is protected by legal privilege;
- was collected for an investigation or legal proceedings;
- was collected or created by a mediator or arbitrator in the conduct of a mediation or arbitration for which he or she was appointed to act under an agreement, under an enactment, or by a court; or
- relates to or may be used in the exercise of prosecutorial discretion.
Additionally, Tower may choose not to disclosure if the information would reveal confidential commercial information, and it is not unreasonable to withhold such information.
Client Requests for Correction of Personal Information
An individual may submit a written request to correct errors or omissions in their personal information. When provided with a written request, the Privacy Officer will assist with the correction of the personal information and, if reasonable, send correction notifications to any organizations to whom the information was disclosed.
If it is decided not to correct the personal information (based on immateriality, or information that cannot be validated against the original which appears more appropriate), the Privacy Officer will ensure the conclusion and the reason the personal information was not corrected is documented, and that a requested was made without any changes recorded.