PRIVACY

Effective date: September 1, 2020

PRIVACY and confidentiality POLICY

1. OBJECTIVE AND SCOPE OF POLICY

Howard Employment Law Corporation (“HEL” or the “Firm”) is committed to protecting the privacy of clients, employees and others dealing with HEL. This policy informs you of HEL’s practices concerning the collection, use and disclosure of personal information and ensures compliance with applicable privacy laws, including the B.C. Personal Information Protection Act (“PIPA”) as well as related duties of confidentiality owed under contract law and Law Society of BC rules.

HEL contractors or agents who provide services to HEL that entail dealing with personal information are required to comply with this policy.

2. WHAT IS PERSONAL INFORMATION?

This policy applies to “personal information”. This is defined by privacy legislation as any information about an identified or easily identifiable individual. Personal information does not include business contact information (e.g. business telephone and fax number, business address and email), information about corporations or other entities or information about individuals not associated with their identity (e.g. anonymous statistics). In addition, any personal information that is disclosed in work product created by employees, (e.g. a memorandum about a business trip that discloses some personal information about you) is not considered protected personal information. Note that the concept of confidential information applies to information that does not qualify as “personal information” e.g. information about a pending business transaction is confidential but not personal information. See discussion of confidentiality below.

Personal information is very broadly defined and includes unrecorded information or information recorded in any form, including in writing, electronically or on video or audio tape. Personal information includes relatively obvious or publicly available information such as home address, age or hair colour, through to more sensitive information such as credit card numbers or other financial information.

3. THE COLLECTION, USE AND DISCLOSURE OF PERSONAL INFORMATION

HEL collects only such personal information about individuals as is reasonably required to provide our services to them. In the case of job applicants, employees and contractors, HEL collects only such personal information about then as is reasonably necessary for the purposes of establishing, managing and terminating the employment relationship e.g. for tax reasons, we must collect employee’s birth date and SIN number.

Generally speaking, HEL will obtain your consent to the collection, use and disclosure to others of your personal information, subject only to exceptions permitted or required by law. In many situations, where you voluntarily provide personal information about yourself and the purpose or use of the information is obvious, providing the information constitutes sufficient consent. In other situations, HEL will seek your consent in writing, electronically or orally to the collection, use or disclosure to others of your personal information.

There are circumstances permitted under applicable privacy laws where the collection, use, or disclosure of personal information may be done without consent and other situations where collection, use or disclosure is required by other legislation. Such situations include:

    1. Where disclosure of information is required by applicable legislation or by order of an authorized court, tribunal, or regulatory or law-enforcement agency;
    2. Where HEL believes, on reasonable grounds that it is necessary to protect the health or safety of you or another;
    3. Where it is necessary to collect monies owing to HEL or respond to proceedings against HEL; and
    4. As part of an investigation into possible breach of an individual’s obligations to HEL or proceeding involving HEL.

You may, on reasonable advance notice in writing to the appropriate HEL manager, withdraw consent to any collection, use or disclosure of personal information and we will comply with your request, except where such withdrawal would frustrate a legal obligation e.g. to maintain records to comply with record-keeping requirements of income tax legislation. You should also appreciate that withdrawal of such consent may deprive you of benefits or other advantages available from HEL or others.

4. DISCLOSURE OF PERSONAL INFORMATION

HEL does not sell, trade, barter or exchange for consideration any personal information it has obtained. When using services of contractual service providers who may receive personal information collected by HEL, the Firm ensures that they agree to use such personal information solely for the purposes of providing those services and they agreed to comply with relevant portions of this policy.

In order to service clients and administer employment relationships, HEL transmits personal information to affiliates and external service providers, such as benefit providers or cloud software providers. While HEL will take steps to ensure your privacy is respected, this may entail sending personal information data outside of Canada, where it may be subject to access by governmental agencies of the foreign jurisdiction pursuant to foreign law.

As set out above, there are a limited number of situations where disclosure of personal information maintained by HEL is either required by law (e.g. legislation entitling law enforcement agencies to obtain information) or disclosure without consent is permitted by law (e.g. an emergency where your consent cannot be obtained).

References: HEL employees or former employees may wish us to provide reference information about you, your employment history and your employment income to a prospective employer, landlord or provider of credit. We will require your written consent to disclosure of any personal information about you to persons bona fide purporting to be seeking such references.

5. ACCURACY AND PROTECTION OF PERSONAL INFORMATION

The Firm endeavours to ensure that all personal information in its possession is as accurate, current and complete as possible for the purposes for which it is used by HEL. You can assist us by advising us of any changes in your personal information, e.g. changes in your home address, phone number or email address.

The Firm takes appropriate security measures to ensure that both paper and electronic records containing personal information are secure from loss, unauthorized use, access or copying, disclosure or modification. Security measures include locking areas containing sensitive special personal information and general security of our offices. Our computer systems include passwords to gain access to sensitive personal information. HEL also limits access to personal information to those who “need to know” to provide you with products or services.

Given HEL’s offices are in space shared with others, all Firm personal and confidential information in paper form must be stored in offices and cabinets which are locked outside of office hours. Computer records are password access protected.

6. ACCESSING AND UPDATING PERSONAL INFORMATION

HEL allows individuals to have reasonable access to their personal information and will endeavour to provide requested information within reasonable time and generally within 30 days following a written request. Individuals may request:

      1. Information about what types of personal information are collected, how it is used, and to whom it is disclosed; or
      2. To review some or all personal information about them kept by HEL.

upon written request to the appropriate manager or to the Privacy Manager identified below.

Although HEL will generally comply with such requests, HEL may decline access to personal information on grounds permitted or required under applicable legislation, including the following situations:

  1. Where the requested personal information does not exist, is not recorded or cannot be located;
  2. Where the cost of assembling, retrieving and providing access to the personal information would be disproportionate to the benefits of access;
  3. Where such disclosure would entail disclosing personal information about another person, e.g. a person who made a comment or observation about the individual making the access request;
  4. Where the information was collected without consent for the purpose of an investigation or proceeding and the investigation or proceeding has not been completed.

Individuals may request that HEL correct records of personal information. If HEL concludes the requested change is unwarranted, it will so advise the requesting person, but will append the requested change to the record kept by HEL.

7. RETENTION AND DESTRUCTION OF PERSONAL INFORMATION

HEL endeavours to only retain personal information for so long as it is either:

  1. required to be retained by law, e.g. Income Tax Act or Employment Standards Act requirements; or
  2. reasonably necessary for HEL business needs,

subject to the requirement under privacy legislation to retain information that was used to make a decision directly affecting the individual for one year after the date of the decision.

When personal information is no longer needed, it will be destroyed in a suitably secure manner, e.g. shredding of paper records containing personal or confidential information.

8. HEL RIGHT OF ACCESS TO ALL DATA ON SYSTEMS

Employees should be aware that, for a variety of reasons including ensuring appropriate use of HEL computer resources and monitoring productivity, HEL reserves the right to monitor or review without advance notice all employee use of HEL’s computers, including all emails sent or received and Internet usage. Employees therefore should have no expectation of privacy when using HEL computer systems for personal reasons. Any such use should be restricted to non working time, be reasonable in scope and not place undue demands on the computer system or result in the introduction of potentially harmful material to HEL’s computer system.

9. DATA BREACH

Notwithstanding our security arrangements, there is the risk that some of the personal information HEL keeps may be accessed by unauthorized persons through accidental loss or sharing of such information or “hacking” into our computer systems. If this occurs, HEL will comply with any applicable requirements under Privacy Laws. Generally, we will try to evaluate the scope of the loss, the potential risks to persons affected and where appropriate or required under Privacy Laws, notify such persons of the breach and any other relevant information, including steps to mitigate the risk.

10. CONFIDENTIAL INFORMATION AND HOW WE PROTECT IT

As lawyers, HEL also owes a broad duty of confidentiality to its clients which is broader in scope than the privacy law concept of “personal information”. Put another way, much of the information we receive as lawyers must be treated as confidential even though it is not about a particular individual thus not covered by privacy law. An example would be when we are asked to advise an employer on how to structure a corporate reorganization or acquisition from an employment law perspective. This is highly confidential but may not involve any “personal information” about individual employees.

Here are a few key examples of how we comply with that duty:

  1. in some situations, the mere fact you are a client or are seeking advice from a law firm can be confidential e.g. if known to another party, it may tip them off to something you or your organization is planning. Where this is a concern, please let us know so we can take steps e.g. assigning a code name to a planned reorganization of your workforce. Also, ensure that all our communications with you about such sensitive matters goes to a private and secure email address or other address;
  2. Before we can take on a new client or a new matter involving a new adverse party for an existing client, we are required by the Law Society of B.C. to conduct a “conflict search” to ensure the new file does not place us in a conflict of interest with obligations owing to existing clients. When new clients call or existing clients contact us about a new matter, we need to get the names of all potentially adverse parties to run the conflict check internally. However, we will not disclose the fact the conflict check was run or any information about the new matter to the existing client about the enquiry even if there is a potential conflict;
  3. When advising employees who are still at work about legal issues with that employer, it is critical that all communications with HEL be done through a personal email, not a work email. Otherwise, the strong legal protection of “privilege” which generally protects our legal advice from being disclosed to the other party may be lost when the employer accesses the advice in its computer system;
  4. In representing clients, we are often asked to communicate with others e.g. writing letters to former employees or employers. Clients need to be careful to ensure that information they consider confidential is not included in such communications;
  5. When we file Notices of Civil Claims, Responses or Counterclaims (“pleadings”) in the courts on behalf of clients, they need to be aware that they are public record documents and thus may be accessed by business partners or even the media. Claims filed in other tribunals may also become publicly accessible e.g. BC Human Rights Tribunal files become accessible after a decision and 3 months before a hearing. If you do not want certain facts included in a pleading, you must advise us when reviewing a draft;
  6. In litigation, documents and even information received from an adverse party are subject to the “implied undertaking” limit on what you as the other party can do with it. Generally speaking, absent consent of the party which provided the document or information or permission of the court, you may only use such documents and information for the purpose of the lawsuit and the same applies to your documents we are required to share as part of the “document discovery” phase of litigation. For example, if a document from a defendant company contains commercially sensitive information about a pending acquisition of another business, the party receiving it can only use it at examination for discovery, to check relevant facts with a witness or at trial. The party receiving it cannot use it, for example, to alert another competitor about the pending transaction. If you are particularly concerned about confidentiality of documents or content we have requested from you to fulfill your obligations of disclosure to the other side in litigation, please flag that and we will either:
    1. Redact irrelevant but sensitive information; or
    2. Seek special protective measures e.g. an agreement with opposing counsel or court order that the adverse party will not be able to make copies of the document;
  7. When we write descriptions of our legal services provided on any given day for billing purposes (known as “docketing”), we aim to describe what we did fairly clearly so clients can understand what we did for them. This will generally include the name of the employee in respect of whom we provided advice unless you specifically direct us not to include names. This information will then appear in your monthly invoice. If you prefer to receive a more generic description of our services so our invoice can be circulated to others such as accounting staff who should not be privy to our advice or the names of the employees on which advice was sought, please let us know in writing as soon as possible.

11. COMPLAINTS OR QUESTIONS

If you wish to access your personal information, you must make the request directly to the Firm Founder. Alternatively, you may contact the Privacy Manager for HEL Geoffrey Howard, who may be reached at ghoward@howardlaw.ca. The Privacy Manager is generally responsible for firm compliance with applicable privacy legislation and with the application and administration of this policy. You may contact the Privacy Manager with any questions arising out of this policy.

Print Friendly, PDF & Email