“As an owner of any business it is our duty to protect our clients privacy and ensure proper security systems and procedures are in place to protect their data.”-privacy officer-Dan Desbiens
8 privacy tips for businesses Based on best practices suggested by the Privacy Commissioner of Canada, the tips below can help us better protect our customers’ personal information and help create a strong regulatory compliance environment at our brokerage. Please note: These tips offer general topics—
1)Get your customers’ consent to collect their personal information.
2)Limit your collection and retention of that information.
3)Ensure that your staff receive appropriate privacy protection training.Limit and monitor access to personal information and take appropriate action when an employee accesses information without authorization.
4)Think twice before collecting sensitive personal information, and guard against collecting sensitive information you are not likely to need, such as your customers’ social insurance numbers.
6)Protect personal information stored on laptops, USB keys and portable hard drives through technological safeguards such as encryption and password protection.
7)Respond to your customers’ requests for access to their personal information in a timely manner.Safeguard personal information against privacy breaches.
8)Report all breaches that could result in significant harm to an individual.
Q: What’s the difference between privacy and security?
A: There are overlaps between these two terms. Privacy has to do with control over personal information and how that information is collected, used and disclosed. Security refers to how personal information is protected and safeguarded.If, for example, you give your information to a company, and that company then uses secure methods to transmit your information to a third party who in turn uses that information to call you at dinner time, security may not be an issue, but privacy might be.You can have security without privacy, but it’s impossible to have privacy without security.
Q: If our brokerage gets a call asking for roadside confirmation of in-force coverage, how do we know it really is a police officer?
A: You have the right to challenge the caller to confirm that it is a legitimate call. For example, you might want to ask the officer’s name, their badge number, which police force and detachment they belong to, and a phone number for their detachment.Think carefully about the information you are providing and the risk of that information falling into the wrong hands. For instance, you might have told the “police officer” that the coverage on a 2017 Dodge Caravan was renewed in September. Then you call the client and they reveal that they haven’t been stopped by the police for years. You determine that it wasn’t really a police officer who called you. That’s a breach, even though you acted prudently. The renewal date on an insurance policy likely wouldn’t lead to a real risk of significant harm. But if the “officer” had asked you to share the insured’s banking information or the value of scheduled jewellery on their home policy, the conversation should stop there, unless you receive express consent from the insured, a subpoena or some similar court order.
Q: How do I deal with a client with limited English proficiency who had a friend or family member help set up their insurance?
A: First, determine what this person’s relationship is to the insured (neighbour? daughter? work associate?). Second, get clarity around this person’s role (for example, one-time translation help, or a go-between for all future insurance transactions?).If this person is providing ongoing translation assistance, obtain the insured’s express consent, such as by asking the insured to sign a form. Consider using this text:I consent to having any of my (and my family’s) personal information related to my (our) insurance needs shared with or collected from (friend/relative’s name) for (length of time the consent applies).You will need to trust that the translator will explain the form to the insured before getting the signature, which would ensure that the consent qualifies as informed. This consent should be secured in person with both the translator and the insured present, so you can be sure you are obtaining informed consent.