Morrison Brown Sosnovitch LLP recognizes the importance of privacy and the sensitivity of personal information. As lawyers, we have a professional obligation to keep confidential all information we receive within a lawyer-client relationship. Pursuant to the Personal Information Protection and Electronic Documents Act (“PIPEDA”), we also are required to protect “personal information” whether or not it is collected within a solicitor/client relationship. To help protect your personal information, we have developed this policy, and trained our lawyers and support staff about our policies and practices.
1. Why we need Personal Information
Morrison Brown Sosnovitch LLP provides legal and related services to a wide range of clients. To conduct its business and delivery these services, we need to collect and retain personal information, and as reasonably required by the mandate of our clients, to use and disclose personal information from time to time. In addition, Morrison Brown Sosnovitch LLP may use personal information which has been collected by it to keep you informed of developments in the law and the scope of services which we provide, and to promote our services.
2. What personal information do we collect and retain?
We collect and retain personal information to the extent necessary to perform the legal services which our clients require of us. Since the scope of the file work varies greatly, the nature of the personal information that we need to reasonably collect and retain also varies widely from file to file, and there is therefore no definable limit on the type of personal information which we may collect and retain, except that we do not collect or retain any information that is not reasonably necessary in order to either carry on our practice and our business, or to complete the current and reasonably foreseeable mandates of our clients.
3. How do we collect personal information?
We collect information only by lawful and fair means and not in an unreasonably intrusive way. Wherever possible we collect personal information concerning individual clients of the firm directly from these clients at the start of a retainer and in the course of our representation. We also collect personal information from our clients concerning other individuals (who are not our clients). For example, a client who is an employer may provide personal information to us concerning its employees. A corporation may provide personal information to us concerning its directors, officers, accountants and others having a relationship with the corporation. A litigant to whom we are providing legal services may provide us with personal information concerning a potential witness in a legal proceeding. An individual client may provide personal information concerning his or her family in the context of estate and succession planning, or the preparation or review of a Will.
Sometimes we may obtain personal information from sources other than clients of the firm, including an insurance company, a real estate agent or other broker, from a government agency or registry, from a person’s employer, an accountant, or a source of referral work to the firm.
4. Consent and Revocation of Consent
When clients retain us, they naturally infer consent to the collection, retention, use and disclosure of personal information concerning them to the extent necessary to permit us to perform services for them and to manage and administer their files. Any client may at any time revoke this consent, except that if consent is revoked, we will still retain any personal information which we deem necessary to protect the present and future interests of that client, the firm or any other person to whom we owe a duty of care, as well as any information which we are reasonably required to maintain to comply with the Rules of Professional Conduct or with the requirements of our professional liability insurers.
In the case of personal information obtained from clients pertaining to other persons, we assume that our client has the consent to disclose it to us unless we know that this is not the case, or there is an exception in PIPEDA to permit us to collect and use the information.
With consent, we may also collect information from publicly available sources including the internet, or as permitted by the terms of PIPEDA which includes certain exceptions relating to investigations and legal proceedings.
5. How we use Personal Information
We use personal information to provide and administer legal advice and services to our clients, to manage our business, to provide our clients with up-dates in the development of the law, and to promote the services of Morrison Brown Sosnovitch LLP. If a person tells us that he or she no longer wishes to receive information about our services, or about new developments in the law, we will not send any further material.
Morrison Brown Sosnovitch LLP does not disclose your personal information to any third party to enable them to market their products and services. For example, we do not provide our client mailing lists to other law firms, accounting firms, brokers or others.
6. Disclosure by us of Personal Information
Morrison Brown Sosnovitch LLP will disclose personal information as reasonably required to carry on its business and to represent the interests of its clients. We will also disclose personal information in a variety of other circumstances, as follows:
(a) when we are required or authorized by law to do so, for example if a court issues a subpoena;
(b) when the individual to whom the information relates consents to the disclosure;
(c) where it is necessary to establish or collect fees;
(e) if we engage expert witnesses on your behalf;
(f) if we retain other law firms or professionals on your behalf;
(g) if the information is already publicly known.
7. Updating by us of Personal Information and Correction of Errors
Since we use personal information to provide legal services to a client, it is important that the information be accurate and up-to-date and we make reasonable efforts to ensure accuracy and completeness. If during the course of the retainer, any personal information which you have provided to us changes, please inform us so that we can make any necessary changes. If Morrison Brown Sosnovitch LLP holds information about you and you can establish that it is not accurate, complete and up-to-date, Morrison Brown Sosnovitch LLP will take reasonable steps to correct it.
8. How we maintain the security of Personal Information?
Morrison Brown Sosnovitch LLP takes all reasonable precautions to ensure that personal information is kept safe from loss, unauthorized access, modification or disclosure. Among the steps taken to protect your information are:
(a) premises security;
(b) restricted file access to personal information;
(c) deploying technological safeguards like security software and firewalls to prevent hacking or unauthorized computer access;
(d) internal password and security policies.
Morrison Brown Sosnovitch LLP does not use encrypted e-mail, with the result that there is a greater risk that Personal Information which we may send by e-mail, or which is sent to us by e-mail, may inadvertently be disclosed due to lack of encryption. You should be aware that e-mail is not a 100% secure medium, and you should be aware of this when contacting us to send personal or confidential information. To our knowledge at the present time, encrypted e-mail is not prevalent in the legal industry and no clear standard system of encryption has been adopted. Our policy will be to adopt encrypted e-mail when and if it becomes of general acceptance in our industry and a clear standard in common use has been identified.
9. Access to Personal Information
You may ask for access to any personal information we hold about you. Summary information is available within a reasonable time on request. More detailed requests which require archive or other retrieval costs may be subject to our normal professional and disbursement fees and will take longer.
10. Can I be Denied Access to My Personal Information?
An individual’s rights to access to his or her personal information are not absolute. We may deny access when:
(a) denial of access is required or authorized by law (for example, when a record containing personal information is subject to a claim of solicitor/client privilege by one of our clients) ;
(b) information relates to existing or anticipated legal proceedings against an individual to who the information relates;
(c) it is necessary to deny access to comply with the Rules of Professional Conduct;
(d) when granting access would have an unreasonable impact on other people’s privacy;
(e) when to do so would prejudice the interests of our clients;
(f) to protect our firm’s rights and property;
(g) where the request is frivolous or vexatious.
If we deny your request for access to, or refuse a request to correct information, we will explain why.
12. Requests for Access and Complaints
If you have any questions, or wish to access your personal information, please write to our Chief Privacy Officer as follows:
V. Ross Morrision
Chief Privacy Officer
Morrison Brown Sosnovitch LLP
One Toronto Street, Suite 910
Toronto, Ontario M5C 2V6
All Complaints concerns the collection, retention, use and/or disclosure of Personal Information by Morrison Brown Sosnovitch LLP must be made in writing and addressed to our Chief Privacy Officer.
13. Employment Inquiries
If you apply to Morrison Brown Sosnovitch LLP for a job, we need to consider your personal information, as part of our review process. We normally retain information from candidates after a decision has been made, unless you ask us not to retain the information. If we offer you a job, which you accept, the information will be retained in accordance with our privacy procedures for employee records.