Over the centuries, the common law and courts have developed policies which recognize the client’s need to be able to confide in their lawyer without fear that such confidences will be revealed unless the client gives permission. This has developed into what is commonly known as the “solicitor client privilege”. This is the client’s right to prevent anyone from requiring their lawyer to give evidence about communications made between them.
In a broader context, under our Rules of Professional Conduct, lawyers and their staff are bound to keep all information given to them in the strictest confidence.
With the advent of the internet, the ability of organizations to gather personal information using electronic means has greatly increased. Frequently, the information is collected without your knowledge and consent, and may subsequently be used for purposes which are not authorized by you.
As a result, the Federal Government passed the Personal Information Protection and Electronic Documents Act (“PIPEDA”) in 2000. Initially, this only applied to “Federal undertakings” i.e. the banking, airlines and cross-provincial border transactions.
Effective January 1, 2004, PIPEDA applies to all Canadian business and organizations, unless individual Provinces have enacted “substantially similar” legislation.
Ontario introduced draft legislation in the fall of 2002 but did not proceed with it.
The policy which follows, has been prepared in response to PIPEDA. Regrettably it is a lengthy and technical document which may appear at times to be somewhat intimidating. We wish to assure you that we have taken these steps to enhance the protection of your personal information. The policy in no way detracts from our professional obligations to keep all communications from you in the strictest confidence.
Confidentiality and privacy of personal and other information goes to the heart of the relationship between client and lawyer. It is of paramount importance to Ricketts Harris LLP.
We are required by the Rules of Professional Conduct of the Law Society of Ontario and the Code of Professional Conduct of the Canadian Bar Association to keep all information which you give us in confidence.
The Law and the Courts protect your right to confidentiality for matters communicated to your lawyer by the rules of Solicitor – Client Privilege. A lawyer cannot be forced to disclose information received from a client unless the client consents to the disclosure.
In addition, the collection, use, storage and disclosure of “Personal Information” is now regulated by the Federal Personal Information Protection and Electronic Documents Act (“PIPEDA”).
What is Personal Information?
Personal Information is information about an identifiable individual. Personal Information includes information that relates to their personal characteristics (e.g., gender, age, income, home address, home telephone number, ethnic background and family status), their health (e.g., health history, health conditions and health services received) or their activities and views (e.g., religion, politics, opinions expressed by an individual, an opinion or evaluation of an individual). Personal Information is to be distinguished from business information (e.g., an individual’s business address and business telephone number), which is not protected by the privacy legislation.
Who We Are
The law firm of Ricketts Harris LLP is a limited partnership consisting of lawyers and support staff. We engage a number of consultants and agencies that may, in the course of their duties, have limited access to personal information we hold. These agencies include process servers, computer consultants, service providers, accountants, a file storage company, temporary workers to cover holidays and sickness, credit card companies, website managers, other lawyers and experts who we consult on behalf of our clients. We restrict access to personal information we hold as much as is reasonably possible. We also seek assurances from any recipient that they follow appropriate privacy principles. Although office security, maintenance personnel, cleaners, our landlord and its contractors and our tenants have access to our premises, they are not permitted access to personal information.
Primary Purposes for Collection of Personal Information about Clients
Like all lawyers, we collect, use, store and disclose personal information which is necessary to serve our clients.
For our clients, the primary purpose for collecting personal information is to provide legal advice and services. Where our client is an individual, we collect information about the client’s legal issue including anything the client might have done or said that might affect their legal situation. This permits us to advise the client as to their legal rights, their responsibilities and their options for addressing the issue, enabling us to carry out their instructions.
We may also collect personal information from third parties about a client’s legal issue so that we can ascertain how the third party’s perception of events can affect our client’s legal situation.
We obtain home contact information so that we can contact our client.
We normally do not collect any personal information without the client’s express consent, but this might occur in a case of urgency (e.g., the client is unavailable) or where we believe the client would consent if asked and it is impractical to obtain consent.
Primary Purposes for Collection of Personal Information about Members of the General Public
For members of the general public, our primary purpose for collecting personal information is to gather and review evidence that is relevant to legal issues affecting our own clients. Such personal information is usually incidental to our providing advice to our client. Often this collection, use, storage and disclosure is done without the individual’s consent because we are reviewing an apparent breach of law or an agreement and obtaining consent would compromise the investigation.
From time to time we may collect personal information about members of the general public in order to provide notice of special events (e.g., a seminar or conference) or to make the public aware of legal services in general or our firm’s services in particular. For example, when we collect work contact information, we may also collect home addresses, fax numbers and email addresses. We try to obtain consent before collecting any such personal information, but where this has not been obtained, we will, upon request, immediately remove any personal information from our records.
On our website, we collect the personal information you provide to us. We use that information for the purpose you gave it to us (e.g., to respond to your email message, to register for a course, to subscribe to our newsletters). We may use “Cookies” on our website to help your navigation. Cookies are not used to monitor you. We collect statistics which reveal the traffic source, time of day and duration of visit, which pages are accessed and similar statistical information which we use to update our site to better serve its visitors. None of these statistics reveal any identifiable personal information.
Related and Secondary Purposes for Collection of Personal Information
Like most organizations, we also collect, use and disclose information for related or secondary purposes. Examples are as follows:
- To invoice clients for services, to process credit card payments or to collect unpaid accounts.
- To advise clients and others of new developments in the law.
- To advise clients and others of newsletters, seminars or courses we provide.
Our firm reviews files for the purpose of ensuring that we provide high quality services, including assessing the performance of our partners and staff. In addition, external consultants (e.g., auditors, lawyers and technology consultants) may do audits and continuing quality improvement reviews of our firm, which may include reviewing client files and interviewing our staff.
Lawyers are regulated by the Law Society of Ontario, who may inspect our records and interview our staff as a part of its regulatory activities in the public interest.
If we become aware of anticipated serious criminal behavior, we will report this to the appropriate authorities. Such report may include personal information about our clients, or other individuals.
Many government agencies (e.g., Canada Customs and Revenue Agency, the Information and Privacy Commissioner, the Human Rights Commission, etc.) have the authority to review our files and interview our staff as a part of their mandates. We will claim solicitor/client privilege when appropriate. external regulators have their own strict privacy obligations. In these circumstances, we may consult with other professionals who will advise us on any proposed course of action.
Our firm may provide some services to clients which are paid by third parties (e.g., employers, Legal Aid or legal insurance policies). These third party payers often have your consent or legislative authority to direct us to collect and disclose to them certain information in order to demonstrate client entitlement to and responsible use of this funding.
Clients or other individuals we deal with may have questions about our services. We provide ongoing services for many of our clients over a period of years for which previous records are helpful. We normally retain our client information for at least ten years after the last contact to enable us to respond to such questions.
If Ricketts Harris LLP were to merge with another firm, the prospect would want to conduct a “due diligence” review of the firm’s records to ensure that it is a viable business that has been honestly portrayed. This due diligence may involve some review of our files. Before being provided access to the files, the prospect must provide us with a written confidentiality agreement.
You can opt out of some of these related or secondary purposes (e.g., by informing us that you do not wish to receive mailings). We cannot control legislated requirements to divulge personal information and in particular, legislation relating to the prevention of terrorism and money laundering.
Protecting Your Personal Information
We understand the importance of protecting personal information. For that reason, we have taken the following steps:
- Paper information is either under supervision or secured in a locked area. Electronic hardware is either under supervision or secured in a locked area. In addition, passwords are used on computers.
- Our cell phones use digital transmissions in areas where that service is available, as these signals are more difficult to intercept.
- Paper information is transmitted through sealed, addressed envelopes or boxes by reputable companies.
- Electronic information is transmitted by fax through a direct line.
- E-mail will be encrypted if requested.
Retention and Destruction of Personal Information
We need to retain personal information for some time to ensure that we can answer any questions you might have about the services provided and for our own accountability to external regulatory bodies.
We normally keep our paper based client files for at least ten years. Our client and contact directories are more difficult to systematically destroy. If it appears that we will not be contacting you again we endeavour to remove such information when we can. If you ask us, we will remove such contact information from any mailing list immediately.
We keep any personal information in our general correspondence related to newsletters, seminars and marketing activities directed to people who are not our clients for about two years after the activity is over.
We destroy paper files containing personal information by shredding. Alternatively, we may return some or all of the file to our client for storage or disposal. We destroy electronic information by deleting it. When the hardware is discarded, we ensure that the hard drive is physically destroyed.
You Can Review Your Personal Information
With some exceptions, you have the right to see what personal information we hold about you. We can help you identify what records we might hold. We will also try to help you understand any information you do not understand (e.g., short forms, technical language, etc.). We will need to confirm your identity before providing you with this access. We reserve the right to charge a nominal fee for such requests.
Please put your request to review your Personal Information in writing. If we cannot give you access, we will tell you within 30 days and tell you the reason why we cannot. If we collect personal information about you for a client, it is likely that solicitor and client privilege protects the information and you will not be given access to it without our client’s consent.
If you believe there is a mistake in your personal information, you have the right to ask for it to be corrected. This applies to factual information and not to any professional opinions we may have formed. We may ask you to provide documentation to establish that our files contain incorrect personal information. Where we agree that our files contain incorrect personal information, we will make the correction and notify anyone to whom we may have sent this information. If we do not agree that our files contain incorrect personal information, we will include in our file a brief relevant statement from you and we will forward that statement to anyone else who received the earlier personal information.
How to Make an Inquiry or Complaint about Your Personal Information
Our Privacy Compliance Officer, Sam Sasso, can be reached at:
Ricketts Harris LLP
Barristers & Solicitors
Suite 800, 181 University Avenue
Toronto, ON M5H 2X7
Phone: (416) 364-6211
Fax: (416) 364-1697
He will attempt to answer any questions or concerns you might have.
If you wish to make a formal complaint about our privacy practices, you may make it in writing to our Privacy Compliance Officer. Our Privacy Compliance Officer will acknowledge receipt of your complaint, ensure that it is investigated promptly and that you are provided with a formal decision and reasons in writing.
This policy is made in compliance with PIPEDA. The Information and Privacy Commissioner of Canada oversees the administration of privacy legislation.
For general inquiries, the Information and Privacy Commissioner can be reached at:
112 Kent Street
Phone: (613) 995-8210
Fax: (613) 947-6850
TTY: (613) 992-9190