Your Privacy Rights
Beginning on January 1, 2004, all businesses engaged in commercial activities must comply with the Personal Information Protection and Electronic Documents Act, (“the Act”) and the Canadian Standards Association Model Code for the Protection of Personal Information, which it incorporates. These obligations extend to lawyers and law firms, including Thomson, Rogers. The Act gives you rights concerning the privacy of your personal information. The Act makes Thomson, Rogers responsible for the personal information we collect and hold. To ensure this accountability, we have developed this policy, and trained our lawyers and support staff about our policies and practices.
Why Does Thomson, Rogers Need Personal Information?
Thomson, Rogers provides legal services to a wide range of clients. In doing so, it requires personal information in order to fulfill the terms of its retainers and to fulfill its professional responsibilities. As well, it occasionally produces and distributes materials concerning its services and new developments in the law.
What Personal Information Do We Collect and How Do We Collect It?
Thomson, Rogers collects personal information relevant to our retainers with our clients. According to the Act, Personal information is defined as follows:
“personal information” means information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization.
The information we collect may go beyond contact information and include financial or medical information (as an example) depending on the nature of the matter under investigation.
If we did not collect and use personal information we would not be able to provide legal services. In order to provide meaningful advice to our clients, we collect information only by lawful and fair means and not in an unreasonably intrusive way. Wherever possible we collect your personal information directly from you.
Sometimes we may obtain information about you from other sources, for example:
- Your insurance company
- Your real estate agent in a property transaction;
- From a government agency or registry;
- Your employer;
- an accountant or other professional, like a doctor;
- the other side in a litigation matter.
In most cases, we ask you to consent, if we collect, use, or disclose your personal information. Sometimes, your consent may be implied through your contact with us and the mere fact that we are retained to deal with a matter on your behalf. Thomson, Rogers’ standard retainer confirms our client’s consent to the collection, use and disclosure of personal information in the course of our retainer.
Use of Your Information
We use your personal information to provide legal advice and services, to fulfill our own professional responsibilities, to administer our client (time and billing databases) to manage our conflict avoidance program and, occasionally, to include you in our marketing activities. If you tell us that you no longer wish to receive marketing information about our services, or about new developments in the law, we will not send any further material to you.
Thomson, Rogers does not disclose personal information to any third party to enable them to market their products and services. For example, we do not provide our client mailing lists to others.
Thomson, Rogers will retain personal information as long as may be necessary to complete our retainer, fulfill our own professional responsibilities, conduct our business, satisfy the requirements of the Law Society of Ontario and our insurers and as may be required for the maintenance of our marketing activities and our conflicts system.
Disclosure of Your Personal Information
Under certain circumstances, and/or as part of our retainer, Thomson, Rogers will disclose personal information, including:
- When we are required or authorized by law to do so
- When you have consented to the disclosure, expressly or by implication or its disclosure is necessary in the litigation or other matter about which we have been retained.
- When our retainer requires us to give your information to third parties (for example to a doctor for the purpose of obtaining a medical opinion or the opposing parties) your consent will be implied, unless you tell us otherwise. However, in litigation, you may have to disclose information and the failure to do so could adversely affect any claim you have.
- Where it is necessary to establish or collect fees
- If we engage expert witnesses on your behalf
- If we retain other law firms on your behalf
- If the information is already publicly known.
Updating Your Information
Since we use personal information to provide legal services, it is important that the information be accurate and up-to-date. If during the course of the retainer, any of your information changes, please inform us so that we can make any necessary changes. If Thomson, Rogers holds information about you and you can establish that it is not accurate, complete and up-to-date, Thomson, Rogers will take reasonable steps to correct it.
Is Personal Information Secure?
Thomson, Rogers takes all reasonable precautions to ensure that personal information is kept safe from loss, unauthorized access, modification or disclosure. Among the steps taken to protect information are:
- Premises security
- Restricted file access to electronic personal information
- Deploying technological safeguards like password protection, security software and firewalls to prevent hacking or unauthorized computer access
- Internal password and security policies
- Procedures for the destruction of personal information when it is no longer required including shredding and the formatting of electronic media.
Access to Your Personal Information
You may ask for access to any personal information we hold about you. However, we may ask that we be reimbursed for the time and cost to us of such access at our normal rates.
Can I Be Denied Access to My Personal Information?
Rights to access your personal information are not absolute. We may deny access when:
- denial of access is required or authorized by law (for example, when a record containing personal information about you is subject to a claim of legal professional privilege by Thomson, Rogers or one of our clients).
- information relates to existing or anticipated legal proceedings
- when granting you access would have an unreasonable impact on other people’s privacy
- when to do so would prejudice negotiations
- to protect our firm’s rights and property
- where the request is frivolous or vexatious
If we deny your request for access to, or refuse a request to correct information, we shall explain why.
Thomson, Rogers does not use your Social Insurance Number as a way of identifying or organizing the information we hold.
Can a Client Request Anonymity?
The Proceeds of Crime (Money Laundering) and Terrorist Financing Act and our Rules of Professional conduct may require us to confirm the identity of new clients. It may also require us to disclose information to FINTRAC in relation to certain large cash transactions.
To help us make credit decisions about clients, prevent fraud, check the identity of new clients and prevent money-laundering, we may on occasion, request information from the files of consumer reporting agencies.
Communicating With Us
You should be aware that e-mail is not a 100% secure medium, and you should be aware of this when contacting us to send personal or confidential information.
Requests For Access
If you have any questions, or wish to access your personal information, please write to our Privacy Contact at:
Suite 3100, 390 Bay Street
If you are not satisfied with our response, the Privacy Commissioner of Canada can be reached at:
112 Kent Street,
Ottawa Ontario, K1A 1H3
If you apply to Thomson, Rogers for a job, we need to consider your personal information, as part of our review process. We normally retain information from candidates after a decision has been made, unless you ask us not to retain the information. If we offer you a job, which you accept, the information will be retained in accordance with our privacy procedures for employee records.