MSN - Privacy
Dec 3, 2003
Joint Regulatory Notice on Federal and Provincial Privacy Legislation
MFDA Staff Notices are intended to assist Members and their Approved Persons in the interpretation, application of and compliance with requirements under MFDA By-laws and Rules. Notices make reference to these requirements and set out MFDA staff's interpretation of how to comply with these requirements. Notices may also include best practices or guidance.
This joint regulatory notice has been prepared by the Investment Dealers Association of Canada, Market Regulation Services Inc., the Mutual Fund Dealers Association of Canada, Bourse de Montreal Inc., and the Canadian Investor Protection Fund (collectively, the self-regulatory organizations or “SROs“).
This notice describes, in relation to federal and provincial privacy legislation, the expected standard to be met by all persons under the jurisdiction of the SROs (collectively, “Regulated Persons“) for the collection, use and disclosure of personal information of clients and others for SRO regulatory purposes.
Privacy Law and the Collection, Use and Disclosure of Personal Information by Regulated Persons
Canada’s federal privacy law, the Personal Information Protection and Electronic Documents Act (“PIPEDA“), will come fully into effect on January 1, 2004. It has provisions relating to the collection, use and disclosure of personal information by organizations in the course of commercial activity. In addition, Regulated Persons are reminded that Quebec has a provincial privacy law in place, that British Columbia has enacted a privacy law which will come into force on January 1, 2004, and that Alberta has a bill pending which, if enacted, would also come into force on January 1, 2004. Because one or more of these laws will apply, Regulated Persons will need to determine the privacy legislation applicable to their particular circumstances.
A common principle underlying PIPEDA and provincial privacy requirements is knowledgeable consent by an individual to the collection, use or disclosure of his or her personal information. Personal information is identifiable data about an individual. It can include, without limitation, information contained in:
- New client account forms and related account opening documentation,
- Account statements and records of trading and account activity, and
- Cheques and financial records of all kind in relation to trading in securities.
Organizations, including Regulated Persons, that collect, use or disclose personal information of clients and others must ensure that they have policies and procedures in place to comply with applicable federal and provincial privacy law requirements. These include a requirement that an organization must identify to an individual the purposes for which that individual’s personal information may be collected, used or disclosed by the organization. Further information respecting privacy law requirements can be obtained from web sites maintained by the SROs and the federal and provincial privacy commissions.
SRO Access to Personal Information of Clients and Others for Regulatory Purposes
Regulated Persons have obligations to produce or make available for inspection documents and information to SROs, from time to time, for regulatory purposes.
In order to comply with such obligations Regulated Persons must, at a minimum, ensure that the documentation they provide to individuals from whom they collect personal information includes notification describing the purposes of their collection, use and disclosure of personal information, including its disclosure to SROs and its use and disclosure by SROs. Regulated Persons must also decline to accept or administer an account in respect of which an individual does not consent to such intended collection, use or disclosure of personal information to SROs and the use and disclosure of that information by SROs.
Notification of the collection, use and disclosure of personal information by Regulated Persons and SROs for regulatory purposes may be included in such documents as new client account documentation, client account statements and trade confirmations. As a guide, Regulated Persons may wish to include the following particulars in the text of the notification appropriate to their particular circumstances:
For regulatory purposes, self regulatory organizations including Market Regulation Services Inc., the Investment Dealers Association of Canada, the Mutual Fund Dealers Association of Canada, Bourse de Montreal Inc., and the Canadian Investor Protection Fund (collectively, “SROs“) require access to personal information of current and former clients, employees, agents, directors, officers, partners and others that has been collected or used by Regulated Persons. SROs collect, use or disclose such personal information obtained from Regulated Persons for regulatory purposes, including:
- Surveillance of trading-related activity,
- Sales, financial compliance, trade desk review and other regulatory audits,
- Investigation of potential regulatory and statutory violations,
- Regulatory databases,
- Enforcement or disciplinary proceedings,
- Reporting to securities regulators, and
- Information-sharing with securities regulatory authorities, regulated marketplaces, other self-regulatory organizations and law enforcement agencies in any jurisdiction in connection with any of the foregoing.
Regulated Persons who maintain a website should include a privacy notice on that website which should include the fact that personal information may be disclosed to SROs and used and disclosed by the SROs in the manner described above.
A Regulated Person may be subject to disciplinary proceedings by an applicable SRO if it:
- Fails to provide notification to individuals from whom it collects personal information sufficient to ensure that the Regulated Person can comply with its obligations to produce or make available for inspection documents and information to SROs for regulatory purposes, or
- Accepts or administers an account in respect of which the Regulated Person is unable to comply with its obligations to produce or make available for inspection documents and information to SROs for regulatory purposes, including circumstances in which the client of such Regulated Person does not consent to the disclosure of personal information to SROs and the use and disclosure of that information by SROs.
For further information please contact:
|Investment Dealers Association of Canada||Paul Bourque||416.865.3038|
|Market Regulation Services Inc.||Gerry Halischuk||604.643.6529|
|Mutual Fund Dealers Association of Canada||Gregory Ljubic||416.943.5836|
|Bourse de Montreal Inc.||Jacques Tanguay||514.871.3518|
|Canadian Investor Protection Fund||Barbara Love||416.643.7106|