GOWLING LAFLEUR HENDERSON LLP - PROCEDURE TO ACCESS PERSONAL INFORMATION IN CANADA

Gowling Lafleur Henderson LLP (Gowlings) reserves the right to modify these procedures to reflect its changing needs.

This document is to be read in conjunction with and supplements other applicable Gowlings' policies (e.g. Privacy Policy Confidentiality Policy; employee privacy policies)

Gowlings understands the importance of protecting the privacy of clients, employees and others and places a high priority on effectively dealing with any privacy-related requests. This document addresses how Gowlings will meet its obligations under our privacy policies and the law with respect to the subject of permitting access to personal information. All privacy-related access requests will be treated seriously, dealt with promptly and handled in a confidential manner.

This procedure will apply to a client or an employee seeking access to review his or her own personal information. This procedure also applies to others (e.g. law enforcement authorities) seeking to access information on a client or employee. For the purposes of this document, a client, employee or other person making a request is referred to the “Applicant”.

To make an access request, the following procedure may be followed or, as appropriate, will apply:

  1. The Applicant may contact:

    1. In the case of a client or other person seeking information about a client, the Chief Privacy Officer; or
    2. In the case of an employee, the office administrator or other person designated as having personnel management responsibilities,

    in writing (a letter, e-mail or the form provided is sufficient) or by telephone regarding this request. The request for access will be retained or recorded. The individual noted above serves as the “first point of contact”.

    Please note that delivery of requests by e-mail is not 100% reliable. An e-mail message should not be considered as received by Gowlings until an acknowledgement of the message is received. Electronic mail transmissions may become lost, incomplete or misdirected by reason of unavailable network connections or failures in hardware, software or other technical malfunctions.

    The first point of contact will send:

    1. an acknowledgement by letter or e-mail (if the only address provided is an e-mail address) to the Applicant, of receipt of the request and indicating the date of receipt and the form of the request (e.g. by letter, e-mail or telephone call);
    2. a copy of the access request and acknowledgement to the Chief Privacy Officer; and
    3. a copy of the access request to the person determined in the matter at hand to be the Access Administrator 1.

    If not the first point of contact, the Chief Privacy Officer will record the request in an Access Request Log and, no later than fifteen days following the date of the access request, confirm that the access request is being processed.

  2. The Access Administrator or his or her delegate (“Access Administrator”) will determine whether the request for access is legitimate. “Legitimate” in this context means a request that is not frivolous or vexatious. Gowlings may require sufficient information to allow it to confirm that an Applicant (other than the employee) is authorized to do so prior to processing the request.

  3. If the Access Administrator determines that the request for access is not legitimate or the Applicant is not authorized to make the request, he or she

    1. will decline to permit access to the file,
    2. document why,
    3. place in the file the reason for declining access, and
    4. inform the Applicant, in writing, as to the reason for declining access. A copy of this letter will be sent to the Chief Privacy Officer.

    If the Applicant believes this decision is not correct, he or she may file a written objection directly to Gowlings Chief Privacy Officer. The Chief Privacy Officer will review the decision of the Access Administrator and make a determination as to whether he or she concurs with the decision. If the Chief Privacy Officer does not concur with the decision of the Access Administrator, he or she may permit access to all or part of a file.

  4. Gowlings may charge a reasonable fee to comply with an access request as permitted by law.

  5. In permitting access to personal information, the Access Administrator will first examine the file; make a copy of contents to be disclosed. The Access Administrator shall not disclose any information:

    1. identifying third parties unless, on the face of the document containing the information, there is a consent by the third party to the release of his/her name in connection with the information in question; or
    2. falling within an exception to disclosure indicated in the applicable Gowlings Privacy Policy or by applicable law.

  6. Access to personal information may take place in one of two ways:

    1. In person, or
    2. By mail or fax.

    If “in person” access is chosen, the Access Administrator will schedule an appointment during regular business hours within seven (7) business days of the access request. The appointment will be within 30 days of Gowling's receipt of the access request.

    “In person” access will be done in the presence of the Access Administrator or a person designated by the Access Administrator and the following rules will apply to the Applicant:

    1. You may only access your own file.
    2. You may take notes on the contents of your file.
    3. You may request the Access Administrator to make copies of specific documents.
    4. You may not remove any of the contents of your file.
    5. You must sign an “Inspection Statement” upon completion of your inspection indicating the date and place of inspection.
    6. The Access Administrator will place the “Inspection Statement” in the file.
    7. You may submit written comments, concerning any information you deem inappropriate or inaccurate, for insertion in your file. Comments may be submitted at the time of inspection or at a later time.
    8. In the event the Access Administrator determines that the record of your Personal Information is inaccurate or incomplete, he/she shall correct the information and make a notation in the file as to the date and nature of the correction.

  7. An Applicant need not access employee personal information "in person". If "in person" access is not chosen, then the Access Administrator will

    1. Complete Step 5 indicated above;
    2. Make copies of documents that will be released;
    3. Mail or, if requested, fax or electronically transmit, copies of the documents to be released, and
    4. Insert a note in the file listing the documents transmitted and indicating the date and method of transmission of documents place of inspection.

    The Applicant may then submit written comments to the Access Administrator, concerning any information he or she consider inaccurate or incomplete for insertion in the file. The Access Administrator will place these comments in the file with appropriate responses, where required, by Gowlings.

  8. If the specific information sought by the Applicant is not, for any reason, maintained in designated Gowlings files but has been identified as being held by Gowlings (and is in fact held by Gowlings), the Access Administrator will obtain a copy of the information requested. The Access Administrator will do the following:

    1. Locate the holder of information maintaining a file containing the record sought.
    2. Inform the holder that a request for access has been made to the Access Administrator.
    3. Request that a copy of the information, in a form understandable to the Applicant, be transferred to the Access Administrator to permit an examination under Step 5 and completion of Steps 6 or 7.

1   “Access Administrator” is used here as a title to describe whoever will be responsible for the access process.

 

  

Privacy | Terms of Use

© 2008 Gowling Lafleur Henderson LLP.  All rights reserved.