McCay Duff LLP is committed to maintaining the privacy of personal information provided by our clients and protecting all personal information in its possession or control. This privacy policy sets out the principles and procedures that the firm follows in meeting its privacy commitments to its clients, and complying with the requirements of federal and provincial privacy legislation. The following is an outline of the 10 underlying principles in the Personal Information Protection and Electronics Documents Act (PIPEDA).

1. Accountability

The firm is accountable for all personal information in its possession or control. This includes any personal information that the firm received directly from clients who are individuals or, indirectly, from clients that are organizations such as corporations, government entities or not-for-profit organizations.

The firm has:

  • established and put into effect policies and procedures aimed at properly protecting personal information;

  • educated its partners and employees regarding its privacy policy and their roles and responsibilities in keeping personal information private; and

  • appointed a Chief Privacy Officer to oversee privacy issues at the firm.

If you have any questions about the firm’s privacy policies and practices, the firm’s Chief Privacy Officer, Jason Howarth, can be reached by email at jhowarth@mccayduff.com, by telephone at 613-236-2367 and by mail at 141 Laurier Avenue West, 6th Floor, Ottawa, ON  K1P 5J3.

2.  Identifying Purposes

The firm collects personal information from our clients and uses and discloses such information, only to provide the professional services that our clients have requested.

3. Consent

We will not collect, use or disclose personal information without consent.

Such personal information could include:

  • home and business addresses;

  • home and business telephone numbers;

  • personal identification numbers (e.g., social insurance number, credit card numbers);

  • financial information (e.g., credit ratings, payroll information, personal indebtedness);

  • personnel information; and

  • other personal information.

4. Limiting Collection

The firm collects only that personal information required to perform its professional services and operate its business. Such information is collected by fair and lawful means.

5. Limited Use, Disclosure and Retention

The firm uses or discloses personal information only for purposes for which it has consent or as required by law. The firm retains personal information only as long as necessary to fulfill those purposes.

As required by professional standards, rules of professional conduct and regulations, the firm documents the work it performs. These documents are commonly called working files. Such files may include personal information obtained from a client.

Working files and other files containing, for example, copies of personal or corporate tax returns, are retained for the time period required by law and regulation or indefinitely for active clients.

The personal information collected from a client during the course of a professional service engagement may be shared with:

  • the firm’s personnel participating in such engagement;

  • partners and employees within the firm to the extent required to assess compliance with applicable professional standards, the rules of professional conduct and the firm’s policies, including providing quality control reviews of work performed;

  • members of the organization’s audit committee and board of directors, and others in the organization that might not otherwise have access to the information, in the course of communicating aspects of the results of our audit; and

  • external professional practice inspectors (e.g., representatives of the Canadian Public Accountability Board, or a provincial institute of chartered accountants), who, by law, professional regulations, or contract, have the right of access to the firm’s files for inspection purposes.

The firm regularly and systematically destroys, erases or makes anonymous personal information no longer required to fulfill the identified collection purposes and no longer required by laws and regulations.

6. Accuracy

The firm endeavours to keep accurate, complete and up-to date, personal information in its possession or control, to the extent required to meet the purposes for which it was collected.

To update their personal information, individual clients are encouraged to contact the partner in charge of providing service to them.

7. Safeguards

The firm protects the privacy of personal information in its possession or control by using security safeguards appropriate to the sensitivity of the information.

Access to personal information stored in hard-copy form is kept strictly confidential. Partners and employees are authorized to access personal information based on client assignment and quality-control responsibilities.

Authentication is used to prevent unauthorized access to personal information stored electronically. Portals are used to enable the secure transfer of information to and from clients.

For files and other materials containing personal information entrusted to a third-party service provider (e.g., a provider of paper-based or electronic file storage), the firm obtains appropriate assurance to affirm that the level of protection of personal information provided by the third-party is equivalent to that of the firm.

8. Openness

The firm is open about the procedures it uses to manage personal information.

Up-to-date information on the firm’s privacy policy can be obtained from the firm’s Chief Privacy Officer, Jason Howarth, who can be reached by email at jhowarth@mccayduff.com, by telephone at 613-236-2367 and by mail at 141 Laurier Avenue West, 6th Floor, Ottawa, ON  K1P 5J3.

9. Individual Access

The firm provides timely responses to requests from clients about the personal information the firm possesses or controls.

Individual clients of the firm have the right to contact the partner in charge of providing service to them and obtain access to their personal information. Similarly, authorized officers or employees of organizations that are clients of the firm have the right to contact the partner in charge of providing service to them and obtain access to personal information provided by that client. In certain situations, however, the firm may not be able to give clients access to all their personal information. The firm will explain the reasons why access must be denied and any recourse the client may have, except where prohibited by law.

10. Challenging Compliance

The firm has policies and procedures to receive, investigate and respond to clients’ complaints and questions relating to privacy.

To challenge the firm’s compliance with its Privacy Policy, clients are asked to provide an email message or letter to the firm’s Chief Privacy Officer, Jason Howarth, who can be reached by email at jhowarth@mccayduff.com, by telephone at 613-236-2367 and by mail at 141 Laurier Avenue West, 6th Floor, Ottawa, ON  K1P 5J3.

The firm’s Privacy Officer will ensure that a complete investigation of a client complaint is undertaken and will report the results of this investigation to the client, in most cases, within 30 days.