February 4th - 2005

The Privacy Law: A review

Federal privacy law has changed the way REALTORS, as well as every commercial organization in Ontario, conduct their businesses since PIPEDA (Personal Information Protection and Electronic Documents Act) came into effect just over one year ago on January 1, 2004.

Federal privacy law has changed the way REALTORS, as well as every commercial organization in Ontario, conduct their businesses since PIPEDA (Personal Information Protection and Electronic Documents Act) came into effect just over one year ago on January 1, 2004.

Now is a good time to review what you have done to become privacy compliant and to determine what remains to be done in order to fulfill your privacy obligations under PIPEDA as well as the CREA Privacy Code.

Checks and balances
How well have you complied with PIPEDA and the CREA Privacy Code? Use our checklists to see how you’re doing.

Sample Checklist for Brokers/Owners/Managers
Have you…

  • Appointed a privacy officer?
  • Implemented a privacy policy?
  • Ensured the forms that are used by your office, such as listing and buyer agency agreements, contain privacy disclosures?
  • Amended other office policies and procedures to ensure privacy compliance?
  • Taken steps to protect and secure personal information stored in your office?
  • Set up a record retention and destruction program?
  • Cleaned out files and discarded personal information you no longer need to keep?
  • Trained staff and salespersons on how the privacy policies work?
  • Trained staff and salespersons on how to handle information access requests, complaints and questions about privacy policies?

Sample Checklist for Salespersons
Do you….

  • Advise clients what you will be doing with the personal information you are collecting?
  • Get the consent of the client to the uses disclosed?
  • Collect only the information you need in order to effectively represent the client in the transaction?
  • Use and disclose the information only in manner consistent with the reason it was collected and with the consents you obtained?
  • Take reasonable steps to ensure the information you collect is as accurate as possible when you collect it?
  • Ensure that the personal information you collect is kept safely and securely?

If you are unable to complete the sample checklists, now is the time to understand your privacy compliance obligations. OREA’s three-hour continuing education course, Complying with Privacy, is the best way for REALTORS to understand their privacy compliance obligations. The seminar examines how PIPEDA and the CREA Privacy Code apply to a REALTOR’S day-to-day business. If you have not yet attended the Complying with Privacy seminar, contact your local board office as additional continuing education seminars will continue to be held throughout 2005. This course will become available on CD-ROM. Please check the CD-ROM Course Offerings section in the Continuing Education section of the web site at www.oreacollege.com.

Even if you are able to complete the sample checklists, don’t assume you may not someday have a privacy breach. Human error is often the main culprit in privacy breaches. Regular review and constant vigilance over privacy practices is essential.

Privacy materials on the OREA web site
The Legal - Privacy Compliance section of My OREA on the OREA web site contains seven articles relating to various aspects of PIPEDA and privacy compliance. In addition, there are 12 resource materials, including a sample privacy policy, Frequently Asked Questions on privacy compliance and a Reference Guide for Ontario real estate firms, which can be reviewed and downloaded by REALTORS. It also contains links to the Privacy Commissioner’s web site, as well as PIPEDA and the CREA Privacy Code. This section of the web site is frequently updated so REALTORS should check back on a regular basis.

Privacy breaches in the news
Privacy gaffes do happen and the media is keeping a close watch. Here are some stories in recent headlines. They highlight the need for vigilance on everyone’s part.

“Misdirected faxes containing health information end up in apartment managers’ hands” – News Release – Office of the Privacy Commissioner of Canada – December 21, 2004

“Bank Sends Confidential Faxes to Scrapyard” – TORONTO (Reuters) – November 29, 2004 – “Canadian Imperial Bank of Commerce said … it was overhauling its privacy procedures after confidential information about hundreds of clients was mistakenly faxed… for three years.”

“Province apologizes in privacy snafu” – The Globe and Mail – December 4, 2004 – “The Ontario government appears to have made a major privacy gaffe, mailing out thousands of cheques this week that included wrong names and social insurance numbers….”

Share this item

LEGALBEAT: Overlisting is risky business Site seeing on the Internet

For more information contact

Ontario Real Estate Association

Jean-Adrien Delicano

Senior Manager, Media Relations

JeanAdrienD@orea.com

416-445-9910 ext. 246

OREA AI Assistant