The ChAD answers eight frequently asked questions regarding the protection of personal information and the damage insurance industry. Agents, brokers and claims adjusters can refer to these questions for guidance in their day-to-day practice.
What does “free and enlightened manifest consent given for specific purposes and for a defined period of time” mean?
When consent is required—be it verbal or written—you must ensure that it is:
- Manifest: consent obtained from the person in question must be clear and unequivocal.
- Free and enlightened: the person in question must give his consent voluntarily, without being pressured or constrained to do so.
- Given for specific purposes: the consent must be given for a specific objective in order to achieve a defined result.
- Given for a defined period of time: the consent must be given for a defined or definable period of time.
N.B.: Proof of consent must also be documented in the file, for example, by keeping an e-mail or the recording of a phone discussion, noting the exact time and object of the consent in the client’s file, etc.
I am dealing with a file that concerns two co-insureds. Who must consent to the collection of personal information?
Are there any circumstances under which I can provide a third party with a client’s personal information without having first obtained his consent?
What are the standards that must be respected for files that are managed out of a home office?
You must ensure the security of information that you hold on others, no matter what the format (paper or electronic) or where it is kept (your office, at home, in your car, etc.).
For further information, please read the syndic’s January-February 2009 column entitled “Minimum Rules for Managing the Confidentiality of Client-Files When Working from Home”.
What must I do when I receive a request to access or rectify personal information contained in a file in my possession?
What should be done when personal information is lost or stolen?
When personal information is lost, you must do the following:
- Take the necessary measures to avoid or limit any potential harm to the individuals to whom this personal information pertains;
- Quickly notify the individuals concerned.
For further information, please read the “Checklist for organizations and companies: What to do in case of loss or theft of personal information“, published by the Commission d’accès à l’information du Québec.
Download the eight frequently asked questions and their answers.