CAPITAL ONE PRIVACY BREACH CLASS ACTION
Register with Charney Lawyers PC
2. GOVERNING LAW
3. PRIVACY OFFICER
Charney Lawyers PC
Attention: Privacy Officer
151 Bloor St. W., Suite 602
Toronto, Ontario, M5S 1S4
Tel: (416) 964-7950
Fax: (416) 964-7416
The Privacy Officer is responsible for:
4. PURPOSES OF COLLECTING, USING AND/OR DISCLOSING PERSONAL INFORMATION
We collect, use and/or disclose personal information in order to:
- Provide legal services to our clients in accordance with the Law Society of Ontario’s requirements and Rules of Professional Conduct, and the common law governing a solicitor’s duty of care to a client;
- Provide legal services to individuals who self-identify as class members or putative class members in certified or proposed class actions, respectively, being prosecuted by our firm, in accordance with the Law Society of Ontario’s requirements and Rules of Professional Conduct, the Class Proceedings Act, 1992, S.O. 1992, c. 6, and the common law governing class counsel’s duty of care to a class member or putative class member;
- Efficiently deliver services to our client, manage our operations, and/or improve our service. This may include disclosure of personal information to outside printers, process servers, legal suppliers, outside professionals, experts and consultants;
- Screen prospective clients, identify clients, and administer financial arrangements with clients. This includes identifying and avoiding conflicts of interest, fulfilling the Law Society of Ontario’s client identification requirements, preparing retainer agreements, issuing invoices, collecting and processing payments, maintaining records, and enforcing our right to collect unpaid accounts;
- Prepare and distribute marketing materials and useful legal information to prospective and existing clients, and generally to develop business;
- Conduct market research and evaluate client satisfaction;
- Detect and protect against error, negligence, breach of contract, fraud, theft and other illegal activity, and where necessary to meet our insurance requirements;
When you provide personal information voluntarily for a specific purpose, we rely on your implied consent to use the personal information for that purpose. We will also imply your consent to collect or receive any supplementary information that is necessary to fulfil the same purpose. Your consent will be obtained if, or when, a new purpose for use of that personal information is identified.
We may use your personal information without your consent only in accordance with professional rules of confidentiality, and where:
- we have reasonable grounds to believe the information could be useful when investigating a contravention of a federal, provincial or foreign law and the information is used for that investigation;
- an emergency exists that threatens an individual’s life, health or security;
- the information is for statistical study or research;
- the information is publicly available;
- the use is clearly in your interest, and consent is not available in a timely way;
- knowledge and consent would compromise the availability or accuracy of the information; or
- collection is required to investigate a breach of an agreement.
In all other circumstances, your express informed consent will be obtained before collection, use or disclosure of your personal information.
Information from children
We do not knowingly collect personal information from children (anyone under 18 years of age) over the telephone or in person without a parent’s express oral consent. When collecting personal information electronically (by web-form or e-mail) we do not verify the age of the person from whom we are collecting information. In the absence of any indication to the contrary, we will assume anyone supplying us with information online is over 18 years of age. Parents are strongly encouraged to discuss responsible Internet use and personal information disclosure with their children.
Consent to collection, use and/or disclosure of personal information may be withdrawn at any time by writing to our Privacy Officer. We will inform you of any implications connected to withdrawing your consent.
6. LIMITING COLLECTION, USE & DISCLOSURE
Disclosure to third parties
Personal information may be disclosed to third parties without your knowledge and consent only in accordance with professional rules of confidentiality, and as follows:
- if the transfer is simply for processing purposes, the third party only uses the information for the purposes for which it was transferred, and we have ensured that the third party has appropriate contractual safeguards are in place as contemplated in Principle 4.1.3 of Schedule 1 of the PIPEDA;
- to a lawyer representing us;
- to collect a debt owed to us by you;
- to comply with a subpoena, a warrant or an order made by a court or other body with appropriate jurisdiction;
- to a law enforcement agency in the process of a civil or criminal investigation;
- to a government agency or department requesting the information; or
- as otherwise required by law.
In all other circumstances, your informed consent will be obtained before your personal information is disclosed to third parties.
Personal information found in the files of prospective clients, clients, or former clients will be retained in accordance with applicable regulatory requirements and professional standards.
We retain contact information about individuals for the period of time the individual subscribes to receive communications from us and does not opt out of receiving such communications.
Destruction of information
Once the retention period is over for personal information, we destroy it in accordance with the guidelines established by the Law Society of Ontario.
We use physical, organizational and technological measures to safeguard personal information. We regularly review these measures to ensure they are in keeping with regulatory and industry standards.
Active files are stored in locked filing cabinets when not in use.
Access to work areas where active files may be in use is restricted to members of Staff only and to authorized third parties.
All personal information no longer required is shredded prior to disposal.
Personal information will only be disclosed to those members of Staff who need to know the information for the purposes of their work.
Members of Staff are not permitted to copy or retain any personal information on individuals or clients.
All personal information contained on electronic devices (computers, smartphones, servers) is password protected.
Firewalls, encryption and intrusion detection are utilized to prevent hacking or any other unauthorized computer access.
Electronic devices containing personal information may not be left unattended by Staff while out of the office.
Remote access to personal information contained on Charney computers or servers is limited only to approved devices which have been equipped with appropriate technological safeguards.
Personal information is not transferred via e-mail or other electronic form unless it is encrypted and password protected.
Upon written request to our Privacy Officer, you have the right to be informed of the existence, use and disclosure of your personal information, and to request access to your personal information, as well as an account of the use that has been made or is being made of your personal information, and of any disclosures that were or may have been made to third parties of your personal information.
Upon verification of your identity, the Privacy Officer will respond to any such requests in accordance with the timelines set out in s. 8 of the PIPEDA. We may refuse to provide access to personal information where:
- the information is protected by solicitor-client privilege;
- to provide access would reveal confidential commercial information;
- the information was collected without consent in the course of investigation into the breach of an agreement or of a law of Canada or any Canadian provinces or territory;
- the information was generated in the course of a formal dispute resolution process; or
- access is otherwise limited by the PIPEDA.
Any refusal of access will be made in writing, setting out the reasons and the recourses available.
You have the right to challenge the accuracy and completeness of your personal information and amend it as appropriate. Amended information shall be transmitted to any third parties having access to the information in question, where and as appropriate. Information contained in inactive files is not updated.
Upon verification of your identity, the Privacy Officer will respond to any such requests in accordance with the timelines set out in s. 8 of the PIPEDA.
Copyright © 2019 Capital One Privacy Breach Class Action