stepan, fraser and associates

Stefan, Fraser & Associates

Privacy Policy

Privacy Policy - Stefan, Fraser & Associates and its employees and contractors shall protect all personal information in its custody by security arrangements that prevent unauthorized access, collection, use, disclosure, copying, modification or disposal.

Privacy is ensured by safeguards that include:

  • Adhering to the codes of professional ethics as set out by the Canadian Institute of Management Consultants, the Canadian Psychological Association, the College of Alberta Psychologists, the College of Psychologists of British Columbia, and the American Psychological Association.
  • Obtaining prior informed consent in written form from individuals whose personal information is to be obtained/retained.
  • Disclosing personal information to a third part only with the written consent of theindividual to whom the information pertains.
  • Limiting access to personal information to those with a "need to know" and ensuring that all persons receiving the information are informed about the confidential nature of the information.
  • Personal information shall be:
    • stored in locked filing cabinets inside a locked office when it is in written form and
    • protected by passwords when stored in digital form.

Personal information shall be retained for a period no less than the time specified by the College of Psychologists having jurisdiction in the province in which the information is stored, after which it shall be destroyed and disposed of in such a manner as to protect its confidentiality.

Privacy Breach

The Stefan, Fraser & Associates privacy breach plan includes five steps that would be taken immediately to respond to the breach. They are:

  1. Contain the Breach
    • Stop the unauthorized practice
    • Immediately contact the company's Privacy Officer or person responsible for security who coordinates:
      • Records recovery
      • Shut-down of breached system
      • Revocation of access or correction of weaknesses in the physical security system
      • Contact of police if the breach involves theft or other criminal activity
      • Contact of affected individuals that they may take further steps to mitigate or avoid further harm.
  2. Investigate the Breach
    • Individuals with information about the breach document details about it and provide them to the Privacy Officer as soon as possible
    • Immediate and on-going risks are evaluated
    • Safeguards in place prior to the breach are inventoried and reviewed
    • Findings and recommendations for better avoiding future breaches are generated
  3. Assess & Analyze the Breach and Associated Risks
    • What data elements have been breached?
    • What possible use is there for the information?
    • What was the cause and extent of the breach?
    • How many individuals are affected by the breach?
    • What is the foreseeable harm resulting from the breach?
  4. Notify Affected Individuals
    • The preferred method of notification is direct (i.e., telephone, letter or in-person)
    • Notifications include:
      • Acknowledgment of/apology for the breach
      • Date of breach
      • General description of the breach
      • Steps taken to mitigate the breach
      • Steps taken to prevent further breaches
      • Steps the individual can take to further protect oneself and mitigate further damage
      • Contact information of Privacy Officer who can answer questions and provide additional information
      • That the individual has the right to complain to the BC Privacy Commission
    • Other notifications
      • Police, if theft or other crime involved
      • Insurers, if required by contractual obligations
      • Professional and other regulatory bodies as appropriate
      • BC Privacy Commission, if appropriate
      • Credit card companies and/or other credit-reporting agencies, if appropriate
  5. Prevention - Once the steps above have been taken, privacy policies are reviewed and updated to reflect and implement the recommendations gleaned from the investigation.