Licensee duty to protect client confidentiality

Published July 20, 2023

Licensees are reminded of their obligation and requirement to maintain the privacy and confidentiality of client information. As per Insurance Council Rule 7(1),  the Insurance Council Code of Conduct and Appendix B, Client Confidentiality Guidelines, a licensee must hold in strict confidence all information acquired in the course of the professional relationship concerning the personal and business affairs of a client, and must not divulge or use any such information other than for the purpose of that transaction or of a similar subsequent transaction between the licensee and the same client unless expressly authorized by the client or as required by law to do so. 
Licensees have a duty to safeguard all client personal information that is in their possession, and they are responsible for determining the appropriate safeguards that address the collection, use, disclosure, storage, and destruction of any client’s personal information. Licensees are required to have written policies and procedures governing client privacy and take reasonable steps to ensure that all staff are aware of these policies and act accordingly. It is also the responsibility of insurance agencies and their nominees to ensure their licensees and employees understand the confidentiality requirements and that appropriate measures and safeguards are in place to protect personal information.
Licensees are encouraged to review ICN Notice-17-004 - Reminder Of Licensee Responsibilities Related To Disclosure Or Transfer Of Client Information as it provides additional guidance on the matters of disclosure or transfer of client information, including ensuring a client’s express consent has been obtained, the requirements involving disclosing, transferring or receiving client information amongst agents or agencies, requirements when selling, acquiring or transferring a book of business, considerations for dealing with orphan clients, and a reminder for general insurance salespersons and agents that it is the agency who is the agent of record on a client’s general insurance policy.
The Insurance Council’s position and requirements on client privacy and confidentiality do not override the requirements under existing legislation. Licensees must also follow the Personal Information Protection Act (PIPA), which requires agencies/firms to designate one or more individuals to be responsible for licensee compliance with PIPA that would involve the creation of proper policies and practices to ensure adequate client protection.