Using Information Technology
The advisor can use information technology (IT) to “meet” a client and offer them financial products or services.
However, in certain situations, using IT may make it more difficult to fulfil their legal and ethical obligations to the client. Knowledge and comfort with IT varies from one person to the next. Inadequate use of these technologies, by the advisor or their client, could therefore pose a problem not only in terms of protecting personal information and verifying the client’s identity, but also regarding the client’s understanding and consent.
The /advisor must therefore analyze each situation in light of the client’s specific circumstances and characteristics to determine whether communicating with IT is appropriate for them.
When an advisor “meets” a client using IT, for example through a webcam, a teleconference, or a videoconference, they must ensure they fulfil all their legal and ethical obligations as they would if they were meeting them in person, with the necessary adaptations described below.
Carrying out legal acts electronically, communicating with a client through IT, and using e-mail or other messaging services and cloud data all present many challenges as far as security is concerned. Protecting the client’s personal information (is the biggest challenge for an advisor using IT.
The advisor must ensure the confidentiality and security of personal information collected from their client, whether it’s during their collection, usage, communication, storage, or destruction.
When the advisor stores this information on their computer, tablet, cell phone, or cloud platform, they expose it to risks of data leakage, theft, or loss, as well as identity theft.
The advisor must be aware of this and take all necessary protection measures, because they are responsible for protecting their clients’ personal information. For example, they should never leave their laptop, tablet, or cell phone unsupervised, in a car, or in a public place.
When the advisor sends information in an e-mail or newsletter to multiple clients, they must protect their personal information…
- by carefully checking each client’s e-mail address before sending, so they don’t accidentally send personal information to any other recipient
- by inserting each client’s e-mail address as a blind carbon copy
- by using encryption to keep data confidential and guarantee its integrity and authenticity when sending
When security is a concern, the platform used should allow the sender and recipient to be identified, and avoid any possibility of doubt regarding the integrity and source of the messages. Additionally, it should allow the user to make the data exchange secure, make the conservation of exchanged data more reliable, and block access to confidential data.
For example, using a password, antivirus software, and a firewall, deleting suspicious e-mails and their attachments and activating automatic standby are good ways for the advisor to protect personal information they have about their clients.
The advisor must ensure their work computer is only used for professional purposes and only by authorized people.
Further, they must also avoid using a public computer or a computer that belongs to someone else. If they must do so, they will ensure that they:
- uses a virtual private network (VPN) to safely log in to their work computer remotely
- deletes their trail—documents downloaded (including printed documents, which need to be downloaded), temporary Internet files, deleted items in the recycle bin, passwords, etc.
The tool IT and protecting personal information (provides technology tips that the advisor can implement to reduce the risk of data leaks or unauthorized access to data contained in client files. These strategies include items to consider if the advisor uses encryption, cloud services, digitization, or IT service providers. The tool also offers strategies for protecting clients’ personal information when the advisor is travelling. It also offers suggestions to help the advisor appropriately respond to an actual threat of harm, such as disclosing a violation or reacting quickly in order to limit the damage that may be caused to the client. Finally, it recommends implementing a business continuity plan for crises.
Free and clear consent is required for the finalization of any legal act. The advisor must therefore ensure that their client has all necessary information to understand so they can give their valid consent for finalizing the contract.
Any person can electronically sign a document to indicate their consent.
Electronic signature procedures rely, in part, on cryptography. With this technology, a person can reproduce their manual signature in an electronic format. At this step, the signature is not visible—it corresponds to a sequence of characters. When the signature is then placed on an electronic document, this directly links the document signer to the document and serves as identification.
This technology allows the signer to verify that the data in the document to which they are attaching their electronic signature has not been modified (and therefore to ensure the integrity of the data or of the document). It also prevents the signer from denying that they signed the document (non-repudiation).
In summary, when a trusted link between the electronic signature, the person, and the document is established and the intent to sign is also confirmed, an electronic signature will be considered valid and enforceable for the signer.
An advisor concerned with efficiency, space saving, or protecting the environment may choose to create a virtual office. They may transfer paper documents to an electronic platform such as a computer, a CD-ROM, a USB key, or cloud storage under the condition that they comply with requirements stipulated by law.
The advisor can digitize all documents, even those with signatures, if this is done properly. For more details on this topic, see the tool IT and protecting personal information.
By safely saving digitized information on their client, the advisor reduces the risk of them falling into the hands of third parties that shouldn’t have access to them.
For each digitized document, the advisor must keep certain information on paper (or as metadata added automatically to the file during digitization, if the digitizer allows it):
- Identification of the device used for digitization
- Identification of the software used for digitization
- Identification of the server where data was transferred
- Manufacturer’s guarantees on maintaining the integrity of the data during transfer between the source document and the digital document
This information must be kept for as long as the digitized document it comes from exists. For information and tips on remote offices and cloud computing, see the following sheets published by the Commission d’accès à l’information:
- L’infonuagique (ou "cloud computing") () (available in French only)
- La destruction des documents contenant des renseignements personnels () (available in French only)
It is better for the advisor to call upon employees or contractors to digitize their client files, having them sign a confidentiality agreement beforehand, rather than asking friends or family members to do so.
Working with a specialized document digitization and client management company, with servers ideally located within the country, is a good option because the work is safely completed by professionals in a timely manner for a price determined beforehand.