logo for The Public Accountants Council for the Province of Ontario

Privacy Policy (March 27, 2007, Amended: March 27, 2018 )

Preamble

The Public Accountants Council for the Province of Ontario (the Council) was established under the Public Accounting Act, 2004 (the Act) for the purpose of ensuring that public accounting in Ontario is practised in accordance with internationally respected public accounting standards that reflect the public interest in the delivery of superior quality public accounting services.
The Council is responsible for overseeing the regulation of public accounting in the public interest by:


(a)    developing and maintaining the standards that a designated body must meet in order to be authorized to license and govern the activities of its members as public accountants and raising the standards, as required;
(b)    determining which designated body meets the standards, when it meets them and whether the designated body continues to meet the standards after it is authorized to license and govern the activities of its members as public accountants;
(c)    overseeing the designated bodies in their capacity to license and to govern the activities of their members as public accountants;
(d)    maintaining and publishing The Roll of Public Accountants in Ontario (the Roll); and
(e)    maintaining public confidence in public accounting through the appropriate prosecution of offences under the Act.


The term “designated body” means Chartered Professional Accountants of Ontario and any other prescribed entity.
In the course of fulfilling its mandate, the Council may collect, use and disclose personal information regarding:
(i)    the members of a designated body who are licensed, have been licensed or have applied to be licensed under the Act or under the Public Accountancy Act, and the status of the respective members’ licences;
(ii)    persons employed, retained, elected or appointed for the purpose of the administration of the Act.
The Council’s collection, use and disclosure of personal information in the course of carrying out its activities are done for the purpose of overseeing the regulation of public accounting in the public interest. These regulatory activities are not of a commercial character. Accordingly, the performance of the Council of its statutory duties is not covered by the federal privacy legislation. The Council has voluntarily adopted this Privacy Policy to provide a voluntary mechanism through which the Council can provide appropriate privacy rights to individuals involved in the Council’s activities while still enabling the Council to meet its obligations.


Definition of Terms
The following terms used in this Privacy Policy have the meanings set out below:
    “Council” means The Public Accountants Council for the Province of Ontario
    “By-Laws” means the by-laws of the Council
    “Act” means the Public Accounting Act, 2004 as amended
    “Regulations” means the regulations made under the Act
    “Legislation” means the Act, Regulations and By-laws
    “Personal Information” means information about an identifiable individual but does not include the name, title, or business address or telephone number of an individual.


Principle 1 – Accountability
The Chief Executive Officer (CEO) of the Council is accountable for compliance with these policies and procedures.
The Council will provide orientation and training to all new employees and appointees as well as all members of Council, committees or working groups that collect, use or disclose personal information.


Principle 2 – Identifying Purposes
The purpose for which the Council collects, uses and discloses personal information is to administer and enforce the Legislation.
The Council collects and uses personal information from CPA Ontario and/or other persons for purposes including:
•    to determine the members of CPA Ontario who are licensed, have been licensed or have applied to be licensed under the Act and the status of the respective members’ licences;
•    to investigate unauthorized individuals who may be practising the profession of public accounting and their clients to determine whether the individual has contravened or is contravening the Legislation and take action against these individuals;
•    to administer and enforce the Legislation.
Personal information regarding members is collected by the Council from time to time and at regular intervals. The Council may collect and use personal information from CPA Ontario and other persons, for the purposes set out above and as required by law.
The Council will collect, use and disclose personal information for purposes authorized by law. Where appropriate, the Council will clearly state the identified purposes for such collection, use and/or disclosure.


Principle 3 – Consent
The Council collects personal information for purposes outlined in the Preamble including for the purpose of the administration and enforcement of the Legislation. In carrying out its mandate, the Council has a duty to serve and protect the public interest.
Where appropriate, the Council will make a reasonable effort to specify the identified purposes to the individual from whom the personal information is collected as described in Principle 2. Personal information will only be collected, used or disclosed without the knowledge or consent of the individual for the purpose of the administration and enforcement of the Legislation and in accordance with the provisions of the Legislation.


Principle 4 – Limiting Collection
The Council collects only the personal information that is required for the purposes identified in Principle 2 of this Privacy Policy and in accordance with the provisions of the Legislation. The Council collects personal information using procedures that are fair and lawful.


Principle 5 – Limiting Use, Disclosure and Retention
The Council uses personal information only for the purposes identified in Principle 2 and in accordance with the provisions of the Legislation. The Council has a record retention policy in place and conducts regular audits to ensure that personal information that is no longer required to be kept is destroyed, erased or made anonymous. Specific information regarding the record retention policy can be obtained by contacting the CEO.


Principle 6 – Accuracy
It is in the best interest of the public that Council collects, uses and discloses only accurate personal information. The Council therefore uses its best efforts to ensure that the information it collects, uses and discloses is accurate.


Principle 7 – Safeguards
The Council ensures that personal information it holds is secure. The Council ensures that personal information is stored in electronic and physical files that are secure. Security measures are in place to safeguard this information which includes restricting access to personal information to authorized personnel, ensuring that physical files are under lock and key and ensuring that electronic files are password protected. The Council reviews its security measures periodically to ensure that all personal information is secure.
Employees of the Council receive an orientation and ongoing training regarding the information safeguards required for personal information and their importance.
The Council ensures that personal information that is no longer required to be retained is disposed of in a confidential and secure fashion.


Principle 8 – Openness
The Council’s personal information management policies and procedures are available to the public.


Principle 9 – Individual Access
Access
In cases where the personal information forms part of a record created by another organization, the Council will refer the individual to the organization that created the record (unless it is inappropriate to do so) so that the individual may obtain access to the personal information from the organization rather than the Council.
Where the Council holds personal information about an individual, upon written request, the Council may allow access to the information to that individual, unless providing access could reasonably be expected to interfere with the administration or enforcement of the Legislation or it is impracticable or impossible for the Council to retrieve the information.
Examples of situations where access may be denied include:
•    Information contains references to another individual(s) that cannot be severed;
•    Disclosure may result in significant risk of harm to the requestor or a third party;
•    Information was collected or created in the course of an inspection, investigation, inquiry, assessment or similar procedure authorized by law;
•    Council did not create the record and it is appropriate for the individual to request access from the organization that created the record;
•    Disclosure may defeat the purposes for which the information was collected;
•    Information cannot be disclosed for legal, security or commercial proprietary reasons;
•    Information is subject to solicitor-client or other privilege;
•    Information was generated in the course of a formal dispute or resolution process;
•    The request is frivolous, vexatious, or otherwise an abuse of process.
While the Council’s response will typically be provided at no cost or minimal cost to the individual, depending on the nature of the request and the amount of information involved, the Council reserves the right to impose a cost recovery fee. In these circumstances, the Council will inform the individual of the approximate cost to provide the response and proceed upon payment by the individual of the cost.
The Council will make every effort to respond to the request within thirty days and to assist the individual in understanding the information.
In the event that the Council refuses to provide access to all of the personal information it holds, then the Council will provide reasons for denying access.
Challenging accuracy and completeness of personal information
An individual has the right to request a correction of what in his or her view, is erroneous information. Where the information forms part of a record created by another organization, then the Council will refer the individual to the organization that created the record (unless it is inappropriate to do so) so that the individual may challenge the accuracy or completeness of the information.
Where an individual is able to successfully demonstrate that the personal information is inaccurate or incomplete, and where the Council has created the record, the Council will amend the information (i.e. correct or add information). In amending or correcting a record, the Council may not obliterate the original entry or information.
In addition, where appropriate, the Council will use its best efforts to notify any third parties to whom the Council has disclosed the erroneous information.
Where there is a dispute between the individual and the Council as to the accuracy or completeness of the information, then the Council will document the details of the disagreement, and where appropriate, will use its best efforts to advise any third party who received the contested information from the Council, of the unresolved disagreement.


Principle 10 – Challenging Compliance, Complaints or Questions


Complaints or questions regarding the Council’s compliance with this Privacy Policy should be directed to the CEO, who can be reached at The Public Accountants Council for the Province of Ontario, 2 Bloor Street East, Suite 2210, P.O. Box 022, Toronto, Ontario, M4W 1A8 or by phone at 416-920-1444, or by email at kbowman@pacont.org or generalinquiries@pacont.org.

 

back to top