INVESTOR STREAM
Privacy, Confidentiality and Security
What is the difference between privacy and confidentiality?
Confidentiality is an ethical issue: the duty to safeguard the personal information shared between a client and Equivesto or an employee or agent of Equivesto. On the other hand, privacy of client information form a significant portion of Canadian privacy law and are at the heart of Canada’s federal privacy law for the private sector.
What is personal information?
It’s the information about an identifiable person, and includes such things as name, address, age, income, date of birth, financial information and credit records, as well as your opinions, preferences and transaction patterns.
Where does Equivesto store my private confidential information?
Equivesto’s client and deal information is stored on a secure cloud-based database which has redundant authenticated back-ups.
What is Personal Information Protection and Electronic Documents Act?
The Personal Information Protection and Electronic Documents Act (PIPEDA) is the federal privacy law for private-sector organizations, applies to organizations, which collect, use or disclose personal information during their activities. PIPEDA applies to Equivesto’s dealings with its clients.
How do I know if Equivesto’s site is secure?
Secure sites with their SSL/TLS protection enabled have a lock icon and https:// next to the URL in the browser bar. The Equivesto portal has these.
How does Equivesto protect my online information?
Any of the systems and applications that Equivesto uses must have their own Privacy and Confidentiality policies regarding end-user data and use at least one of the following cyber security protocols:
1. Transport Layer Security (TLS) or Secure Socket Layer (SSL) protocols to communicate across the network to prevent eavesdropping or tampering.
2. Code reviews
3. Advanced Encryption Systems (AES) which meet at minimum data block transfer standards of 128, 192 or 256-bit size.
4. General Data Protection Rules (GDPR) compliant.
5. Payment Card Industry Data Security Standard (PCI DSS) if applicable.
6. EU-US Privacy Shield or Swiss-US Privacy Shield compliant
7. ISO/IEC 27001 and/or 27018 compliant
8. SOC 1, 2 or 3 audits at least annually