Next Steps Planning INC. collects and safeguards personal information in compliance with PIPEDA and applicable provincial laws. 

​

Policy: We make our privacy policies publicly available and adhere to the guidelines of the companies we represent. 

​

Procedures: 

• All privacy inquiries are directed to the compliance officer. 

• Client access requests are fulfilled within 30 days. 

• Misuse or breaches are reported immediately and documented. 

• ​

Privacy Breach Process 

Containment: Engage IT support, change passwords, notify impacted companies, and file police reports if necessary. 

​

Documentation: Maintain breach records for 24 months. 

​

RROSH Assessment: Determine if breach poses a Real Risk of Significant Harm. 

Mandatory Reporting: Notify affected individuals and regulators as required under PIPEDA. 

​

Client Consent 

Consent is obtained at the start of the client relationship for collection, use, and disclosure of personal information. 

Clients are informed about: 

• Purpose of collection 

• Access by staff or third parties 

• Out-of-country storage risks 

• Ability to withdraw consent 

Safeguards 

Technological: Encryption, antivirus, firewalls, strong passwords, secure email. 

Physical: Locked cabinets, secure office layout, laptop security protocols. 

Organizational: Access limited on a need-to-know basis, confidentiality agreements in place. 

​

Training Program 

All staff complete initial and annual refresher training on privacy policies. 

Records of training completion are maintained. 

​

Self-Review & Amendments 

Annual self-review ensures compliance with privacy legislation and company guidelines. 

Amendments are documented in the revision history.