Brief Consulting
HomeAboutServicesContact

Privacy, Data Protection & Records Management Policy

Effective Date: January 2026

1. Purpose

Brief Consulting ("the Company") is a professional consulting firm committed to protecting personal information and managing all client and business records responsibly.

This Policy explains, in clear terms, how the Company collects, uses, protects, and retains information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian laws.

2. Information We Collect

The Company may collect or receive information for two main purposes:

  • Client Information – Information we collect directly from our clients to manage our business relationship. This may include names, professional titles, organizational details, email addresses, billing and payment information, and communications relating to our work together.
  • Information Handled on Behalf of Clients – Information we receive or collect in the course of performing consulting work for clients. This may include data supplied by clients (e.g., program data, contact lists, or reports) or information collected on a client’s behalf (e.g., through surveys, research, or stakeholder engagement).

In both cases, the Company collects only what is necessary to perform the agreed-upon work or to meet legal and contractual obligations. We do not collect or retain unnecessary personal or sensitive information.

3. How We Use Information

Client Information is used to:

  • Deliver consulting services;
  • Communicate with clients and partners;
  • Manage billing and payments; and
  • Comply with legal, tax, or contractual obligations.

Information Handled on Behalf of Clients is used solely to perform the services described in our engagement. Such information remains the property of the client and is processed only according to their instructions.

The Company does not sell, rent, or share personal information for marketing or other unrelated purposes.

4. Data Storage and Protection

All records are stored securely in cloud-based systems, primarily Microsoft 365 and other encrypted, reputable services.

No business or client data are stored on local hard drives or portable media.

Access is limited to authorized personnel, and all cloud accounts use multi-factor authentication (MFA) and encryption both in transit and at rest.

5. Retention and Disposal

Records and client files are kept for a minimum of seven (7) years after an engagement ends, or longer if required by law or contract.

Financial and tax records are retained for at least six (6) years from the end of the last tax year to which they relate, per Canada Revenue Agency (CRA) requirements.

When information is no longer needed, it is securely deleted or destroyed.

Minimal archival records may be retained longer when necessary for business or legal continuity.

6. Access and Correction

Individuals may request access to their personal information or ask for corrections if they believe it to be inaccurate or incomplete.

Requests can be sent in writing to the Privacy Officer (see contact below). The Company will respond promptly and transparently.

7. Data Breach Response

If a data breach occurs, the Company will:

  • Take immediate action to contain the issue;
  • Assess the potential impact and risk; and
  • Notify affected individuals and authorities as required by PIPEDA.

8. Policy Review

This Policy will be reviewed periodically to ensure it remains current and appropriate for the Company’s size, technology, and operations.

Updated versions will be made available upon request or posted on the Company’s website.

9. Contact Information

Privacy Officer

Brief Consulting

Email: clanglois@briefconsulting.ca