Locked lips, Pt. 2: Ensure client privacy now
By Steven McCarty
The National Ethics Association
Is it human nature to betray confidences? As I suggested in my previous blog, it may well be. But if you habitually divulge confidential information, your practice will leak clients like a sieve.
So, how do you lock down a leaky practice? Start by changing human attitudes. Here’s a story I heard recently that illustrates my point.
An advisor’s client — a retired physician — needed help with charitable gifting. This involved the purchase of a substantial life insurance policy, but since this wasn’t exactly the advisor’s area of expertise, she responsibly asked another agent for help. After hearing the client’s name and financial situation, the second agent “leaked” the information to a law firm he worked with. Next thing she knew, one of the firm’s attorneys tracked down the client and took control of the case, circumventing the advisor. He also intimated to the client that she had endorsed his recommendation. Not true!
She was now in a tight spot. She didn’t want the client to proceed with this unethical law firm. But she also didn’t want the client to think she was a schmuck. Her best option was to honestly explain what happened and to try to make things right. After some initial awkwardness, the client came around, and she was able to expel the law firm. But then they tried to grab a share of her commission. Talk about legal ethics.
But here’s the lesson of my story. When discussing a client with other professionals, always think through the confidentiality implications. Had she done so, she would not have talked to a second agent without first getting the client’s permission and defining her privacy expectations with the agent. In retrospect, she knew she acted in good faith. The client had a need, and she was totally engaged in meeting that need. But protecting her client’s confidences just wasn’t a high priority for her. It should have been.
Clearly, managing the human element isn’t the only requirement. You also need written privacy guidelines. For example, make sure to:
1. Mandate due diligence on supplier privacy practices, including an examination of each firm’s privacy statement, training and email
2. Assess your own internal practices, making sure your laptops and mobile devices are password protected and that client electronic data is protected.
3. Lock down your own workplace, starting with appropriate hiring practices (including background screening), limited public access to office areas that contain private client data and effective file handling procedures.