Limits for Using, Disclosing and Keeping Personal Information

Principle #5: Limits for Using, Disclosing and Keeping Personal Information

Scotiabank will use or disclose personal information only for the reasons it was collected, unless a customer gives consent to use or disclose it for another reason, or it is permitted or required by law.

Under certain exceptional circumstances, Scotiabank has a legal duty or right to disclose personal information without customer knowledge or consent, including to protect Scotiabank’s or the public interest.

Scotiabank will keep personal information only as long as necessary for the identified purposes for which it was collected.

5.1 Scotiabank may disclose personal information without consent when required by law. For example:

  • subpoenas;
  • search warrants;
  • other court and government orders; and
  • demands from other parties who have a legal right to the personal information.

5.2 In these circumstances, Scotiabank will protect the interests of its customers by making reasonable efforts to ensure that:

  • orders or demands appear to comply with the laws under which they were issued;
  • it discloses only the personal information that is legally required, and nothing more; and
  • it does not comply with casual requests for personal information from government or law enforcement authorities.

Scotiabank may notify customers that an order has been received, if the law allows it.

Scotiabank may notify customers of such orders by telephone, electronic mail or by letter to the customer's last known address.

5.3 Scotiabank may want to use personal information (except for personal health information) to market products and services to its customers, either directly or through Scotiabank or affiliates. Scotiabank will obtain the consent of the customer before using personal information for this purpose.

When a customer applies for a product or service and provides personal information, Scotiabank will:

  • Tell the customer that this personal information may be used by it or other Scotiabank affiliates to market other products and services to the customer;
  • Describe the types of Scotiabank affiliates who might market their products or services; and
  • Ask the customer for consent, and advise them that this use of personal information is optional.

The first time a new type of Scotiabank affiliate provides promotional information about its product or service, the Scotiabank affiliate will:

  • Explain the proposed use of the customer's personal information to the customer; and
  • Give the customer an opportunity to withdraw consent for further use of their personal information.

5.4 If Scotiabank is involved in the provision of an insurance product it will collect personal health information only for specific purposes. It will not disclose personal health information to other Scotiabank affiliates, and vice versa. For example, the Bank will not use or have access to another Scotiabank affiliate’s customer personal health information to help assess a loan application.

5.5 Scotiabank specifies in its policies and procedures the periods of time it will keep personal information. Some of these time periods are determined by legislation. If personal information has been used to make a decision about a customer, Scotiabank will keep the personal information long enough for the customer to have access to it after the decision has been made, subject to any regulated record retention period.

5.6 Scotiabank will destroy or erase any personal information no longer needed for its identified purposes or for legal requirements.

Scotiabank’s policies and procedures explain how Scotiabank will destroy personal information so that unauthorized persons or organizations do not gain access to it.