Disclosing client data – What consent do I need? Part 2

Prepared by Julia Winzar

To meet the client confidentiality obligations under the Code of Professional Conduct, limited ASFL holders need to get each client’s consent to disclosing their information (personal and other) to each of the third parties you disclose this information to. The consent can be built into any document provided to the client, including a privacy declaration and consent form or the ‘authority to proceed’ section of a Statement of Advice. However, the simplest solution is usually to build the consent into your engagement letter.

The form of the consent should require clients to take a ‘positive’ step to indicate that they authorise the relevant disclosure. This can be in the form of the client signing the relevant form, responding by email or ‘opting-in’. If you have chosen to include the consent in your standard engagement letter, the client should sign the engagement letter and the sign-off section should clearly state that, by signing the engagement letter, the client agrees to give the third party disclosure consent referred to in the letter.

Whilst it is best practice to disclose to the client details of the proposed third party disclosures, including what information, to whom and where the disclosure will be made, this can be practically difficult. The solution is to use a ‘general’ consent to all third party disclosures made by your business. If you choose to use a ‘general’ consent we recommend including a reference to your privacy policy (if applicable) which will set out some further information about the disclosures that you make.

If you do not currently obtain client consent to disclosing their information it is important that you build this in to your existing on-boarding processes.