Privacy policy.

MG Counselling Information Security Plan and Privacy Policy

1. Purpose and Scope

MG Counselling is committed to protecting the privacy and security of all private, sensitive, or confidential information. This policy outlines the company’s procedures for handling, storing, and accessing such information to ensure compliance with data protection regulations and maintain client trust.

2. Information Classification

MG Counselling categorizes information into three levels:

  • Public Information: Can be freely shared without risk.

  • Sensitive Information: Includes internal documents, business communications, and employee records.

  • Confidential Information: Includes client records, personal health information (PHI), financial data, and any legally protected information.

3. Data Protection and Security Measures

  • Access Control: Only authorized personnel have access to confidential and sensitive information.

  • Encryption: Data at rest and in transit must be encrypted using industry-standard encryption protocols.

  • Secure Storage: All data is stored digitally in password-protected, encrypted systems with access restricted to authorized personnel only.

  • Data Minimization: Only necessary data is collected, retained, and processed.

  • Regular Audits: Security audits will be conducted periodically to assess risks and compliance.

4. Employee Responsibilities

  • All staff must complete security and privacy training annually.

  • All staff must adhere to strong password policies and multi-factor authentication (MFA) where applicable.

  • All staff must report any suspected data breach or unauthorized access immediately to the MG Counselling founder, Melissa Galbraith.

5. Third-Party Access

  • Any third parties handling sensitive or confidential data must sign a confidentiality agreement and adhere to MG Counselling’s security protocols.

  • Vendor security compliance will be reviewed regularly.

6. Data Retention and Disposal

  • Client records will be retained as per legal requirements and securely disposed of when no longer needed.

  • Digital records must be permanently deleted using secure erasure methods, and physical records must be shredded.

7. Incident Response Plan

  • Identification: All staff must report suspected data breaches immediately.

  • Containment: Steps will be taken to mitigate the impact of the breach.

  • Investigation: The MG Counselling founder, Melissa Galbraith, will conduct a thorough investigation to determine the cause and extent.

  • Notification: Affected parties and regulatory bodies will be informed as required by law.

  • Remediation: Preventative measures will be implemented to avoid future breaches.

8. Client Rights and Data Privacy

  • Clients have the right to access, correct, or delete their personal information.

  • MG Counselling will not share client information without explicit consent, except as required by law.

  • Clients may request information on how their data is used and stored by contacting the MG

  • Counselling founder, Melissa Galbraith.

9. Compliance and Review

  • This policy will be reviewed annually and updated as needed to comply with evolving security and privacy regulations.

  • Failure to comply with this policy may result in disciplinary action, including termination or legal

  • consequences.

10. Contact Information

For any questions regarding this policy, contact the MG Counselling Admin Coordinator, Jonnelle, at

[jonnelle@mgcounsellingoffice.com]