Privacy officer sees lesson in CIBC fax fiasco

"Safeguarding the confidential information of our clients, employees and businesses is critically important in maintaining the trust of all our stakeholders," stated Ron Lalonde, CIBC's chief privacy officer and senior executive vice-president.

The Toronto Star
April 19, 2005

Privacy officer sees lesson in CIBC fax fiasco
Bank accidentally breached security. Business can learn from bank's woes.
David Paddon, Canadian Press

Canadian businesses should learn from CIBC's fax fiasco in which the bank inadvertently sent confidential customer information to outside businesses from 2001 to 2004, the federal privacy commissioner said yesterday.

"I think what should concern us is that if it could happen in the CIBC, it may be happening elsewhere across Canada and that's why we hope this example will have an educational value to businesses across Canada," privacy commissioner Jennifer Stoddart said in an interview from Ottawa.

In fact, the privacy commission is investigating "two other fax incidents involving two other banks" that were brought to the commission's attention after the CIBC case gained widespread publicity in November, she said.

Stoddart declined to identify the two banks, but said their problems appear to have been "fairly small."

"Our law only provides that we name the organizations involved in very exceptional circumstances," Stoddart said.

"Because the investigations aren't complete, I won't make the decision to name them at this point," she said.

"We have nothing currently, as far as I know, being investigated that has the scope of the CIBC incident."

In the CIBC case, faxes were sent by various branches to a West Virginia scrap yard and to another company in suburban Montreal.

The wayward transmissions came to light when the scrap yard owner said he had been overwhelmed since 2001 by internal CIBC fund-transfer request forms that included client social security numbers, addresses, phone numbers and detailed account data.

Stoddart said the problems arose at CIBC even though it had a privacy policy and knowledgeable staff because the bank lacked co-ordination "at the ground floor level" to inform the chief privacy officer.

"I guess this could happen because the bank had a policy but it didn't have sufficient implementation of the real, practical steps necessary to make those policies a reality," Stoddart said.

The bank said in a statement that it accepts the findings of the privacy commissioner and has begun to implement all of the recommendations in her report.

"Safeguarding the confidential information of our clients, employees and businesses is critically important in maintaining the trust of all our stakeholders," stated Ron Lalonde, CIBC's chief privacy officer and senior executive vice-president.

The bank established a national privacy office in December and is creating a database and a "robust escalation process" to identify, assess and deal effectively with potential issues.


Brought to you by WikidFranchise.org

Risks: Canadian Imperial Bank of Commerce, CIBC, Banks, Privacy Commissioner of Canada, Bank violates privacy laws, Towers of gold, feet of clay, Canada, 20050419 Privacy officer

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License