Adequate security safeguards not yet in place at brokerages: report

Share this article:

Mortgage brokers in Canada must try harder to improve their security, according to an audit released this month by the Office of the Privacy Commissioner of Canada. Several mortgage brokerages made some privacy and security improvements, but have no measures in place to alert managers about suspicious activity, the audit said.

The audit, reported as part of the 2009 Annual Report to Parliament on the Personal Information Protection and Electronic Documents Act, examined brokerages after 14 data breaches were reported during the summer of 2008. Imposters acting as mortgage agents downloaded credit reports for members of the public who had not even applied for mortgages, compromising the personal information of thousands, the Commissioner said.

"We found that brokers have significantly strengthened their hiring processes in the wake of these breaches," said the audit. "However, we found that mortgage brokers are unable to demonstrate that there are adequate security safeguards in place to protect the personal information under their control."

Mortgage brokerages suffered from vague privacy policies that did not detail how they were handling information on meeting their Personal Information Protection and Electronic Documents Act (PIPED Act) obligations, the audit warned, and they were not making those policies accessible to their clients. "We found that a client's consent is not always obtained prior to a credit report being obtained, and that some brokers used clients' information for purposes other than that for which it was collected."

Mortgage brokers did not always dispose of unapproved application files securely, and neither were they training their staff adequately in privacy responsibilities.

The audit covered five Ontario-based mortgage brokers, as all of the breaches in 2008 occurred within the province, the Commissioner said.

Share this article:
close

Next Article in SC Canada

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

More in SC Canada

Health law needs reform, says provincial privacy watchdog

The Albertan Information and Privacy Commissioner has formally asked the government to amend the province's Health Information Act with mandatory breach reporting and notification measures.

Well.ca security not that well, letter reveals

Well.ca, an online store selling health and beauty products, exposed names, addresses and credit card details for some of its customers in December, it admitted last month.

Canada signs Wedge Networks to secure government data centers

The Canadian government has hired Wedge Networks, a provider of cloud-based security services, to secure its computing infrastructure.