Lost Canadian client data not encrypted, says IIROC

The personal financial information of thousands of brokerage industry clients stored in a device lost by an Investment Industry Regulatory Organization of Canada (IIROC) employee was not encrypted, according to the regulatory body.

The device which contained the personal information of some 52,000 brokerage firm customers was password protected but the data itself was not encrypted, said Lucy Becker, vice president of public affairs at IIROC.
(image from ShutterStock.com)

Leaving such data unencrypted is against the organization’s policy on protecting information it collects and IIROC is now conducting a comprehensive review to strengthen its policies and internal controls concerning its IT security and the collection, sharing and protection of confidential information, Becker said in an interview with the online financial publication InvestmentExecutive.com.

RELATED CONTENT

Insurance regulator loses data of 52,000 people
IIROC data loss preventable: Privacy commissioner

Becker said, her organization has a hired an outside expert to review its internal controls and information management practices.

The device containing the information was reportedly lost five or six weeks ago, but IIROC has declined to confirm the details around the incident. It was later reported that the device that was lost was a laptop. Becker said once IIROC learned of the data loss, the organization out to recreate the data and as of March 22, a third party forensic expert had determined the extent of the problem.

It was only early this month that IIROC came out publicly about the data loss.

Ian Russell, president and CEO of the Investment Industry Association of Canada (IIAC) said he expects to meet with IIROC officials next week to find out more about the incident and to offer his help.

It was a disappointment, he said, that as a trade association representing 32 firms that were impacted by the loss the IIAC was not immediately “brought in the loop.”

Read the whole story



Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now