Insurance regulator loses data of 52,000 people

The industry body regulating Canada’s insurance brokerage industry yesterday issued a warning that one of its personnel has lost a “portable device” containing the personal information of some 52,000 brokerage firm customers.

“IIROC deeply regrets this unformtunate but isolated incident and apologizes for the disruption caused to clientts and affected firms,” Susan Wlburgh Jenah, CEO of the Invetment Industry Regulation Organization of Canada said in statement yesterday. “The protection of confidential information is critical to us and we have taken steps to address the situation and to immediately strengthen our internal controls.”

The regulating body did not provide any details such as exactly what device was lost, who lost it and when was it lost.
IIROC, however said, there is not indication yet that  unauthorized parties are trying to access the information.
It is also not known if the data contained in the lost device is encrypted or protected in some way to prevent it from being read by unauthorized persons.

The statement did not specificy how much data was contained in the device but the Globe and Mail newspapre reported yesterday that a spokeswoman for IIROC revealed that data belonging to 52,000 clients of 32 brokerage firms may have been lost.

Created in 2008 through the consolidation of the Investment Dealers Association of Canada and the Market Regulatiom Services Inc., the IIROC is a national self-regulatory organization which oversees all investment dealers and trading activity on debt and equity market places in the country.

The body creates and enfroces rules regarding the proficiency, business and financial conduct of investment firms and their registered employees.

The incident highlights the importance of employing security measures and technologies that could render data stored in mobile devices un-accessible to unauthorized users, said Tom Ward, VP of Markham, Ont-based endpoint security and data protection firm No Panic Computing.

“We still don’t have much information,” said Ward. “However, much of this consternation could be avoided if the lost device were equipped with some data wiping capability that would enable administrators to remotely destroy the data in the device.”

No Panic Computing provides enterprise and small and medium sized business with what it calls “notebook-as-a-Service”. Essentially, businesses lease from the firm laptops and desktop PCs that have security features such as encyption and biometric access technologies. The service includes intrusion detection, malware protection and remote data wiping. NPC also provides daily automatic secure data backup, which stores a client’s data in a secure database operated by Autonomy.

Ward noted that incidents of data loss have become almost regular content for newspapers lately.

For instance in January this year, the Human Reosurces and Skills Development Canada admitted that it lost an unencrypted device containing the personal information of 585,000 student loand borrowers. Last year, the same department reported that it couldn’t lcoate a USB key that contained the information of 5,000 people.

In its statement yesterday, IIROC said after learning that it lost the device it has done the following:

– Informed the relevant investment firms whose client information was on the device

– Is writing to those firms’ clients and providing a comprehensive checklist that includes additional steps clients can take to protect personal information;

– Set up a dedicated call center, starting Monday, April 15, which will be available from 9 a.m. to 5 p.m. Monday to Friday, to help answer client questions and concerns and, if needed, to walk them through the support materials provided; and

– Arranged, at no cost to clients, a six-year alert flag to be placed on their credit files through Equifax Canada.




Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows...

Unlocking Transformation: IoT and Generative AI Powered by Cloud

Amidst economic fluctuations and disruptive forces, Canadian businesses are steering through uncharted waters. To...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now