Privacy in Banking Industry
By: Fonta • Essay • 1,273 Words • November 18, 2009 • 1,362 Views
Essay title: Privacy in Banking Industry
How much do trust your bank or other institutions that have access to your financial and personal information? It may be time that all Canadians ask themselves this important question. This is a major issue in today’s world. We are living in the Information Age, and with all the technological advances we experience daily, having access to any kind of information is literally at yours and everybody else’s fingertips. This paper will focus on one of the most significant issues in the news recently that have sparked national interest, which is the issue of Privacy Laws in Canada, specifically within the Banking industry.
Privacy issues have taken centre stage in Canada in recent weeks with the public's attention focused on the major privacy breach at the Canadian Imperial Bank of Commerce. As of February 4, 2005, CIBC is now facing a $9 million class action lawsuit from customers whose confidential RRSP and other personal and financial information was made public. A Toronto law firm has filed the suit in the Ontario Superior Court of Justice, after revelations that CIBC had been faxing thousands of their client confidential personal information to unauthorized third-parties and individuals, including a now-famous junkyard in West Virginia. The suit alleges CIBC sent client and other applications over unsecured fax lines to the junkyard between 2002 and 2004 . The documents contained highly personal information including names, addresses, phone numbers, social insurance numbers, bank accounts, GIC numbers and amounts, as well as client credit information. One of people that received this information was a businessman from West Virginia. Over the past two years, he identified more than 350 Canadian phone numbers that have sent faxes to his fax machine, all of which he believes are CIBC branches. He claims he advised the CIBC of the problem several times, but the faxes continued to come .
These CIBC clients entrusted the bank with their sensitive personal information in order to feel secure and to obtain the peace of mind that their financial affairs were protected by a well respected Canadian Bank. The financial information dealt particularly with RRSP plans and other investments which the clients rely on and save for in their retirement years. Rather than bringing them peace of mind that their financial affairs were protected, thousands of people now find that their sensitive information has carelessly been disclosed to unauthorized third-parties and possibly many other random unauthorized civilians. The clients involved have no means of determining how wide the distribution of their information is. Adding to the already existing worries of banking clients, digital form signatures have now become a concern. Any of the information disseminated is potentially very dangerous if it happens to fall in the wrong hands. The clients of the bank now will be required to incur ongoing costs to monitor their credit ratings, bank accounts, and RRSP accounts, and have to be on alert at all times because of the potential for identity thefts.
Banks are in the business of providing financial and investment services to its clients. All banks have a duty of care to their customers to treat their sensitive personal information with confidentiality, and to prevent its disclosure to any unauthorized people. This breach of duty occurred through the negligence of the bank or its employees, for whom the bank is ultimately liable. All information collected by the bank is personal and sensitive information of the clients as defined in the Personal Information Protection and Electronic Documents Act (PIPEDA) of 2002. The bank is subject to PIPEDA, and is required to implement its strategies towards protection and privacy . Under this act, the clients’ have a right to privacy and security of their personal information. In addition to this, it is also important to note that the Act includes such areas as protection, security, application and enforcement of privacy policies of customer information for all employees within the bank and with whomever outside the bank the information is authorized to. A 2004 interview with CIBC Senior Manager of Consumer and Small Business Services, Bob Atkinson stated the banks position on privacy and implementation. In response to a question that asked if there are any Privacy Guidelines implemented with the bank’s third-parties, he responded “Of course we do our homework on the companies we do business with…..and review their internal policies on privacy, information security, and business continuity. From there we develop a business agreement that expressly binds the parties to protect CIBC customer privacy through compliance with a number of CIBC policies and standards.” Please also note that this interview was given while the bank was fully aware of this particular