Privacy matters

Privacy matters

A report of privacy breaches at GTA mortgage brokerages - and an ongoing audit by the federal privacy commissioner - is a reminder that efforts to protect client information should not slip through the cracks

Upon seeing the Globe and Mail report that the federal privacy commissioner was investigating mortgage brokerages in the GTA for their potential misuse of client information, CMP published a summary of the story online and received a flurry of comments. Some readers stressed the need for stricter industry guidelines and harsher punishment for rule-breakers. Many also argued that the majority of brokers are ethical and treat client information with care.

"I left a full-time job to become self-employed and be part of a professional group that complies with strong ethics and integrity in the financial business," wrote Zeena Izmeth, a mortgage agent with Centum. "I believe with the regulations of FSCO and CAAMP out there policing the work of the mortgage brokers, if anyone is caught doing fraudulent work then there are tremendous repercussions to their brokerage."

The privacy commissioner's audit - which is being conducted under the Personal Information Protection and Electronic Documents Act (PIPEDA) - is expected to wrap up before the end of the year. While the commissioner's office has the discretion to name brokerages found to have misused client information when the audit is over, an OPC spokesperson said that will only happen if it determines that doing so is in the public's interest.

CAAMP president Jim Murphy, who was quoted in the Globe and Mail story, said the association sent out notices to all members when it got word of the audit to reiterate the fact that brokerages need written policies and procedures in place to deal with privacy issues, especially as they relate to credit checks. (Under PIPEDA requirements, a business needs the consent of a consumer if it is collecting personal information from them. It also needs to disclose how the information is being used). In addition, CAAMP sent out an example of a privacy policy to brokerages so they could compare their guidelines and check for completeness.

"The vast majority of brokerage firms do have privacy procedures in place and I also think it's important to note that many of the brokerage firms self-reported [the privacy breaches] in this particular instance to the privacy commissioner, which is a very positive thing," said Murphy.

He also pointed out that the new FSCO legislation for brokers has helped increase professionalism in the industry, particularly because the commission conducts its own audits to ensure brokerages are complying with the new rules. In April, for example, it announced it was suspending the licences of 91 mortgage brokerages for not having the mandatory errors and omissions insurance that provides extended coverage for fraudulent acts.

As FSCO also noted in its April newsletter to brokers, brokerages can help prevent breaches of privacy by being diligent in the hiring process for new associates and restricting a new employee's access to client information (such as online applications) during their probationary period.

FSCO pointed out the following red flags in the hiring process: the inability to verify the candidate's previous work experience or education, the candidate's former brokerage being out of business and the candidate's former brokerage having no record of him or her on file.

The privacy's commissioner's office said it plans to meet with FSCO representatives to have a general discussion about the mortgage broker industry in the near future. In the meantime, the wait is on to see what (if anything) the commissioner's audit will reveal - and what the response from the regulatory bodies will be.

The facts

  • The federal privacy commissioner is auditing GTA mortgage brokerages after 15 notifications of privacy breaches were reported to the office. In each case, the brokerage came forward voluntarily.
  • After the audit is complete, the privacy commissioner's office says it will determine if the results will be made public.
  • In its April newsletter to brokers, FSCO said it had recently received a number of complaints from brokerages regarding fraudulent activities by their mortgage agents, who were fraudulently accessing clients' credit information without proper authorization.

Sources: The Globe and Mail, The Financial Services Commission of Ontario