Stoddart: Mortgage brokers need to improve customer security

Stoddart: Mortgage brokers need to improve customer security

Several mortgage brokerages need to better secure their customers' personal information from theft, Privacy Commissioner Jennifer Stoddart said yesterday in a report.

The release consisted of  a five brokerage audit to see what measures had been taken since incidents in 2008 left hundreds of their clients' private finances vulnerable to theft.

"The breaches prompted the brokerages to take some positive steps to better protect personal information.  However, our audit found that those changes did not go far enough," said Stoddart. 

A lack of access security in a web-based system that allows agents to download the credit reports of hundreds, including people who have never applied for a mortgage, was one of the concerns cited, Reuters reports.

Other problems included one brokerage storing private information in an unsecured parking garage, lackluster privacy training programs and one agent recycling used mortgage applications.

Stoddart  launched an investigation after the brokerages reported 14 suspicious breaches in the span of a few months two years ago.

“In each case, someone impersonating an experienced mortgage agent downloaded credit reports for people who hadn’t even applied for a mortgage,” she said.

The brokerages, which were not named due to ongoing criminal investigations, have tightened hiring practices since the incidents.

The Canadian Anti-Fraud Centre received reports from over 11,000 people last year. Losses from ID theft came to more than $10 million.

Read Stoddart's full audit on selected mortgage brokers.


MORTGAGEBROKERNEWS.CA WEB EXCLUSIVE: CMP staff writer Heather Li talks to Greg Viger, accredited mortgage professional with Dominion Lending Centres Financial Ltd., about mortgage brokers protecting their clients' information.

MORTGAGEBROKERNEWS.CA WEB EXCLUSIVE: CMP reporter Nick Lypaczewski talks to River City Financial Services president David Armstrong about his reaction to Stoddart's security concerns.



  • Truth Renaissance 2010-06-11 3:16:36 AM
    I agree tighter security measures need to be put into place. I left the industry recently and when I asked RECA what the procedure was for client files I was instructed to keep them for 3 years. In my opinion once the mortgage is completed and possession has taken place the only thing a broker/agent should be keeping on file is the customer's name, address, phone number, what lender financed the mortgage, the rate, amount and term of said mortgage. And once a broker/agent ceases being a broker/agent all paper files should be shredded.
    Post a reply
  • AB Mortgage Broker 2010-06-11 3:43:03 AM
    Isn't this just commonsense?
    Post a reply
  • Zoltan M. Padar 2010-06-11 4:09:17 AM
    As far as we at MortgagePRO Ltd. concerned, any associate working under our Brokerage license, have to turn in all documents created during the process upon the file funded and the commission is forwarded to the Brokerage. MortgagePRO Ltd. is only paying commission to Associates when the original file has been turned into the brokerage. Upon the file is at the Brokerage, broker scans all documents and save it in our data base, only the Broker has access to. Documents are shred, period. As far as I am concerned, the client is Brokerage client as the Brokerage is responsible. We also have a system in place to notify Broker when a file matures and then the Broker will notify Associate to contact client and offer services again to renew or move client to other lender. In case the Associate is not with the Brokerage any longer or not in the industry any longer, Broker will assign the file to other Associate. As far as I understood, Associates are not to keep any original documents in their possession, as most associates are working from an unsecured location. Besides the name and contact information and the date of maturity, Associates should not to keep SIN numbers and other pertaining personal information. I sure would not want anybody to know anything about me if I'm a client. Negligent Associates to be punished, but I am sure, if they not get paid unless you submit full original file, will make changes in Associates behavior very fast. All these policies and laws are for their protection as well from future lawsuits. We also encourage Associates to turn in all unfunded deals as well. It is RECA regulation.
    Post a reply