Mortgage brokers still have a ways to go in protecting the personal information of their customers, the privacy commissioner said Tuesday.
Jennifer Stoddart said an investigation by her office into the loss of hundreds of credit reports in Ontario two years ago found brokers have tightened their security.
But she says the controls should be tougher, especially since brokers play a major role in home-buying. Brokers handle a quarter of all mortgages and almost half of all first-time mortgages.
The audit was started after the brokerages reported 14 data breaches in the space of a few months in mid-2008. Someone impersonating an experienced agent downloaded credit reports for people who hadn't even applied for a mortgage and compromised the personal information of thousands of people.
The mortgage companies themselves went to the commissioner when they discovered the leaks.
"The breaches prompted the brokerages to take some positive steps to better protect personal information," Ms. Stoddart said in her report. "However, our audit found that those changes did not go far enough."
The report says brokers are more careful in allowing access to personal data, but don't always have the physical safeguards to protect the files.
They also don't have computer systems to restrict access to credit reports and aren't always careful in disposing of their files.
She says mortgage brokers audited by her office have accepted her recommendations to improve security.
The association representing mortgage professionals acknowledged Ms. Stoddart's findings and promised full support.
The Canadian Association of Accredited Mortgage Professionals said it has "an ongoing commitment to improving the information-handling procedures of mortgage brokers and their agents to ensure client protection."
Ms. Stoddart said some firms simply didn't understand the privacy risks and their responsibilities in protecting privacy.
Of the five brokerages audited, four agreed to all of Ms. Stoddart's recommendations for tighter controls. One is out of business.
The brokers' case was part of Ms. Stoddart's 2009 annual report, tabled Tuesday in Parliament.
The report said the protection of privacy is increasingly moving into the virtual world and requires a global approach.
"In our interconnected world, we need to take a co-operative approach to protecting personal information," she said.
She pointed to her office's much-publicized fight with Facebook over privacy issues as an example of the difficulties in the online, borderless world.
"It was wide-ranging and the issues were incredibly complex and, in some aspects, highly technical."
Ms. Stoddart prodded the social network into tightening privacy provisions and says she'll be watching to make these changes are effective.
She has also opened an investigation into Google over accusations that it captured data from private wireless networks while assembling its street views.
The privacy commissioner is an officer of Parliament charged with overseeing the Personal Information Protection and Electronic Documents Act.