Skip to main content

Mr. Cormier said an employee who broke company rules for data protection was behind the breach, and has been fired.

Paul Chiasson/The Canadian Press

The head of a financial services company that suffered a major leak of data on 2.7 million of its clients wants governments to work with businesses and ordinary Canadians to find new, more effective ways to protect personal information.

Desjardins Group president and chief executive Guy Cormier told an emergency meeting of the Parliamentary committee on public safety and national security that current ways of preventing leaks, such as third-party monitoring of transactions, are inadequate. He called for a committee of government, businesses, financial institutions and citizens to study best practices around the world and recommend changes to laws that would ensure public protection and make Canada a leader in the management of personal identity.

“I think the status quo isn’t an option,” he said.

Story continues below advertisement

In Monday’s meeting, called after Conservative Leader Andrew Scheer asked Tories on the committee to contact the other members to discuss the data breach, the committee also heard from the Royal Canadian Mounted Police and others.

The breach, which came to light last month, included names, addresses, birthdates and social-insurance numbers, and affected individuals and about 173,000 businesses – mostly in Quebec, said Denis Berthiaume, senior executive vice-president and chief operating officer at Desjardins. Mr. Berthiaume said the data of both current and former clients were leaked, adding that affected clients received a letter from Desjardins. He said there is no conclusive data on why the information of some people but not others was leaked.

Mr. Cormier said an employee who broke company rules for data protection was behind the breach, and has been fired.

He said the emergency meeting was premature, noting that police are still investigating and that Desjardins is still taking steps to protect its clients. He said he agreed to participate because it was a good opportunity to raise awareness about protecting personal data.

“We believe that people – elected officials – are becoming more aware of this matter and we wanted to contribute our perspective,” he said.

John McKay, the Liberal chair of the committee, told The Globe and Mail he would have preferred for committee members to have asked the Quebec-based financial institution more “tough-minded” questions about the leak. He said the committee isn’t much further ahead on understanding how it occurred and what the consequences are.

Mr. Cormier said Desjardins will offer permanent data protection to all members. Desjardins also committed $50,000 each for clients affected by identity theft, and will offer legal assistance, so rather than clients calling numerous government agencies to resolve the situation, Desjardins will walk them through the process.

Story continues below advertisement

Mr. Scheer called on the committee to examine whether issuing new social-insurance numbers would protect those whose data were leaked.

But Elise Boisjoly, assistant deputy minister at Employment and Social Development Canada, said assigning new SINs would not solve the problem. She said the old SIN would still exist and fraudsters could use it to take out loans.

Ms. Boisjoly also said a SIN can’t be cancelled like a credit card. She said it’s used as identifier for multiple organizations, such as employers and government services, and no ID system can update everything. She said the updating has been done manually in a few cases, but error is always a risk.

Mr. McKay said he’s concerned for public officials whose data were leaked. He said private information could be used to bribe a police officer to drop a charge, or an elected official to vote a certain way.

Mr. Cormier said Desjardins has launched the first part of its protection plan, but is still determining ways to protect those who are uniquely vulnerable.

“We are looking right now if there’s some more sensitive people,” Mr. Cormier said.

Related topics

Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

Cannabis pro newsletter
To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies