Brokerage regulator ‘deeply regrets’ loss of device with client data

Share

Canada's brokerage industry regulator is warning the public that someone in the organization has lost an unidentified "portable device" that contained personal information about 52,000 brokerage firm clients.

The Investment Industry Regulatory Organization of Canada (IIROC) said in a release late Thursday it "deeply regrets" the accidental loss of the device, which it said contained "personal information relating to clients of a number of investment firms."

The regulator did not offer any further details about what sort of information was on the device, but a spokeswoman said Friday it involved information about 52,000 clients of 32 brokerage firms.

"IIROC deeply regrets this unfortunate but isolated incident and apologizes for the disruption caused to clients and the affected firms," chief executive officer Susan Wolburgh Jenah said in a release.

"The protection of confidential information is critical to us and we have taken steps to address the situation and to immediately strengthen our internal controls."

IIROC said it has notified the firms involved about the loss and is writing to clients to provide them with information about "additional steps" they can take to protect personal information.

Spokeswoman Lucy Becker said Friday that the regulator does not want to release further details about the nature of the information that was lost, in case it makes the situation worse.

"We are concerned that disclosing details of the incident may put clients' information at greater risk of being targeted for unauthorized use," she said. "We have communicated with all affected firms and are notifying their clients whose information was on the device."

The regulator also said it has set up a call centre to answer client questions during business hours and has arranged to add an "alert flag" to be placed on clients' credit files for the next six years with Equifax Canada to guard against unauthorized use of the data.

IIROC said it has also launched an internal review of is procedures "in order to reinforce existing security controls."

Ms. Becker said IIROC wants to make clear that the brokerage firms were not at fault, and IIROC got the client information as part of its regular compliance reviews of firms.