The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Search this blog

Recent Posts

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

David Fraser's Facebook profile

Privacy Calendar

Archives

Links

Subscribe with Bloglines

RSS Atom Feed

RSS FEED for this site

Subscribe to this Blog as a Yahoo! Group/Mailing List
Powered by groups.yahoo.com

Subscribe with Bloglines
Add to Technorati Favorites!

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Sunday, November 28, 2004

CIBC Responds to fax incident 

The Canadian Imperial Bank of Commerce (CIBC) has released a statement to its customers regarding the ongoing misdirected fax incident:

CIBC - An Open Letter To CIBC Customers From Ron Lalonde On Misdirected Faxes: "

To our CIBC Customers:

I want to personally apologize and share with you my deep concern regarding the breach of confidentiality of client information reported in the media.

I also want to assure you that CIBC takes the confidentiality of its customers' personal information very seriously.

You may be interested in the history of this situation. As soon as we learned that some CIBC faxes had been misdirected to a U.S. company in the spring of 2002, we immediately took steps to safeguard our customers' personal information. We notified our branches that information was being faxed to an incorrect number. We also contacted the owner of the company who had been receiving the faxes and elicited from him a commitment to shred all the faxes he had received and to notify us should he receive any additional ones.

We heard nothing further regarding this issue from the individual for more than two years and thus believed that the company was no longer receiving CIBC faxes in error.

However, in the spring of 2004, the company filed a lawsuit against CIBC stating that they had received CIBC faxes through 2002. Then, late last month, the company informed us for the first time that it had been receiving faxes up to 2004. This news was a disturbing and surprising revelation, as we believed, and the company's lawsuit led us to believe, that the problem had been resolved two years previously.

Once CIBC learned of this continuing issue, we moved to address it. Specifically, we have instructed our branches to cease transmission of all internal faxes containing client information. This information will be transmitted to central processing operations via secure internal courier systems and by direct telephone conversation. We will, however, continue to respect the wishes of those clients who ask to receive information from us by fax transmission.

Longer term, we are exploring other potential secure technological alternatives for the timely transmission of confidential information between branches and processing centres.

If you have any enquiries, or if you are aware of any similar situation in the future, please contact CIBC Customer Care at 1 800 465-2255.

Yours sincerely,

Ron Lalonde, Senior Executive Vice President, Chief Adminstrative Officer, and Chief Privacy Officer."

The Bank previously released a shorter statement on the matter:

CIBC - Statement Regarding Misdirected Faxes:

"CIBC takes the issue of the confidentiality of personal customer information very seriously. We sincerely apologize to all of our customers for any concern that this issue may have caused them.

CIBC is doing everything possible to protect the confidentiality of personal customer information. Effective immediately, we are instructing our branches to cease transmission of all internal faxes containing client information. This information will be transmitted to central processing operations via secure internal courier systems and by direct telephone conversation. We will continue to respect the wishes of customers who ask to receive information from us by fax transmission.

Longer term, we are exploring other potential secure technological alternatives for the timely transmission of confidential information between branches and processing centres.

With respect to the specific case of client information mistakenly transmitted to a US business, we are grateful that Mr. Peer has attempted to protect the confidentiality of this information. To ensure that this information remains protected, we will be bringing a motion for a protective order in the US court as soon as the courts reopen following the American holiday. This application will seek to protect the information of the 29 customers that has been produced as evidence in this case."

For the background to this, please see Candian bank's internal faxes went to West Virginia for three years, Bank responds to incident by prohibiting faxing of customer information.

Labels:

Links to this post:

Create a Link

This page is powered by Blogger. Isn't yours? Creative Commons License
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License. lawyer blogs