Bank loses unencrypted CDs containing customers’ data

7 juin 2011

( Disponible en anglais seulement )

Scotiabank confirmed on Monday that three CDs containing unencrypted information, such as customer social insurance and account numbers, were lost in its internal mail system. The data included names, mailing addresses, social insurance numbers, account types, and numbers for registered accounts such as RRSPs, RESPs and RRIFs. It reportedly did not include savings or chequing account numbers, any account balances, or employment information.

The bank admitted that there was non-compliance with its policy of encrypting portable storage devices that contain confidential personal information. It said it has changed its processes so future CDs will be encrypted.

The Scotiabank incident comes on the heels of other notable privacy breaches involving major corporations. In April, Sony revealed that it had suffered a massive breach in its video game online network that led to the theft of names, addresses and possibly credit card data belonging to 77 million user accounts.

Privacy breaches such as these should concern insurers, especially when companies (such as Sony) try to make first party claims. Or identity theft victims sue the companies over losses arising as a result of those breaches.

Avis de non-responsabilité

Les renseignements affichés sur ce blogue contiennent des points de droit variés fournis uniquement à des fins informatives et non commerciales. Ces renseignements ne constituent pas un avis juridique de la part de l’auteur. Nous mettons en garde les lecteurs de ne pas prendre de décision particulière sans avoir préalablement obtenu l’avis juridique d’un professionnel qualifié. Toute personne qui décide de prendre une décision en s’appuyant sur ces renseignements le fait à ses propres risques.