Canada privacy czar slaps mortgage data security
By Allan Dowd
VANCOUVER (Reuters) - Canada's mortgage brokers are not doing enough to protect the personal information of their customers from theft and misuse, the country's privacy czar said in her annual report on Tuesday.
The report by Privacy Commissioner Jennifer Stoddart included a special audit of five mortgage brokers to see what security measures had been taken after incidents in 2008 in which the private financial information of hundreds of people was compromised.
About 25 percent of Canada's mortgage transactions are done through brokers, whose agents have access to credit reports and other personal information that would be valuable to criminals attempting identity theft, the report said.
The audit of the brokerages in Ontario that suffered data thefts -- either by "rogue" agents or people impersonating agents -- found hiring practices had been tightened, but other problems remained.
"Our audit found significant vulnerabilities with a Web-based tool that brokers use to obtain credit reports," Stoddart wrote.
Lack of adequate access controls in the system allows agents to use it to download the credit reports of hundreds of people, including people who have never applied for a mortgage, without the brokerage being aware of possible problems.
The report said officials in Stoddart's office are talking with the unnamed maker of the system on ways to improve its security.
The report did not name the brokerages, nor give details on the 2008 incidents, citing ongoing criminal investigations into the data theft. Continued...