Shostack + Friends Blog Archive


Canadian privacy law & CIBC

Businesses can avoid potential public relations and legal nightmares by developing privacy policies, authentication processes and using cutting-edge technology. The Canadian Imperial Bank of Commerce learned this the hard way last week when U.S. scrapyard operator Wade Peer went public with his story about how one of Canada’s largest banks was flooding his fax machine with highly confidential information about its clients for the past three years.

The faxes, he said, contained social insurance numbers, bank accounts and client signatures, and despite repeated calls from him they just kept piling up. Finally he sued CIBC to make them stop. The problem appears to stem from the fact Mr. Peer’s toll-free number for his autoparts business, which he was forced to close, is similar to that of one of the bank’s processing centres.

writes Jim Middlemiss for the Financial Post.

(David Akin also reports.)

I’d argue that the problem stems from a privacy commissioner who fails to take cases to court to see fines imposed. In fact, I’ve argued exactly that in the past.

[Update: David Akin has a blog, and further details are here.]

One comment on "Canadian privacy law & CIBC"

Comments are closed.