IIROC needs to make full disclosure

To avoid having the coverup become worse than the crime, securities regulators need to come clean about the loss of the personal financial data of thousands of the investment industry’s clients.

Since the Investment Industry Regulatory Organization of Canada (IIROC) first disclosed the news of losing material contained on a portable device, the regulator has been extremely reluctant to provide any details of the incident – refusing to reveal exactly what was lost, where or when.

IIROC justifies its reticence on the grounds that it doesn’t want to put the lost data at greater risk of falling into the wrong hands. Although that may be an understandable concern, silence is unacceptable. There simply are too many questions left unanswered, not only for the affected clients but for all investment industry clients and the industry itself.

How is it that personal financial data is being shuttled around on mobile devices by a self-regulatory organization (SRO)? Why was this information not completely secured, either through strong encryption or the severing of personal identifiers from the rest of the data? And how can the regulators be certain this won’t happen again?

The answers must come from the regulators, as it seems that SROs reside in a void between government privacy watchdogs: being neither government agencies nor commercial ventures, SROs aren’t subject to the usual authorities that would investigate significant privacy breaches.

Rather, it appears that this job falls to the Canadian Securities Administrators (CSA), which has oversight responsibility for the SROs; however, the various members of the CSA are not privacy experts. Nevertheless, it appears the CSA has begun an investigation. For this effort to have any credibility, the CSA must be much more forthcoming than IIROC has been to date. The CSA must give a full account of the incident, as well as a detailed explanation of what has been done to ensure that it can never happen again.

The entire securities regulatory system is premised on the pre-eminence of full, true and plain disclosure. This principle also must apply to the regulators’ own affairs.

Quebec to drop withdrawal limit for LIFs in 2025

Move will give clients more flexibility for retirement income and tax planning

By: Rudy Mezzetta
November 11, 2024 November 8, 2024
00:10

Poor track record on financial literacy demands a new approach

Editorial: FCAC should ramp up its emphasis on behavioural design

By: IE Staff
November 11, 2024 November 8, 2024
00:10

B.C. files four unexplained wealth orders so far

Two provinces fight crime with expanded civil forfeiture powers

By: Rudy Mezzetta
October 15, 2024 October 14, 2024
00:10

Today's top stories

CSA set to hike SEDAR, NRD fees

Dramatic revenue increase needed to keep pace with systems costs: regulators

By: James Langton
November 21, 2024 November 21, 2024
14:34

It’s official: DFSA credential no longer qualifies for FA title use

RBC still requires the credential in retail branches, FSRA provides date for forthcoming title protection review

By: Michelle Schriver
November 22, 2024 November 22, 2024
12:41

Protecting client interests in the AI age

Here's how advisors can prevent AI hallucinations, privacy breaches

By: Jonathan Got
November 22, 2024 November 22, 2024
12:08

Retail sales were up 0.4% in September: StatCan

The agency says the boost was driven by food, beverage sales

By: Canadian Press
November 22, 2024 November 22, 2024
09:40