IIROC needs to make full disclosure

To avoid having the coverup become worse than the crime, securities regulators need to come clean about the loss of the personal financial data of thousands of the investment industry’s clients.

Since the Investment Industry Regulatory Organization of Canada (IIROC) first disclosed the news of losing material contained on a portable device, the regulator has been extremely reluctant to provide any details of the incident – refusing to reveal exactly what was lost, where or when.

IIROC justifies its reticence on the grounds that it doesn’t want to put the lost data at greater risk of falling into the wrong hands. Although that may be an understandable concern, silence is unacceptable. There simply are too many questions left unanswered, not only for the affected clients but for all investment industry clients and the industry itself.

How is it that personal financial data is being shuttled around on mobile devices by a self-regulatory organization (SRO)? Why was this information not completely secured, either through strong encryption or the severing of personal identifiers from the rest of the data? And how can the regulators be certain this won’t happen again?

The answers must come from the regulators, as it seems that SROs reside in a void between government privacy watchdogs: being neither government agencies nor commercial ventures, SROs aren’t subject to the usual authorities that would investigate significant privacy breaches.

Rather, it appears that this job falls to the Canadian Securities Administrators (CSA), which has oversight responsibility for the SROs; however, the various members of the CSA are not privacy experts. Nevertheless, it appears the CSA has begun an investigation. For this effort to have any credibility, the CSA must be much more forthcoming than IIROC has been to date. The CSA must give a full account of the incident, as well as a detailed explanation of what has been done to ensure that it can never happen again.

The entire securities regulatory system is premised on the pre-eminence of full, true and plain disclosure. This principle also must apply to the regulators’ own affairs.

B.C. files four unexplained wealth orders so far

Two provinces fight crime with expanded civil forfeiture powers

By: Rudy Mezzetta
October 15, 2024 October 14, 2024
00:10

Fraudsters can now escape penalties through bankruptcy. That’s absurd

Editorial: Fortunately, the court laid out a solution to the consequences of its decision

By: IE Staff
September 13, 2024 September 12, 2024
00:05

Capital gains tax hike results in rate inversion for some Canadians

Top earners in four jurisdictions may face a higher tax rate on capital gains than on eligible dividends

By: Rudy Mezzetta
September 9, 2024 September 11, 2024
13:55

Today's top stories

NASAA adds best interest standard to model rule

Group seeks revisions to U.S. state rule that match SEC's Reg BI reforms

By: James Langton
November 4, 2024 November 4, 2024
14:53

Tribunal rejects tougher sanctions in crypto case

Panel dismisses call for stronger deterrence given risks posed by crypto, social media

By: James Langton
November 4, 2024 November 4, 2024
15:32

Climate-related credit risks rise alongside emissions

Physical risks and transition risks grow as governments fail to curb emissions, Moody's warns

By: James Langton
November 4, 2024 November 4, 2024
15:16

IIROC needs to make full disclosure

Decumulation for business owners, incorporated professionals and holdco shareholders

Report Card exclusive: Dive into advisors’ challenges

Latest news In Comment & Insight