VANCOUVER -- When Simon Knight opened up his community mailbox in September he was shocked by what he found - a mailing from BMO Wealth Management Nesbitt Burns that contained a lot of private sensitive information, everything thieves would need to steal his identity, including his full social insurance number.
“I feel betrayed and let down by somebody I trust,” he said.
Along with the SIN were revealing details, including: his account number, home address, full name, home telephone number, cell number, work number, employer information like his employer’s address, his salary, fixed assets, liquid assets, total net worth, and his wife’s details too. And then he received three more mailings just like it.
Banks are required to protect your private information but how they handle communications and use social insurance numbers is not specfically spelled out in rules or regulations.
CTV reached out to all the major federal parties for a comment about what happened. Only the NDP responded and the party’s privacy expert couldn’t believe what had been done.
“Putting it all there and then mailing it to someone that’s just a ridiculous way of doing business,” said Charlie Angus, MP NDP for Timmins – James Bay. “They are risking privacy breaches by this action.”
And mail theft is a huge problem.
BMO Nesbitt Burns offered Knight five years of free credit monitoring and told CTV News it will always work with clients to accommodate their preferences, including electronic communications, encrypted email and mail, but wouldn’t commit to stop using full social insurance numbers in their communications.
“It’s really indicative of the indifference that the big banks in Canada have to their customers,” Angus, who is a member of the standing committee on Access to Information, Privacy and Ethics, added.
Financial firms are supposed to check in with their customers to make sure their information is up to date, but how they do that is up to them. There are no laws requiring them to use full social insurance numbers in their communications, but there aren't any laws restricting it either.
A simple fix would be to blur some of the SIN digits, or better yet - leave it out.
“When government brought out the privacy legislation, they just assumed the big banks would do their part," Angus said. "But the big banks are not doing their part.”
The federal government has committed to review privacy legislation. The NDP has said an already overwhelmed Office of the Privacy Commissioner of Canada needs tougher tools, like the ability to issue orders, penalties and the resources to follow up.
“We shouldn’t actually have to go and sweep up after the big banks out of their sheer laziness,” Angus said. “We shouldn’t need legislation on this, but I think the message to the big banks is do your job or we’re going to have to find a way to make you do your job.”