What a bunch of clowns. A couple of years ago a hard disk containing private data of 470,000 customers of Canadian Imperial Bank of Commerce disappeared in transit. There were actually two copies, one sent by land and one by air. The land shipped box turned up fine, except it was empty. The Canadian Privacy Commission's been looking into the loss.
"The investigation arose from a December 2006 transfer from Montreal to the bank's Toronto-area computer system of files on 470,752 current and former clients of the Talvest mutual fund organization. The data included names, addresses, signatures, birthdays, bank account numbers, beneficiary details and social insurance numbers.
Officials decided the data transfer was too large for an internal network, and copied the information to two disk drives, one to be transported by land, the other by air. The air-shipped package arrived without incident but the land-couriered package arrived empty, with no signs of tampering."
Now they THINK that the disk was never in the box! Ah, the old blame the mailroom excuse. Who puts an empty box in the mail?!
CIBC data on 473,000 clients may not have been lost after all: no one knows
Personally I'm glad the disk was not in the box - because the data was not encrypted. Yup, it was considered acceptable to mail a hard drive containing personal data from 470,752 people without any form of encryption.
"CIBC has since adopted a policy requiring information to be made secure if it travels outside the bank."
I feel so much better knowing they adopted a policy. Now maybe they should be talking to the mailboy.
Comments