The Office of the Privacy Commissioner of Canada has recently posted a new summary of a finding related to a number of unauthorized credit checks carried out by an employee of a bank. The credit checks, plus a whole range of sensitive financial information were disclosed by the employee to the complainant's former business partner.
As is always the case, the Commissioner did not name the bank and there is no word on what the bank actually did to address this "reprehensible" conduct by an employee who violated her clear obligations of confidentiality.
Commissioner's Findings - PIPEDA Case Summary #312: Bank employee's actions deemed reprehensible (August 30, 2005):
"... The bank indicated that three credit inquiries that the complainant questioned were conducted as part of the normal procedure for opening accounts with the bank. However, it was determined that eight inquiries made over a two-year time period were performed by, or at the request of, a bank employee. The bank agreed that these inquiries were conducted without the complainant's knowledge or consent, and for non-business purposes. The bank apologized to him, indicated that it had taken appropriate action as a result of the matter, and offered to have the inquiries removed, with his consent, from his credit report...."