Sunday, November 28, 2004

CIBC Responds to fax incident

The Canadian Imperial Bank of Commerce (CIBC) has released a statement to its customers regarding the ongoing misdirected fax incident:

CIBC - An Open Letter To CIBC Customers From Ron Lalonde On Misdirected Faxes: "

To our CIBC Customers:

I want to personally apologize and share with you my deep concern regarding the breach of confidentiality of client information reported in the media.

I also want to assure you that CIBC takes the confidentiality of its customers' personal information very seriously.

You may be interested in the history of this situation. As soon as we learned that some CIBC faxes had been misdirected to a U.S. company in the spring of 2002, we immediately took steps to safeguard our customers' personal information. We notified our branches that information was being faxed to an incorrect number. We also contacted the owner of the company who had been receiving the faxes and elicited from him a commitment to shred all the faxes he had received and to notify us should he receive any additional ones.

We heard nothing further regarding this issue from the individual for more than two years and thus believed that the company was no longer receiving CIBC faxes in error.

However, in the spring of 2004, the company filed a lawsuit against CIBC stating that they had received CIBC faxes through 2002. Then, late last month, the company informed us for the first time that it had been receiving faxes up to 2004. This news was a disturbing and surprising revelation, as we believed, and the company's lawsuit led us to believe, that the problem had been resolved two years previously.

Once CIBC learned of this continuing issue, we moved to address it. Specifically, we have instructed our branches to cease transmission of all internal faxes containing client information. This information will be transmitted to central processing operations via secure internal courier systems and by direct telephone conversation. We will, however, continue to respect the wishes of those clients who ask to receive information from us by fax transmission.

Longer term, we are exploring other potential secure technological alternatives for the timely transmission of confidential information between branches and processing centres.

If you have any enquiries, or if you are aware of any similar situation in the future, please contact CIBC Customer Care at 1 800 465-2255.

Yours sincerely,

Ron Lalonde, Senior Executive Vice President, Chief Adminstrative Officer, and Chief Privacy Officer."

The Bank previously released a shorter statement on the matter:

CIBC - Statement Regarding Misdirected Faxes:

"CIBC takes the issue of the confidentiality of personal customer information very seriously. We sincerely apologize to all of our customers for any concern that this issue may have caused them.

CIBC is doing everything possible to protect the confidentiality of personal customer information. Effective immediately, we are instructing our branches to cease transmission of all internal faxes containing client information. This information will be transmitted to central processing operations via secure internal courier systems and by direct telephone conversation. We will continue to respect the wishes of customers who ask to receive information from us by fax transmission.

Longer term, we are exploring other potential secure technological alternatives for the timely transmission of confidential information between branches and processing centres.

With respect to the specific case of client information mistakenly transmitted to a US business, we are grateful that Mr. Peer has attempted to protect the confidentiality of this information. To ensure that this information remains protected, we will be bringing a motion for a protective order in the US court as soon as the courts reopen following the American holiday. This application will seek to protect the information of the 29 customers that has been produced as evidence in this case."

For the background to this, please see Candian bank's internal faxes went to West Virginia for three years, Bank responds to incident by prohibiting faxing of customer information.

No comments: