Mortgage Broker is the magazine of the Canadian Mortgage Brokers Association and showcases the multi-billion dollar mortgage-broking industry to all levels of government, associated organizations and other interested individuals.
Issue link: http://digital.canadawide.com/i/981086
12 | spring 2018 cmba-achc.ca CmB magazIne letters to the editor invasive and oppressive over-regulation is to be resisted in the strongest possible terms. Recommendation 8, although not directly aimed at mortgage brokers, amounts to an open-ended proposal to give FICOM the power to demand information which is rightfully private and proprietary. Once this power is granted, there is no safeguard to prevent FICOM's demands from becoming arbitrarily invasive. e information should be set out in detail at the outset. Neither FICOM nor any other government agency should ever be given carte blanche to demand information or make regulations beyond what is specifically provided for in the applicable statutes. Again, without having one single problem or internal challenge listed in the review paper or in the initial paper, how can one direct resources or even make recommendations that would actually be considered an improvement in the "system"? If it ain't broke, don't fix it! ank you for the opportunity to comment. Crystal M. Foti, AMP, MBI "e Mortgage Chick" Cross-border Privacy Questioned Not sure if you have any industry insight on this but we have a question regarding technology. We are thinking of using an email service provided by Microso that uses cloud technology. e servers are American (and it is an American company). How would that affect our compliance with FICOM given that our information will be outside of Canada? Microso has yet to explain or document how it ensures compliance with Canadian privacy laws while it is a U.S. company – its own documentation says the users themselves are ultimately responsible for that. Can you shed any further light on this issue? Appreciate your input with thanks. Anonymous executive assistant to CEO of a brokerage Editor's Note: While this question originates from a B.C. broker, the protection of privacy principles stated in the answer apply across Canada. e brokerage investigated further and found out through Microso Canada that the cloud technology servers are also domiciled in Canada: one stationed outside of Montreal and one in Ontario, which the brokerage believes would follow the jurisdictional laws of those provinces. e brokerage is in the process of gathering further information to be sure. Answer e following is not meant to be legal advice; it represents our understanding of the industry. Should you wish legal advice, you will need to consult a lawyer with your specific and detailed circumstances. We are not able to provide you with a definitive answer applicable to your specific circumstances, particularly in the absence of having reviewed the agreement with the cloud services provider and the laws of the jurisdiction(s) where the data will be stored. In any event, that type of review is more appropriately done by your lawyer. As you will see below, your obligations are expressed in terms of protecting, using reasonable steps, and the sensitivity of the information. is wording means whether a mortgage broker has met the obligations very much depends on the specific circumstances. at aside, we do provide the following to assist you in your considerations. General Protection of Personal Information Requirements for Mortgage Brokers e B.C. Registrar of Mortgage Brokers has issued Information Bulletin MB 10-001, "Use and Protection of Client Information." e Bulletin clarifies the obligations of brokers in dealing with client information as being to: n comply with the relevant legislation on the protection and privacy of personal information; n not disclose information regarding a client or a transaction to another person unless the disclosure has been authorized by the client or the disclosure is required by law; and n take reasonable steps to ensure that client information is kept safe from access by persons who are not authorized by the client to have the information unless such access is required by law. Note that the Registrar refers to "personal information" in a way that makes it a subset of "client information." Privacy legislation tends to protect "personal information." In effect, this means that a broker is obligated to protect more than just "personal information." It would seem that a mortgage broker would have to protect client information at least to the degree indicated below regarding personal information. Cloud Computing – General e relevant legislation referred to above is B.C.'s Personal Information Protection Act. Privacy legislation holds an organization that collects personal information accountable for the collection, use and disclosure of the information, even when the information is outsourced for processing to third-party providers. Cloud computing is a type of outsourcing. is means that the organization putting the information into the cloud would remain accountable for personal information outsourced to a service provider that operates in the cloud. e Canada, Alberta and B.C. privacy commissioners have together, including in the following publications, provided guidance as to compliance requirements concerning cloud computing; the checklist at the end of the item listed at the first below bullet is particularly helpful: