Bank’s record-keeping practices considered inadequate safeguard
PIPEDA Case Summary #2007-380
[Principles 4.3 and 4.7.1 of Schedule 1]
Lessons Learned
Banks should:
- ensure that they retain evidence of any changes made to an account;
- clearly record any disclosures of personal information;
- identify under which authorities they have disclosed personal information; and,
- establish appropriate retention periods and apply them consistently.
A son was disturbed when he learned that his bank had released his account information to his sister, the Administrator of their late mother’s estate. Although he had managed his mother’s financial affairs, and once jointly held another account with her, he claimed that the account at issue was in his name only.
The bank disagreed, but could not produce evidence to support its claim that the account was also in the mother’s name. From the lack of documentation about account ownership to the bank’s uncertainty as to whether it even disclosed the information in question, the Assistant Privacy Commissioner was disturbed by the bank’s careless record keeping, believing it amounted to an inadequate safeguard. She made several recommendations to the bank to improve its practices when it comes to documenting changes to, or disclosures of, personal information. She also asked the bank to establish retention periods – or to ensure that those already in place are consistently applied at all branches. The bank complied with all of the recommendations, and the complaint was considered well-founded and resolved.
The following is a detailed overview of the investigation and the Assistant Commissioner’s findings.
Summary of Investigation
Some years previously, the complainant’s mother had asked him to assist her with her financial affairs. They both agreed that the complainant would take over the administration of her bank accounts and pay her bills. To this end, the complainant became a joint account holder on his mother’s account at a local branch of the bank. The complainant administered her finances through this account until he decided it would be easier if he went through an account located at a branch in the city where he lived (she was living in one province, and he in another). This new account, which is the subject of this complaint, contained monies belonging to the mother. The complainant stated that he was the sole account holder, that he was who opened the account and that he signed the signature card. He indicated that he transferred money from the joint account (at his mother’s local branch) into this account.
After the mother passed away, one of the complainant’s brothers was the Administrator of her will. The complainant provided him with account information from the date of her death until the account was closed (a few months later). This information consisted of statements that detailed transactions showing monies used to pay her taxes, outstanding bills and other expenses directly related to her. The complainant believed that he was required to provide this information to the Administrator.
One of the complainant’s sisters later successfully petitioned the court to become the Estate Administrator. Consequently, all of the documents relating to the mother’s estate were sent to her, including the account statements that the complainant had provided to his brother. The complainant claimed that his sister, in her capacity as the Administrator of their mother’s estate, subsequently obtained account information relating to transactions that had occurred on the disputed account prior to the date of their mother’s death. In support of this claim, the complainant referred to a letter addressed to him from his sister’s legal counsel regarding certain monies that had been removed from the account. Upon receipt of this letter, the complainant realized that his account transactions had been disclosed. He contacted the bank to complain about the unauthorized disclosure of his personal information, and asked how his sister could obtain copies of his account statements when he had not authorized the disclosure.
The complainant maintained that just because he provided statements of transactions to the previous Administrator following his mother’s death, this did not authorize the bank to release statements of transactions that occurred before her death. When he first broached this matter with the bank, he appeared to object to the release of information predating his mother’s death because he believed he only had to supply information about the account following her death. The issue of the account being a single account only arose when the complainant was informed that the Estate Administrator was entitled to the account information that covered the period of time when their mother was alive. Although he once referred to the account (in correspondence to the bank) as “joint,” he nevertheless held his position that the account was his alone.
The bank stated that the account was joint and that it was required to release the information related to the account to the Estate Administrator upon request. The bank, however, was unable to support this position by providing the signature card or the initial account application. According to the complainant’s local branch, electronic records may be destroyed after a certain period of time, but hard copies are sent to archives and kept longer. They would normally still be on file five years following the date of account closure. An additional search was ordered for the records but it was not successful. The bank stated that it would have had no reason to add the mother’s name to the account unless it was deemed a joint account.
The investigation established that although the mother and son’s first account had been closed for several years (more than five), the bank was able to supply the signature card showing joint account status.
The bank was also able to produce various account statements for the disputed account. When a representative of the Office visited the branch where the account was held, she also obtained copies of information that had not been released to this Office when all documentation had been requested and reportedly sent.
As for the information on one of the account statements that the bank provided to the Office, one of these statements was addressed to both the complainant and his mother. The complainant, however, provided a copy of the first statement he received, relative to this account. It displays his name only. According to him, once money was transferred from the joint account that he and his mother held in her home province to the disputed account, and once his mother’s pension cheques started to be deposited into this account, his mother’s name began to appear on the statements. He indicated that he did not raise the matter with the bank at the time as her pension cheques were going into the account, and he thought that the bank added her name to ensure that there were no problems with the direct deposit of her money into the account.
The bank countered that it is incumbent upon account holders to notify the bank of any errors on their statements and that the complainant did not inform it of any concerns that he may have had over the fact that his mother’s name appeared on the statements.
As for the alleged disclosure, the bank agreed that a package had been prepared for her, but it could not confirm that the information requested by the complainant’s sister was in fact released to her as there was no record of its release. The complainant stated that his sister had indicated to him and his representative that she had received the information from the bank in her capacity as Estate Administrator. The Office reviewed the documentation that the sister’s legal counsel sent to the complainant, along with the letter questioning certain transactions. The documentation included a statement printed by the bank, covering a period of time greater than that covered in a normal monthly statement. The only way to obtain such a statement would likely be to request one from a bank.
Findings
Issued March 29, 2007
Application: Principle 4.3 states that the knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate. Principle 4.7.1 stipulates that the security safeguards shall protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. Organizations shall protect personal information regardless of the format in which it is held.
In making her determinations, the Assistant Commissioner deliberated as follows:
- The first matter she considered was whether there was in fact a disclosure. Although the bank could not confirm that an actual disclosure occurred because there was no record that the requested documents were picked up, it appeared to the Assistant Commissioner, based on the letter from the sister’s lawyer and the information attached to it, that there was a disclosure. The information the lawyer enclosed included a statement printed by the bank that covered a lengthier period than that usually covered in a monthly statement.
- The Assistant Commissioner was therefore of the view that the bank did disclose information about this account to the sister.
- The next question to address was whether this disclosure was permissible under the Personal Information Protection and Electronic Documents Act. As the Estate Administrator for the mother, the complainant’s sister has the same power as the mother. If the account were held jointly by the complainant and his mother, the Administrator would be able to access the mother’s records related to that account without first obtaining the complainant’s consent.
- Was it a joint account? The evidence, what there was of it, was contradictory. The complainant maintained that he was the sole account holder, while the bank contended that the account was jointly held.
- The bank, however, could not produce the application form or the signature card for this account to support its position. Instead, it pointed to the account statements, which were addressed to both the complainant and his mother, as evidence that it was a joint account. The complainant also produced a statement that predated the one given by the bank and only his name was on it. Although the bank deemed it incumbent upon the account holder to verify information on statements issued by the bank (and the Assistant Commissioner acknowledged the merit of that view), failure to identify errors cannot be construed as rendering the information accurate.
- The bank later provided additional information for consideration, regarding the question of whether the account was joint or not. It stated that the bank had waived the fees against the account at the local branch, which was the standard procedure at the time for clients over the age of 60. The bank did not, however, provide any documentation that would have been given to the complainant indicating that this waiver had been put in place or why.
- The Assistant Commissioner noted that there was never any dispute that the money in the account came from the pension cheques in the mother’s name and that certain monies removed from the account concerned payments of bills relating to the mother.
- The bank also noted that at one point the name on the account was changed. It suggested that such a change would be an indication that the account went from joint ownership, where two people must sign, to an account where either could sign.
- However, the issue to be decided was whether the account was joint. The bank did not have the account information to support its contention that it was. The complainant had been the only person signing the cheques. If the account had in fact been a joint account, then the bank should not have been honouring cheques bearing only one signature, prior to the change in how the names were listed on the account.
- On balance, the Assistant Commissioner believed that this account was the complainant’s only, and therefore the bank disclosed his personal information without the complainant’s knowledge or consent. She noted that it was not enough for the bank to argue that it was a joint account because both of the names appeared on the statements. It needed to produce evidence and it could not.
- This last point led the Assistant Commissioner to comment that the bank’s record keeping with respect to this account was so careless as to amount to an inadequate safeguard. It could not provide documentary evidence to support its position vis-à-vis the account holder(s). It could not provide documentary evidence that it had or had not disclosed material. She commented that while there might be retention periods in place for certain documentation, these were not consistently applied, as shown by the fact that the bank could provide signature cards for an account that was older than the one under investigation.
- Disturbed at the apparent lack of care applied to the personal information the bank held about the complainant (and possibly other customers), the Assistant Commissioner recommended that the bank strengthen its documenting processes by:
- Ensuring that it retains evidence of any changes made to an account;
- Ensuring that it clearly documents any disclosures of personal information, and clearly identifies the authorities for it to do so; and
- Establishing appropriate retention periods or ensuring that those already established are consistently applied in all branches.
- The bank responded to the recommendations, indicating how it already met these recommendations or was putting measures in place to do so. Based on this, the Assistant Commissioner was satisfied that the bank had fully met the recommendations.
The Assistant Commissioner concluded that the complaint was well-founded and resolved.
See also
#252 Assistant Commissioner considers the retention of a record
- Date modified: