BC regulator supports privacy commissioner decision regarding improper use of information around credit scoring

British Columbia’s Financial Institutions Commission (FICOM) is supporting a recent privacy commissioner ruling that found an insurer failed to comply with privacy laws around the collection and use of personal information related to credit scores. The Office of the Information and Privacy Commissioner issued a ruling on May 6, 2011, that ordered an insurer to stop collecting and using credit scores until it provides customers with appropriate notification as required by the Personal Information Protection Act (PIPA). “While this ruling was specific to the collection and use of credit score information by the insurer, staff of the office believe that it impacts all insurers, as it speaks to the need for insurers to ensure that they have obtained adequate permission from client’s to collect and obtain information about the client from other parties,” a FICOM bulletin says.”It is staff’s position that it is the responsibility of all insurers authorized in British Columbia to ensure that they have in place adequate processes, procedures and controls to ensure that they collect, use and disclose client information only in ways permitted under privacy legislation including under PIPA.”Insurance entities who are found to be in breach of PIPA or other privacy legislation, or are found by FICOM to be acting or pursuing a course of conduct that is harming the interests of their insureds may find themselves subject to regulatory action under Section 244(2)(e)(ii) of the Financial Institutions Act, the bulletin adds.