The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

Privacy Calendar

Links

RSS FEED for this site

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Sunday, April 16, 2006

Incident: Bank employee uses access to account information to harass customers

The Cadillac News, in Cadillac, Michigan is reporting on a former employee of Fifth Third Bank who allegedly used access to account information to harass customers, most of whom are women:

Cadillac News:
Internal theft of personal bank data rare
By Matt Whetstone, Cadillac News
CADILLAC - There's a first time for everything - even a bank employee using his job to compromise the personal information of customers.
Fifth Third Bank has the designation of being the first after an employee at an Indiana banking center accessed account information and harassed customers, who were primarily women.
“Fifth Third puts our employees through extensive training on the use of client information,” said Peggy Janei, spokeswoman for the company. “We have strict policies and procedures about that.”
The man, 39-year-old Marco Antonio Munoz, is no longer working for the institution but his alleged trail of identity theft could span the Midwest and hundreds, if not thousands, of bank customers.
“We don't know what we have here yet,” said Det. Sgt. Jeff Herweyer, who handled the case on behalf of the Michigan State Police Cadillac Post.
What police do have is 73 pages of names that Munoz accessed over the last four years, with the most activity in the last two.
Munoz passed the bank's screening process. Had he had a criminal background in the past, he would not have been hired, Janei said.
“We continue on a daily basis to enforce with our employees' appropriate use of customer information, we never sell client names,” she said.
Fifth Third of Northern Michigan President and CEO John Pelizzari said it is a very unusual occurrence. He has been in the business for 30 years and said this is the first such case he has seen.
Special Agent Terry Booth of the Federal Bureau of Investigation office in Detroit said the agency has handled cases of bank employees taking money out of accounts but this case seems to be unique.
“Quite frankly, I've never heard of that,” Booth said. “It's news to me they would use it for that type of activity.”
Robert Marcus, branch manager for Citizens Bank in Cadillac, said he is quite surprised of the nature of the incident.
Like Fifth Third, Citizens has security measures in place to ensure customers' personal information is kept safe. Anyone who develops a trend of looking up a lot of client information without a need will set off a red flag.
The measures, Marcus said, are necessary to protect people at a time when identity theft and fraud are on the rise. The institution also has policies where personal information must be kept in a safe place, off desks or out of plain sight, to avoid any potential for someone gathering information through that method, he said.
Even potential new customers are carefully reviewed to ensure they are who they say they are, he added.