Aggregated News From Investment Management Regulators

FMA apologises for privacy breach

Report/Flag

Please complete the required fields.



Media release

MR No. 2019 – 58

7 November 2019

The FMA today apologised for a privacy breach that meant complaints documents sent to the regulator between 2015 and 2017 were potentially accessible via internet searches.

FMA Chief Executive Rob Everett said the issue was rectified immediately when the regulator became aware of it, and reassured the public that any information provided to the FMA was now held confidentially.

The FMA has identified six cases where sensitive personal information provided to the regulator may have been accessed.

The FMA has contacted the people involved to advise them of the issue and any further steps they should take to protect their information.

A preliminary review has identified 27 instances where documents that supported complaints were accessed by internet searches. The documents were inadvertently uploaded to a portal on the FMA website. Of these, six contained sensitive personal information such as financial information. The remaining documents were either already publicly available or did not include any sensitive personal information.

“We apologise to those people who supplied us with information and also to the wider public for this error. Their trust and confidence is critical to us,” said Mr Everett.

The FMA first learned of the issue following a media inquiry on 21 October. The regulator immediately shut down its website to ensure all information was protected. The website was restored on 23 October once the FMA had confirmed no further confidential information was at risk.

“Our immediate focus was to ensure our systems were secure and to protect people’s information,” said Mr Everett.

“We have reviewed what files were uploaded in this way, what information they contained and contacted those people whose sensitive personal information may have been accessed.

“We are working hard to ensure we get to the bottom of the issue.”

The issue relates to documents that were provided to the FMA several years ago, and the FMA is still investigating the circumstances. However, an initial review indicates that information supplied through an online complaints form between 2015 and 2017 flowed into a folder holding information to be uploaded to the FMA website.

At no point was the information ever linked to public content on the FMA website, nor could it be located by browsing the website.

All but two of the documents were accessed following a change in automated search algorithms on 30 September 2019. The FMA believes this is related to ordinary enhancements to search engine algorithms, which took place around that time.

The FMA has worked closely with the relevant government agencies and departments, and has engaged KPMG to assist in its investigations into the cause and extent of the incident.

Mr Everett said a full review of the issue would be conducted by an independent external party. 

As a precautionary step, the FMA has removed the ability to upload complaints information via the website.

Anyone with questions about information they have provided to the FMA should contact the regulator.

ENDS

Media contacts:

Louise Nicholson

Director, External Communications & Investor Capability

027 495 9366

[email protected]
Campbell Gibson

Senior Adviser, Media Relations

021 945 323

[email protected]

Regulator Information

Regulator Name: Financial Markets Authority
Abbreviation: FMA
Jurisdiction: New Zealand

Recent Articles

SEC Proposes to Enhance Disclosures by Certain Investment Advisers and Investment Companies About ESG Investment Practices

The Securities and Exchange Commission today proposed amendments to rules and reporting forms to promote consistent, comparable, and reliable information for investors concerning funds’ and advisers’

SEC Proposes Rule Changes to Prevent Misleading or Deceptive Fund Names

The Securities and Exchange Commission today proposed amendments to enhance and modernize the Investment Company Act “Names Rule” to address changes in the fund industry and compliance practices that

SEC Halts Alleged Ongoing $39 Million Fraud by Hedge Fund Adviser

The Securities and Exchange Commission today announced fraud charges against Detroit-based EIA All Weather Alpha Fund I Partners LLC (EIA) and its sole owner, Andrew M.

SEC Charges RiverSource Distributors with Improper Switching of Variable Annuities

The Securities and Exchange Commission today announced settled charges against RiverSource Distributors Inc. for improper switching or replacing of variable annuities.

Federal Reserve Board issues Economic Well-Being of U.S. Households in 2021 report

Accessible Keys for Video [Space Bar] toggles play/pause; [Right/Left Arrows] seeks the video forwards and back (5 sec ); [Up/Down Arrows] increase/decrease volume; [M] toggles mute on/off; [F] to

Get the latest from Regulatory.News in your inbox!

×