Aggregated News From Investment Management Regulators

FMA apologises for privacy breach

Report/Flag

Please complete the required fields.



Media release

MR No. 2019 – 58

7 November 2019

The FMA today apologised for a privacy breach that meant complaints documents sent to the regulator between 2015 and 2017 were potentially accessible via internet searches.

FMA Chief Executive Rob Everett said the issue was rectified immediately when the regulator became aware of it, and reassured the public that any information provided to the FMA was now held confidentially.

The FMA has identified six cases where sensitive personal information provided to the regulator may have been accessed.

The FMA has contacted the people involved to advise them of the issue and any further steps they should take to protect their information.

A preliminary review has identified 27 instances where documents that supported complaints were accessed by internet searches. The documents were inadvertently uploaded to a portal on the FMA website. Of these, six contained sensitive personal information such as financial information. The remaining documents were either already publicly available or did not include any sensitive personal information.

“We apologise to those people who supplied us with information and also to the wider public for this error. Their trust and confidence is critical to us,” said Mr Everett.

The FMA first learned of the issue following a media inquiry on 21 October. The regulator immediately shut down its website to ensure all information was protected. The website was restored on 23 October once the FMA had confirmed no further confidential information was at risk.

“Our immediate focus was to ensure our systems were secure and to protect people’s information,” said Mr Everett.

“We have reviewed what files were uploaded in this way, what information they contained and contacted those people whose sensitive personal information may have been accessed.

“We are working hard to ensure we get to the bottom of the issue.”

The issue relates to documents that were provided to the FMA several years ago, and the FMA is still investigating the circumstances. However, an initial review indicates that information supplied through an online complaints form between 2015 and 2017 flowed into a folder holding information to be uploaded to the FMA website.

At no point was the information ever linked to public content on the FMA website, nor could it be located by browsing the website.

All but two of the documents were accessed following a change in automated search algorithms on 30 September 2019. The FMA believes this is related to ordinary enhancements to search engine algorithms, which took place around that time.

The FMA has worked closely with the relevant government agencies and departments, and has engaged KPMG to assist in its investigations into the cause and extent of the incident.

Mr Everett said a full review of the issue would be conducted by an independent external party. 

As a precautionary step, the FMA has removed the ability to upload complaints information via the website.

Anyone with questions about information they have provided to the FMA should contact the regulator.

ENDS

Media contacts:

Louise Nicholson

Director, External Communications & Investor Capability

027 495 9366

[email protected]
Campbell Gibson

Senior Adviser, Media Relations

021 945 323

[email protected]

Regulator Information

Regulator Name: Financial Markets Authority
Abbreviation: FMA
Jurisdiction: New Zealand

Recent Articles

Management Companies and Self-Managed Funds Quarterly Statistics

See a PDF of the Circular published by the Cyprus Securities and Exchange Commission (CySEC CY) here: Source link

Surrender of Authorisation by Charles Cassano

This notice is to make the general public aware that Mr Charles Cassano requested the Malta Financial Services Authority (“MFSA”) to accept the surrender of the authorisation which was issued to the

EIOPA calls for better value money in bancassurance warning to banks and insurers

The European Insurance and Occupational Pensions Authority (EIOPA) has today issued a warning to insurers and banks to address consumer protection issues related to sale of credit protection insuranc

Communiqué No. 73, CNBV completed the process for the TSJEP to join the SIARA

This post was translated by Regulatory.News for informational purposes only; the content below is not an official translation from the regulator. See the content...

The Chairman of the Financial Supervisory Authority gives the keynote speech at the Fourth Insurance and Reinsurance Forum in Sharm El Sheikh

This post was translated by Regulatory.News for informational purposes only; the content below is not an official translation from the regulator. See the content...

Get the latest from Regulatory.News in your inbox!

×