Toronto – The Canadian Securities Administrators (CSA) announced that, as part of its ongoing oversight, it is reviewing the Investment Industry Regulatory Organization of Canada’s (IIROC) policies, procedures and controls as a result of the recent accidental loss of a portable device containing personal information about clients of some IIROC member firms.

The CSA is responsible for the regulatory oversight of IIROC, which is a self-regulatory organization that regulates investment dealers and trading activities on debt and equity marketplaces in Canada. IIROC must, subject to applicable legislation, collect, use and disclose personal information only to the extent reasonably necessary to carry out its regulatory activities and mandate. IIROC is also required to adopt policies and procedures designed to ensure that confidential information about the operations of its dealer members is maintained in confidence and is not shared inappropriately with other persons.

The CSA is reviewing the facts surrounding this incident, including a review of IIROC’s current policies, procedures and controls relating to information security, the encryption of data, and the collection and storage of personal information for regulatory purposes.

The CSA, the council of the securities regulators of Canada’s provinces and territories, co-ordinates and harmonizes regulation for the Canadian capital markets.

For more information: