DECISION of the GENERAL INSURANCE COUNCIL OF MANITOBA (“Council”) respecting BESTWAY AGENCIES (RTI) LTD. (“Agency”) MANUEL RODRIGUES – OPERATING AGENT (“Licensee”)
INTRODUCTION The General Insurance Council of Manitoba (the “Council”) derives its authority from The Insurance Act C.C.S.M. c.140 (“Act”) and the Insurance Councils Regulation 227/91.
Following receipt of information from Manitoba Public Insurance (“MPI”) with respect to contravention of The Freedom of Information and Protection of Privacy Act (“FIPPA”), by the Agency, an investigation was conducted pursuant to sections 375(1) and 396.1(7)(e) of the Act and s. 7(2)(e) of Regulation 227/91. The purpose of the investigation was to determine whether the Licensee’s activity violated the Act and/or the General Insurance Agent Code of Conduct (“Code of Conduct”). During the investigation the Licensee was notified of the complaint and given an opportunity to make submissions.
On September 16, 2015, during a meeting of Council, the evidence compiled during the investigation and the position of the Licensee were reviewed. Pursuant to section 375(1) of the Act and Regulation 227/91, the Council now confirms its decision and corresponding reasons.
ISSUES 1. Did Agent TM employed by the Agency access MPI – Autopac customer accounts without first obtaining customer approval, in violation of their privacy?
2. Did the Licensee instruct Agent TM to undertake that action, and fail to supervise the activity of Agent TM?
Page 1 of 3
FACTS AND EVIDENCE 1. At all material times, the Licensee was the Operating Agent responsible for managing the agency activity.
2. Between May 18, 2015, and May 24, 2015, MPI documented Agent TM’s access to 21 On-Line customer files without customer authorization.
3. MPI’s Broker Services Administrator was advised that Agent TM was accessing these June renewal accounts, using the Client List, to advise the customers of the expiration of their driver licenses or car insurance for the purpose of soliciting renewal business. The Client List consists of customers who have transacted business with the Agency and provided consent for the agent to use the limited information on the list. The Client List included the customer name and MPI customer number, address, contact information, and renewal date.
4. In keeping with the Freedom of Information and Protection of Privacy Act (FIPPA), the Personal Information Protection and Electronic Documents Act (PIPEDA) and Canadian Anti-Spam Legislation (CASL), the Autopac Agency Appointment & Operating Standards states:
“Manitoba Public Insurance’s customer information is to be accessed by agency staff only in order to respond to a customer inquiry or process a transaction for the customer.”
Agents are permitted to access the customer’s Autopac On-Line file only if the customer is in the office or the customer’s identity is verified by customer contact. Subject to parameters, payments on account can be made by others.
The policy specifically states, “Autopac agents are not to access any customer’s Autopac On-Line file under any other circumstance, such as to determine if a customer has renewed their policy.”
5. The customers whose files had been accessed had not made an enquiry or requested a transaction. No customer authorization to access the file had been obtained by Agent TM.
6. As a result of the activity, Agent TM was suspended from performing Autopac - IWS transactions, and counselling customers between June 8, 2015, and June 14, 2015.
7. In response to Council’s enquiry regarding who was responsible for Agent TM accessing the files, the Licensee confirmed that it was under his instruction for the purpose of sending the customers reminder letters about their upcoming driver’s licence and insurance coverage renewal. He noted he was aware of the activity, but not aware of the magnitude of the numbers.
Page 2 of 3
8. Subsequent to receiving the email from the MPI administrator, the Licensee instructed Agent TM to stop this use of the Client List. Both the Licensee and Agent TM provided assurances to Council that this activity would not reoccur and noted that comments are placed on system when the On-line file access is authorized but no transaction occurs.
ANALYSIS S. 375 (1) of The Act – untrustworthiness, and s. 7 of the Code of Conduct - Manner of Services - discuss the manner in which an Agent/Agency operates. The Licensee instructed Agent TM to contact customers using a Client List to solicit renewals. This was specifically prohibited as the customer had not made a specific enquiry or requested a transaction. Council concluded that using confidential information, in this unauthorized manner of conducting business, was a violation of customer trust. The Licensee knew, or should have known, the rules regarding the use of MPI customer files in conducting business and the requirements for protection of privacy of information.
The Licensee admitted that he had provided instructions to Agent TM to contact customers using information that was protected by the privacy acts, thus violating s. 5 of the Code of Conduct. The Code requires an agent to take reasonable care to prevent disclosing or using any information which must be kept confidential. While it was Agent TM who performed these acts, it was under the direction of the superior, the Licensee. S. 9 of the Code of Conduct requires the Operating Agent to supervise staff and assistants with respect to particular tasks and functions. The Licensee not only instructed Agent TM to violate the privacy laws but also failed to provide sufficient oversight in monitoring the number of customer files entered.
PENALTY AND FINAL DECISION Council’s Intended Decision dated September 29, 2015 outlined the foregoing background, analysis and conclusions on a preliminary basis. Having regard to its initial determination that the foregoing violations had occurred, Council imposed the following penalty and sanction pursuant to sections 375(1.1) (c) and (d) of the Act and section 7 (1) of Regulation 227/91:
1. The Licensee be fined $1,000.00 and assessed partial investigation costs of $350.00. As part of its Intended Decision, Council further informed the Licensee of his right to request a hearing to dispute Council’s determinations and its penalty/sanction. The Licensee expressly declined his right to a Hearing and chose not to pursue a Statutory Appeal; he instead duly paid the levied fine and partial investigation costs.
This Decision is therefore final. In accordance with Council’s determination that publication of its decisions are in the public interest, this will occur, as fully contemplated by section 7.1(1) of Regulation 227/91.
Dated in Winnipeg, Manitoba on the 26 th day of October, 2015. Page 3 of 3