Insurance broker fined $1K for not following MPI privacy rules

A privacy breach involving customers’ auto insurance files has netted a Winnipeg insurance broker a $1,000 fine.

MPI says Basil Galarnyk looked at files without getting customers' permission

On election night, 51 municipalities using Denver, Colo.-based Dominion Voting Systems had problems. (Shutterstock)

A privacy breach involving customers' auto insurance files has netted a Winnipeg insurance broker a $1,000 fine.

Manitoba Public Insurance determined that last fall broker Basil Galarnyk accessed customer information 42 times without performing any transactions and with "no discernible reason" for accessing the files, a discipline panel has found.

As a result, MPI suspended Galarnyk's authority to do MPI business for one week in October 2015.

MPI informed the Insurance Council of Manitoba, which regulates insurance brokers.

In the ICM investigation, Galarnyk admitted that in 11 instances he accessed client files for purposes such as trying to find a lost insurance validation sticker and dealing with questions around a bill of sale.

'No discernable reason'

But the investigation also found 31 other occasions in which Galarnyk accessed customer accounts for "no discernible reason," and obtained information without getting authorization and without recording customer comments.

The April 2016 ICM decision said those were violations of privacy laws, including the Freedom of Information and Protection of Privacy Act, as well as the Personal Information Protection and Electronic Documents Act.

"Manitoba Public Insurance's customer information is to be accessed by agency staff only in order to respond to a customer inquiry or process a transaction for the customer," say Autopac agency operating standards outlined in the decision.

"Autopac agents are not to access any customer's Autopac online file under any other circumstance, such as to determine if a customer has renewed their policy," the standards state.

Answering customer questions

In his explanation to the insurance council, Galarnyk said he was "simply answering customer questions" when he accessed the files but failed to make entries indicating that. 

"Everybody services their clients, but in my case, I didn't make any comment in the files ," Galarnyk told CBC News.

"Clients phone us all the time and ask us questions, right?" he explained. "You go into the file and look at it."

Galarnyk said brokers are often in and out of the system as a part of everyday business.

"You answer whatever question, you close it, and then it's done," he said.

Privacy training required

Galarnyk paid the $1,000 fine plus $225 toward investigation costs and was required to complete a privacy training course, the report said.

"He noted he would adhere to the required practice in the future," the decision said.

MPI told CBC News it became aware of the privacy issue through a regular audit of customer transactions processed by Autopac agents. A spokesperson said typically four or five incidents are identified annually, although not all are found to be breaches of the Freedom of Information and Protection of Privacy Act.

Manitoba has 295 Autopac agencies that were collectively paid $80 million last year to deliver auto insurance services.

ICM views publication of its disciplinary decisions to be in the public interest and posts them on its website.

In a 2015 case, MPI notified the insurance council that contrary to policy, one agency was accessing customer files "to advise the customers of the expiration of their driver licences or car insurance for the purpose of soliciting renewal business," a discipline decision said.

That case also netted a fine of $1,000.

In a 2014 decision, an insurance agent was fined for reasons that included keeping personal documents containing "information of a highly confidential and sensitive nature" in an open and unsecure drawer in the office, rather than shredding documents or keeping them in a locked cabinet.