Privacy and Information Security

GRI 103: 418
Privacy and information security banner image

In a business built upon the trust of our clients, we are committed to protecting personal information, and ensuring information security is of utmost importance to the Company.  

Technology and cyber risk

We use systems and technology to support our business operations and the client and financial advisor experience.

As a result, we are exposed to risks relating to technology and cyber security such as data breaches, identity theft and hacking, including the risk of denial of service or malicious software attacks. Such attacks could compromise confidential information of the Company and that of clients or other stakeholders, and could result in negative consequences including lost revenue, litigation, regulatory scrutiny or reputational damage.

The Company has a very low appetite for operational risk, including technology and cyber security risks. Our risk management framework emphasizes operational risk management and internal controls.

Business unit leaders are responsible for management of day to day operational risks. Specific programs, policies, training, standards and governance processes have been developed to support the management of risk. The Company has a business continuity management program to support the sustainment, management and recovery of critical operations and processes in the event of a business disruption. See Risk Management for more information about our risk management framework.

Governance

IGM is supported in identifying and appropriately managing technology risks by a Chief Technology and Data Office. Our VP Technology Risk & Chief Information Security Officer is responsible for all aspects of the implementation, management and execution of IGM’s information technology security, risk and compliance framework.

Having a Chief Technology and Data Office ensures IGM is compliant with all relevant application security and cyber security standards. This office regularly reports to the board on our cyber risk and information security strategy. Our comprehensive information and cyber security program underpins our technology policies and is based on industry frameworks and best practices. IGM Financial meets and complies with applicable laws and regulations.   

Within IGM, our Acceptable Use of Technology Standard sets the company’s expectation for all employees, advisors and contractors with respect to the proper use of technology and intellectual property and the protection of cyber security.

Programs and resources

We are committed to investing in security technologies and specialized security talent to protect against, detect and respond to cyber security threats. To remain resilient to such threats, the company has comprehensive cyber security programs, follows sound industry practices, and has implemented threat and vulnerability assessment and response capabilities. Our endpoint detection and response software and focus on cyber response exercises provide us with the ability to track intruders across our systems, understand root causes and contain any threats with minimal disruption to the business. Through our affiliation with the Power Financial Corporation group of companies, we have the strength and efficiency of a security platform that is both global in scale and expertise. Regular internal and third-party assessments of our security procedures ensure they remain relevant and effective.

In today’s ever-changing threat landscape, we recognize that the human element is equally important in the protection of data and have established a security awareness and training program to provide all employees with the knowledge and skills to identify and protect against cyber security threats. Knowledge sharing is ongoing throughout the year with annual mandatory training for employees, advisors and contractors.  Cyber security training is aligned to Public Safety Canada’s Cyber Security Awareness Month.

We also participate in industry-established forums and collaborate with peers on threat intelligence and critical security threats facing the global financial services sector:

  • The Canadian Center for Cyber Security builds strategic partnerships with Canada’s critical infrastructure owners and operators in order to share enhanced cyber threat information and to promote the integration of cyber defence technology.
  • The Financial Services Information Sharing and Analysis Center (FS-ISAC) is an industry consortium dedicated to reducing cyber-risk in the global financial system. Serving financial institutions around the globe and in turn their customers, the organization leverages its intelligence platform, resiliency resources and a trusted peer-to-peer network of experts to anticipate, mitigate and respond to cyber threats.

Privacy protection

In accordance with Canadian privacy laws, we only collect personal information that is necessary to our business or where we have consent to do so. We do not disclose personal information about clients unless required by law, when necessary to provide products or services to them, or as otherwise authorized by them.

We have established specific privacy guidelines relating to the collection, use and disclosure of personal information. See details of this commitment for each of our operating companies:

We also have procedures relating to the protection of confidential information from theft, loss, unauthorized disclosure, access or destruction or other misuse. Our employees and IG Wealth Management financial advisors receive mandatory, comprehensive privacy training both when joining and on an ongoing basis thereafter.