The National Banking and Securities Commission (acronym: CNBV) answered a questionnaire about the theft of personal data from Credit bureau communicated on February 2. It is up to this financial authority to investigate and sanction the violation of bank secrecy involving the Bureau, a private company that offers monitoring services on people’s financial behavior. The responses are interesting. CNBV because it warns that much information about the incident is confidential and refers to the Credit bureau or to the financial defense (acronym: driving) to clarify details or contribute to the protection of the moral and economic patrimony of those affected. Basically: it says that the CNBV He does what he has to do even if it is not clear what it is.
I publish the questionnaire here:
—How many people were affected and what personal and financial data was violated?
—The number of natural persons affected by this incident, as well as the personal and financial data violated, corresponds to be calculated by the Credit Bureau, so that legal entity would be the one to answer this question.
—What can affected people do to protect their heritage?
—The recommendations of the actions to follow must be communicated by the Credit Bureau.
—What is the role of the CNBV in accompanying those affected and how can it offer them help?
—The powers of advising, protecting and defending the rights and interests of affected persons correspond to the National Commission for the Protection and Defense of Users of Financial Services (Condusef).
(Immediately after reporting the incident, I asked Condusef about his role in the matter. A person from the press team replied: “The competition of driving with the Bureau is, among other cases: (1) If you have already paid any debt and it is not reflected in your credit report. (2) If you appear as a debtor of any institution and you are not (possible identity theft or impersonation). (3) When you do not agree with the score assigned to you by the Bureau (credit rating). All these examples can give rise to a complaint that you can file with the Condusef.”)
—What acts of authority may result from the incident?
—From the special visit carried out by this Commission, observations and recommendations could result that would be communicated to that Company (Credit Bureau).
(That communication, it follows, will be confidential. In a communicated on February 22 the CNBV He assured that he has a follow-up and monitoring protocol in cases such as the theft of information from the Credit Bureau. The following questions are related to that protocol.)
—What regulation authorizes this protocol?
—The protocol is an internal tool of this Commission.
—Where was said protocol published?
—The protocol is not public.
—Is this the first time that this protocol has been applied?
—It is part of the set of tools used by this CNBV for its supervision tasks.
(In the CNBV statement —the only official information on the incident until the publication of this questionnaire today in Economicón—, the authority said that it had initiated an investigation into the credit bureau robbery that would conclude on March 3. The following questions are related to that investigation.)
—What did the CNBV find in the investigation? What are the reasons for a fine or penalty? What actions and measures will the CNBV take to fine or punish those responsible? What will be the next steps of the CNBV?
—The answer to these questions is the following: The result of the supervision actions can only be shared with the supervised entity, therefore it is considered confidential information.
(That said: in the law of the jungle.)
