I am writing to advise you of the internal policies of the Office of the Superintendent of Financial Institutions (OSFI) regarding the transmission and receipt of confidential and sensitive information via Internet e-mail.

While OSFI has instituted a variety of controls and procedures to safeguard the information it collects and generates, it does not at present consider Internet e-mail to be a secure means of transmitting confidential or sensitive information. Accordingly, our internal Internet usage policy expressly prohibits the transmission of such information via the Internet. All OSFI employees have been instructed not to use Internet e-mail to transmit confidential or sensitive information, nor can they request that such information be sent to them via the Internet.

Therefore, please be advised that any information forwarded to OSFI employees from your institution via Internet e-mail is done so through what OSFI considers to be an unsecure medium. You may wish to advise your employees of OSFI’s position in this regard, and to ensure that they are aware of and willing to accept the risks associated with transmission of sensitive or confidential information via the Internet.

Should you require clarification of the technical aspects of the foregoing, please contact Mr. Al Gillich, Director, Informatics Infrastructures Services, at (613) 990-7781. If you wish to discuss other issues relating to the above, please contact your Relationship Manager.