Use of personal USB drive to manage client documents ends in sanctions for rep

The Insurance Council of British Columbia has fined Barzin Assadi and ordered Assadi to successfully complete several courses within 90 days after it was found that Assadi improperly handled client information when he used a personal USB drive to backup his work computer and manage client files.

The council commenced an investigation after the agent’s former employer commenced an action against Assadi and his current employer in the Supreme Court of British Columbia alleging, among other things, a breach of contract and fiduciary duties on Assadi’s part. The firm also alleged that the current employer induced Assadi to breach his contractual and fiduciary duties.

Assadi was first licensed with council in October 2010 as a level 1 general insurance salesperson and is currently working as a level 2 general insurance agent.

To address the former employer’s concerns, through his council Assadi provided the USB drive and the current employer isolated the files in question in its computer system in accordance with a procedure agreed upon with the former employer. Both the agent and the current employer also agreed to a forensic IT audit of their computer systems and Assadi’s home computer.

Assadi states that he maintained the USB drive which he used regularly throughout his employment with the former employer and for many years before that as well.

“The licensee admitted the USB drive contained some confidential and proprietary documents belonging to the former employer, along with many documents that did not belong to the former employer. The USB drive had two primary functions: to store personal documents and information necessary for the licensee’s non-work business and personal computing, and as a backup for his work computer,” the insurance council’s intended decision states. “The licensee was particularly reliant on the USB drive as a backup of his work computer during most of his employment with the former employer because the former employer did not have a centralized system for storing policy documents until sometime in 2018.” After that, they add that the centralized backup system was frequently down.

The intended decision also states that Assadi did not create the USB drive in anticipation of his departure from the former employer, did not contact any of the former employer’s clients on behalf of his current employer, and even told clients that he was not permitted to tell them where he was going after his employment with the former employer ended.

Assadi says he did not remember the former employer ever providing training or policy for use and management of documents. He also recalls that other employees also took work documents home.

Although council found Assadi’s evidence to be reasonable, they add that they were troubled by his storage of client information on a personal device, by his co-mingling of client information with his own personal information and documents, and by the lack of passwords or other reasonable safeguards to protect client information on the unencrypted USB drive.

“The primary aggravating factor was that the carelessness with which the licensee handled and kept client information, as described, was a marked departure from the minimum standards for dealing with client information,” the intended decision states. “The licensee’s breach of the relevant standards was unacceptable, particularly given his relative experience as an insurance agent.” 

In addition to paying a $2,000 fine and costs in the amount of $2,125, Assadi must also complete three courses including Privacy Compliance – How to Protect Your Broker, Part 1 and Part 2, and the Council Rules Course within 90 days.