Privacy issues in the Canadian news, including breaches and commentary regarding emerging privacy and information security risks and trends affecting private and public sector organizations.
Privacy in the News
Gaps in safeguards led to massive Desjardins security breach: privacy commissioners
(Original Article Posted December 14, 2020)
A ‘malicious’ employee at Desjardins Group collected information about nearly three million people and businesses and shared it with others outside the Quebec-based financial institution. The mass data breach — the largest ever in the Canadian financial services sector — was caused by a series of gaps in the Quebec company's security setup, according to a new investigation by the federal and Quebec privacy commissioners.
Rumour of COVID-19 exposure at IWK suggests staff shared private info
(Original Article Posted November 20, 2020)
Content of recent social media posts and media inquiries "strongly suggests that IWK staff member(s) were inappropriately sharing patient care related information." While the social media post didn't name the patient, it included details that could be identifying.
Cadillac Fairview broke privacy laws by using facial recognition technology at malls, investigators conclude
(Original Article Posted October 29, 2020)
Cadillac Fairview broke Canadian privacy laws after the company installed facial recognition technology inside a dozen malls and analyzed visitors’ images without obtaining proper consent, federal and provincial privacy commissioners have found.
'Snooping' Central Health employee accessed patient diagnoses, personal info in 2-year privacy breach: CEO
(Original Article Posted July 29, 2020)
Central Health regional health authority in Newfoundland and Labrador is reviewing its privacy and information security practices, including staff privacy training and auditing, following a series of privacy breaches spanning a two-year period where a Central Health employee accessed the personal health information of 240 patients for unauthorized purposes.
Saskatchewan Teachers’ Federation survey an ‘egregious’ privacy breach: Commissioner
(Original Article Posted June 29, 2020)
The Saskatchewan privacy commissioner has called a survey given by the Saskatchewan Teachers’ Federation to 900 Saskatchewan Teachers an "egregious privacy breach”. The survey, which asked teachers to score students based on several sets of criteria and would identify each student by their initials, created a unique profile that would allow students to be identified. The privacy commissioner said teachers who filled out the questionnaire demonstrated “a complete lack of understanding of the fundamentals with respect to privacy and (privacy legislation).”
Tim Hortons’ mobile app under investigation for allegedly breaking privacy laws
(Original Article Posted June 29, 2020)
Privacy protection authorities for Canada, Alberta, B.C. and Quebec are launching a joint investigation into Tim Hortons’ privacy practices related to its mobile ordering and payment app. The four privacy regulators will examine whether the organization’s practices are in compliance with Canadian privacy laws that govern the security of consumers’ personal information, including whether meaningful consent is being obtained from users to collect, use and disclose geolocation data for the creation of detailed user profiles, and whether that collection and use of the data is appropriate in the circumstances.
LifeLabs failed to protect personal information of millions: B.C. and Ontario report
(Original Article Posted June 25, 2020)
A probe into a major privacy breach at lab test provider LifeLabs has found the company failed to secure the personal health information of clients in B.C. and Ontario. A joint investigation by the B.C. and Ontario privacy commissioners determined that LifeLabs failed to take reasonable steps to protect the personal information in its electronic systems and failed to have adequate information technology security policies in place.