Privacy in the News

Privacy issues in the Canadian news, including breaches and commentary regarding emerging privacy and information security risks and trends affecting private and public sector organizations.

Gaps in safeguards led to massive Desjardins security breach: privacy commissioners

(Original Article Posted December 14, 2020)

A ‘malicious’ employee at Desjardins Group collected information about nearly three million people and businesses and shared it with others outside the Quebec-based financial institution. The mass data breach — the largest ever in the Canadian financial services sector — was caused by a series of gaps in the Quebec company's security setup, according to a new investigation by the federal and Quebec privacy commissioners.

Click Here To Read The Full Article

Rumour of COVID-19 exposure at IWK suggests staff shared private info

(Original Article Posted November 20, 2020)

Content of recent social media posts and media inquiries "strongly suggests that IWK staff member(s) were inappropriately sharing patient care related information." While the social media post didn't name the patient, it included details that could be identifying.

Click Here To Read The Full Article

Cadillac Fairview broke privacy laws by using facial recognition technology at malls, investigators conclude

(Original Article Posted October 29, 2020)

Cadillac Fairview broke Canadian privacy laws after the company installed facial recognition technology inside a dozen malls and analyzed visitors’ images without obtaining proper consent, federal and provincial privacy commissioners have found.

Click Here To Read The Full Article

'Snooping' Central Health employee accessed patient diagnoses, personal info in 2-year privacy breach: CEO

(Original Article Posted July 29, 2020)

Central Health regional health authority in Newfoundland and Labrador is reviewing its privacy and information security practices, including staff privacy training and auditing, following a series of privacy breaches spanning a two-year period where a Central Health employee accessed the personal health information of 240 patients for unauthorized purposes.

Click Here To Read The Full Article

Saskatchewan Teachers’ Federation survey an ‘egregious’ privacy breach: Commissioner

(Original Article Posted June 29, 2020)

The Saskatchewan privacy commissioner has called a survey given by the Saskatchewan Teachers’ Federation to 900 Saskatchewan Teachers an "egregious privacy breach”. The survey, which asked teachers to score students based on several sets of criteria and would identify each student by their initials, created a unique profile that would allow students to be identified. The privacy commissioner said teachers who filled out the questionnaire demonstrated “a complete lack of understanding of the fundamentals with respect to privacy and (privacy legislation).”

Click Here To Read The Full Article

Tim Hortons’ mobile app under investigation for allegedly breaking privacy laws

(Original Article Posted June 29, 2020)

Privacy protection authorities for Canada, Alberta, B.C. and Quebec are launching a joint investigation into Tim Hortons’ privacy practices related to its mobile ordering and payment app. The four privacy regulators will examine whether the organization’s practices are in compliance with Canadian privacy laws that govern the security of consumers’ personal information, including whether meaningful consent is being obtained from users to collect, use and disclose geolocation data for the creation of detailed user profiles, and whether that collection and use of the data is appropriate in the circumstances.

Click Here To Read The Full Article

LifeLabs failed to protect personal information of millions: B.C. and Ontario report

(Original Article Posted June 25, 2020)

A probe into a major privacy breach at lab test provider LifeLabs has found the company failed to secure the personal health information of clients in B.C. and Ontario. A joint investigation by the B.C. and Ontario privacy commissioners determined that LifeLabs failed to take reasonable steps to protect the personal information in its electronic systems and failed to have adequate information technology security policies in place.

Click Here To Read The Full Article

Contact Us Today