Investigations into businesses

Filter these results

Search by key word or choose from the filter options below to narrow the results.


Dispositions

Complaint Types

Sectors

Topics

Principles

Date of Findings


The Office of the Privacy Commissioner of Canada (OPC) conducts independent and impartial investigations into the personal information handling practices of businesses subject to the Personal Information Protection and Electronic Documents Act (PIPEDA).

The OPC publishes a selection of case summaries and findings from its investigations to provide concrete examples of how PIPEDA applies to the day-to-day management of personal information by businesses.

For each case, the Office indicates the outcome using a set of defined terms for findings and dispositions.

For more information about the complaint and investigation process, read How the OPC Enforces PIPEDA.

Note: Complainants are not named in the summaries or reports. The organizations are not identified unless the Privacy Commissioner of Canada has deemed it to be in the public interest to do so.

PIPEDA Report of Findings #2018-002

Company’s re-use of millions of Canadian Facebook user profiles violated privacy law

PIPEDA Report of Findings: Company’s re-use of millions of Canadian Facebook user profiles violated privacy law

Date of findings:
PIPEDA Report of Findings #2017-007

Operator of website that shamed debtors for profit takes down website after OPC takes the matter to Federal Court

PIPEDA Report of Findings: Operator of website that shamed debtors for profit takes down website after OPC takes the matter to Federal Court

Date of findings:
Early resolved case summary #2017-003

Bank agrees to cease performing credit checks on individuals who are no longer clients

Early resolved case summary: Bank agrees to cease performing credit checks on individuals who are no longer clients

Date of findings:
PIPEDA Case Summary #2017-006

Using SIN for identity verification cannot be a condition of service

PIPEDA Case Summary: Using SIN for identity verification cannot be a condition of service

Date of findings:
PIPEDA Case Summary #2017-005

Insurance company required to delete individual’s personal information after individual withdraws consent

PIPEDA Case Summary: Insurance company required to delete individual’s personal information after individual withdraws consent

Date of findings:
Early resolution case summary #2016-03

First Nation develops a privacy policy following allegations of lost doctor’s notes

Early resolved case summary: Organization’s technical glitch results in the disclosure of a client’s personal information to another client

Date of findings:
Early resolved case summary #2015-07

Employee training a key factor in effectively satisfying customers’ requests about an organization’s personal information handling practices

Early resolved case summary: Employee training a key factor in effectively satisfying customers’ requests about an organization’s personal information handling practices

Date of findings:
Incident case summary #2017-001
Date of findings:
Early resolved case summary #2015-06

Manager snoops on employee’s personal bank account after employee calls in sick

Early resolved case summary #2015-06: Manager snoops on employee’s personal bank account after employee calls in sick

Date of findings:
Discontinued Case Summary #2015-002

OPC discontinues additional complaints against Globe24h.com following investigation into same privacy issues

PIPEDA Discontinued Case Summary: OPC discontinues additional complaints against Globe24h.com following investigation into same privacy issues

Date of findings:

Showing items 1 through 10 of 619.

Report a problem or mistake on this page
Please select all that apply (required): Error 1: This field is required.

Note

Date modified: