Investigations into businesses
The Office of the Privacy Commissioner of Canada (OPC) conducts independent and impartial investigations into the personal information handling practices of businesses subject to the Personal Information Protection and Electronic Documents Act (PIPEDA).
The OPC publishes a selection of case summaries and findings from its investigations to provide concrete examples of how PIPEDA applies to the day-to-day management of personal information by businesses.
For each case, the Office indicates the outcome using a set of defined terms for findings and dispositions.
For more information about the complaint and investigation process, read How the OPC Enforces PIPEDA.
Note: Complainants are not named in the summaries or reports. The organizations are not identified unless the Privacy Commissioner of Canada has deemed it to be in the public interest to do so.
PIPEDA Report of Findings: Jet Airways says possibility of litigation allows it to refuse access to personal information
PIPEDA Report of Findings: Airline relies on access exemption to refuse traveler’s access to their personal information
PIPEDA Report of Findings: Facebook agrees to stop using non-users’ personal information in users’ address books
PIPEDA Report of Findings: Microsoft to obtain opt-in consent, enhance transparency for Windows 10 privacy settings
PIPEDA Case Summary: Courier company discontinues practice of delivery to a neighbor
PIPEDA Report of Findings: Company’s re-use of millions of Canadian Facebook user profiles violated privacy law
Operator of website that shamed debtors for profit takes down website after OPC takes the matter to Federal Court
PIPEDA Report of Findings: Operator of website that shamed debtors for profit takes down website after OPC takes the matter to Federal Court
Early resolved case summary: Bank agrees to cease performing credit checks on individuals who are no longer clients
Insurance company required to delete individual’s personal information after individual withdraws consent
PIPEDA Case Summary: Insurance company required to delete individual’s personal information after individual withdraws consent
PIPEDA Case Summary: Using SIN for identity verification cannot be a condition of service
Showing items 1 through 10 of 624.
Report a problem or mistake on this page
- Date modified: