Investigations into businesses

...allowing the organization to take and post images of their children in swim attire on public... the facility to take and post images of children on public platforms in order to enroll them in swimming... it necessary to accept that images of children can be taken and posted on public platforms for promotional...

...of birth (“DOB”), address and/ or credit/debit card numbers - and publicly disclosed..., an unauthorized third party proceeded to publicly post the personal information of 3,190 BMO customers on various public websites . While BMO acted quickly to request that the information be removed...

...was required to undergo COVID-19 testing, conducted by Biron, in accordance with public health rules issued by the Public Health Agency of Canada. The complainant says he provided his email address to Biron... but to do business with Biron to comply with the rules issued by the Public Health Agency. In this...

...resolved case summary #2015-01 Lessons Learned Publicly displaying, without consent, photographs... constituted their personal information and could not be publicly disclosed in such a manner...

...government had made the public policy decision to allow credit reporting agencies to disclose..., which suggests that the general public may not be sufficiently informed about insurance companies... the public on the use of credit information. Brokers suggested that consumers are actively being harmed...

...On September 7, 2017 Equifax Inc. publically announced that an attacker had accessed the personal... a publically known vulnerability in the Apache Strut software platform supporting Equifax Inc.’s online... handling, Equifax Canada has consistently represented, both to our office, and to the public...

...her personal information to third parties, which also includes private and public sector entities not covered... 9(2.1) to 9(2.4), as well as other public sector third parties that are not covered by subsections 9..., had been disclosed to all other parties, including private and public sector organizations. The telco...

...by publically clarifying the limited information it required from individuals submitting ID... its request for ID in subsequent messaging in the media. Loblaw advised publically... clarified publically, and through a revision to its notice to registrants, that it only needed to verify...

...and public network IP address as well as frequency, duration and time of logins); Browsing behaviour... sufficient anonymization for the following reasons: First, Loblaw retains public IP address data... given that an individual’s public IP address can be used to approximate their physical location, which, when cross...

..., Marriott International, Inc. (“Marriott”) publicly announced that it had experienced a data... our Office gathered and analyzed from publicly available sources concerning the breach, including... having confirmed its compliance with PCI DSS in April 2016, public statements made by Starwood...