Investigations into businesses
The Office of the Privacy Commissioner of Canada (OPC) conducts independent and impartial investigations into the personal information handling practices of businesses subject to the Personal Information Protection and Electronic Documents Act (PIPEDA).
The OPC publishes a selection of case summaries and findings from its investigations to provide concrete examples of how PIPEDA applies to the day-to-day management of personal information by businesses.
For each case, the Office indicates the outcome using a set of defined terms for findings and dispositions.
For more information about the complaint and investigation process, read How the OPC Enforces PIPEDA.
Note: Complainants are not named in the summaries or reports. The organizations are not identified unless the Privacy Commissioner of Canada has deemed it to be in the public interest to do so.
Disclaimer: Typographical errors have been corrected from the original version of the report of findings. They are indicated in [brackets].
Joint investigation into location tracking by the Tim Hortons App
..., and that it shall use contractual or other means to provide a comparable level of protection while the information... must take the security measures necessary to ensure the protection of the personal information... (the operator and franchisor of Tim Hortons in Canada) compliance with Canada’s Personal Information Protection...
Dell improves security and complaint handling practices following breaches and OPC Investigation
...is required to use contractual or other means to provide a comparable level of protection... to require a high degree of protection having regard to the nature of the personal information... Protection System” software alerted the security team to an email sent by an employee with a large...
Bank ensures openness and comparable protection for personal information transferred to third party
...and security-related practices that provide a comparable level of protection for customers’ personal... that its third-party processor provided a level of protection of personal information comparable to... that its third-party processor provided a level of protection that was comparable to that required...
Investigation into authentication and transfer practices used during Loblaw gift card offering
...to ensure a level of protection that was comparable to that which would be required under the Act... used, Loblaw’s detailed contractual requirements were sufficient to ensure a level of protection... for processing. The organization shall use contractual or other means to provide a comparable level...
Investigation into Equifax Inc. and Equifax Canada Co.’s compliance with PIPEDA in light of the 2017 breach of personal information
...by Equifax Inc. receives a level of protection comparable to that required under PIPEDA. To determine... was protected by adequate security safeguards as required by Safeguards Principle 4.7. Issue 6... must be protected by security safeguards appropriate to the sensitivity of the information. The Canadian...
Report of Findings: CIPPIC v. Facebook Inc.
...Clinic (CIPPIC) against Facebook Inc. Under the Personal Information Protection and Electronic... and non-users’ personal information. Security safeguards figured prominently in the allegations... Information Protection and Electronic Documents Act (the Act) 1. In a letter dated May 30, 2008...
Backgrounder: Ticketmaster Investigation
...of protection must be comparable with that provided by the business that collected the information... and use of customers’ personal information did not comply with the Personal Information Protection... the same service. Businesses are responsible for protecting their customers’ personal information...
Showing items 1 through 7 of 7.
- Date modified: