Language selection

OPC Logo Office of the Privacy Commissioner of Canada

Search

Mass mailing mistakes and how to avoid them this tax season

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Archived

This page has been archived on the Web.

OPC blogger, January 20, 2017 - PIPEDA, Privacy Breach

mail theft

With tax season approaching, many businesses are pulling together mass mailings to send out to customers. The information these mailings contain is likely pretty sensitive – names, addresses, social insurance numbers and financial details. You don’t want it falling into the wrong hands!

Every year, a number of Canadians contact our Office to complain because they received sensitive financial information that does not belong to them. A number of businesses also reach out to our Office to report related breaches.

You can take precautions to prevent printing or mailing errors that can cost your customers dearly and tarnish your reputation as good stewards of personal information:

AVOID PRINTING ERRORS

Coding errors are a frequent cause of breach reports to our Office involving misdirected mail. Businesses, and the third parties they outsource printing services to, need to make sure that printers are properly programmed and paper is not misaligned. Failing to do so could result in a customer receiving two copies of their own financial record and a third copy full of personal, sensitive information belonging to someone else.

Have a robust spot-check system in place, especially when outsourcing printing services.

And if a breach occurs, have systems and policies in place to respond appropriately:

CONFIRM DESTRUCTION

If, despite all your safeguards, the sensitive information ends up with the wrong customer, take steps to ensure it is destroyed. Trace the confidential document back to the individual who mistakenly received it. Tell them it was sent in error, that they should not disclose it to anybody else and arrange to have it returned or destroyed. It is in everyone’s interest to confirm destruction of the information and prevent its misuse.

NOTIFY AFFECTED CUSTOMERS

You should tell customers that their sensitive personal information was compromised. This will allow them to monitor their financial statements for unusual activity and to be on the lookout for identity theft. Make sure customers have an easy way to contact you – perhaps a 1-800 number – to discuss concerns. Where appropriate, provide free credit monitoring for a specified period.

PREVENT FUTURE ERRORS

Take the time to review your internal policies and procedures to prevent future errors and improve mitigation efforts when things go wrong. If you outsource printing to a third party, have a robust contract in place with clauses that specify procedures for protecting personal information.

For more tips, have a look at our guidance on avoiding breaches and responding to them when they occur.

You may also wish to have a look at a recent incident summary involving a financial institution that reacted quickly to a mass-mailing error.

Date modified: