Investigations into businesses
The Office of the Privacy Commissioner of Canada (OPC) conducts independent and impartial investigations into the personal information handling practices of businesses subject to the Personal Information Protection and Electronic Documents Act (PIPEDA).
The OPC publishes a selection of case summaries and findings from its investigations to provide concrete examples of how PIPEDA applies to the day-to-day management of personal information by businesses.
For each case, the Office indicates the outcome using a set of defined terms for findings and dispositions.
For more information about the complaint and investigation process, read How the OPC Enforces PIPEDA.
Note: Complainants are not named in the summaries or reports. The organizations are not identified unless the Privacy Commissioner of Canada has deemed it to be in the public interest to do so.
Disclaimer: Typographical errors have been corrected from the original version of the report of findings. They are indicated in [brackets].
Bank agrees to cease performing credit checks on individuals who are no longer clients
Early resolved case summary: Bank agrees to cease performing credit checks on individuals who are no longer clients
Employee training a key factor in effectively satisfying customers’ requests about an organization’s personal information handling practices
Early resolved case summary: Employee training a key factor in effectively satisfying customers’ requests about an organization’s personal information handling practices
First Nation develops a privacy policy following allegations of lost doctor’s notes
Early resolved case summary: Organization’s technical glitch results in the disclosure of a client’s personal information to another client
Manager snoops on employee’s personal bank account after employee calls in sick
Early resolved case summary #2015-06: Manager snoops on employee’s personal bank account after employee calls in sick
Access to personal information held by insurance company facilitated through the early resolution process
Early resolved case summary: Access to personal information held by insurance company facilitated through the early resolution process
Organization’s technical glitch results in the disclosure of a client’s personal information to another client
Early resolved case summary #2016-02: Organization’s technical glitch results in the disclosure of a client’s personal information to another client
Privacy obligations under PIPEDA apply to financial technology sector
Early resolved case summary #2017-01: Privacy obligations under PIPEDA apply to financial technology sector
Anti-virus service provider steps up safeguards after customer personal information fraudulently used by someone posing as an employee
Early resolved case summary #2015-05: Anti-virus service provider steps up safeguards after customer personal information fraudulently used by someone posing as employee
Access to personal information request revised to accommodate both requestor and organization
Early resolved case summary #2016-01: Access to personal information request revised to accommodate both requestor and organization
Misidentification and lack of access to personal information leads to mistaken four-year debt pursuit
Early resolved case summary #2015-04: Misidentification and lack of access to personal information leads to mistaken four-year debt pursuit
Showing items 1 through 10 of 19.
- Date modified: