Passport information of client inadvertently distributed with travel agency’s promotional email
Settled case summary #2014-001
September 23, 2014
Lessons Learned
- Organizations shall not collect information indiscriminately. Both the amount and the type of information shall be limited to that which is necessary to fulfil the purposes identified.
- Organizations should be cautious when receiving customers’ personal information via email.
- Personal information shall be protected, by security safeguards appropriate to the sensitivity of the information, against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
- Organizations should ensure that the means for customers to contact them about their privacy concerns or complaints are working properly.
Complaint
A customer sent her travel agent scanned images of her own passport, and that of her travelling companion, via email. Months later, the customer and her companion discovered that the passport images were part of a large document attached to a promotional email that had been sent to individuals on the travel agency’s distribution list. The promotional email also contained images of the passports of two other individuals, several signed travel insurance waivers, and several of the travel agent’s personal files.
The customer was concerned that her personal information had been disclosed without her knowledge and consent; it was not being properly safeguarded by the travel agency; and that her travel agent, who had apologized, seemed unperturbed by the incident.
The customer sent an email to the travel agency’s privacy officer about her concerns. After not receiving a reply, she complained to our Office and we began an investigation.
How did it happen?
The travel agency explained that it had recently acquired multiple offices across the country and that it had inherited the office’s equipment when it purchased that particular office. Since then, it had been diligently working to bring all its newly acquired offices in compliance with its existing policies. One of these policies, it stated, is not to collect or retain passport information, even when the customer wants to provide it. The facts are unclear in this case as to whether the customer voluntarily sent her passport information or if she was asked for it by the travel agent. The agent affirmed that she had already deleted the complainant’s email message before sending out the promotional email.
The agency’s own investigation concluded that scanned files, such as the image of the complainant’s passport, were inadvertently being stored in a temporary file in the agent’s computer and that these had, without the agent’s knowledge, somehow been attached to the promotional email.
Outcome
When the travel agent first became aware that her promotional email contained the personal information of others, she called and apologized to the customers whose passports were affected. She notified the agency’s IT department, who removed the software that the agent had been using and performed a “scrub” on her computer to delete the information.
The travel agency has since instituted a new process whereby all promotional emails are now vetted through its head office prior to mass distribution.
As to why the customer’s email to the agency’s privacy office was not answered, the agency explained that it was not received due to internal server errors. The agency confirmed that this issue was rectified and steps were taken to prevent a recurrence.
Our Office reviewed a copy of the agency’s privacy policy procedures, which are to be read, signed and followed by each of its employees. We also reviewed a copy of an email reminder sent to employees about their privacy obligations. It clearly states that employees are not to accept from customers, either by fax or email, scans of ID cards for the purpose of booking travel.
The agency called the customer and sent her a formal letter of apology. The customer told our Office that she was satisfied with the steps taken in the matter and considered the matter settled.
- Date modified: