Early resolved case summary #2015-05: Anti-virus service provider steps up safeguards after customer personal information fraudulently used by someone posing as an employee
A couple complained after their personal information was fraudulently used by a marketing company posing as an employee of their anti-virus service provider. The couple suspected the service provider employee disclosed their account number to the marketing company. The OPC investigated and found the service provider had failed to adequately protect customer information. The service provider dismissed the employee responsible and implemented new safeguards, including an auditing system and a streamlined procedure for addressing privacy concerns.
- Adequacy of security safeguards
- Unauthorized access to personal information
- Complaint handling procedures
- Accountability for employee actions
Complaint resolved to the satisfaction of the complainants.
The service provider took corrective measures including dismissing the employee, reimbursing the complainants, and implementing new auditing and complaint handling procedures, which satisfied the complainants.
AI-generated summary for reference only. Always verify against the official decision ↗
The service provider reimbursed the complainants in full, implemented an auditing system to monitor employee access to customer files, and established a new procedure to escalate privacy concerns to management.
- Principle 4.10.4 PIPEDA
This summary is informational only and not legal advice.