Incident Summary #2: CIBC's privacy practices failed in cases of misdirected faxes - April 18, 2005
This report details an investigation into CIBC's handling of misdirected faxes containing customer personal information, which occurred between 2001 and 2004. The investigation found that CIBC's privacy practices failed to adequately address these incidents, resulting in breaches of customer data and trust. The bank has since implemented significant remedial measures to enhance its privacy safeguards.
- Adequacy of CIBC's privacy policies and procedures
- Effectiveness of CIBC's response to misdirected fax incidents
- Timeliness and appropriateness of customer notification following a privacy breach
- Organizational awareness and adherence to privacy obligations
Complaint well-founded — corrective measures implemented
The investigation found that CIBC's privacy practices failed at a basic organizational level, and its attempts to rectify the misdirected fax issues were ineffective. However, CIBC has since implemented comprehensive remedial measures satisfactory to the OPC.
AI-generated summary for reference only. Always verify against the official decision ↗
CIBC was urged to fully implement planned changes, establish a mechanism for immediate notification of affected individuals in case of inappropriate disclosure, and report back to the Assistant Privacy Commissioner.
- PIPEDA
This summary is informational only and not legal advice.