Incident Summary #3: Misdirected faxes - December 4, 2006
The Office of the Privacy Commissioner of Canada investigated two separate incidents involving misdirected faxes containing personal information at two banks. In both cases, the banks failed to adequately safeguard personal information, leading to its disclosure to unintended recipients. While both banks took corrective actions, including revising policies and procedures, the OPC recommended further improvements in customer notification and information recovery.
- Adequacy of safeguards for personal information transmitted by fax
- Effectiveness of privacy policies and employee awareness
- Timeliness and scope of customer notification following a privacy breach
- Procedures for recovering erroneously transmitted personal information
Complaints well-founded and resolved
The investigations found that both banks contravened PIPEDA by failing to adequately protect personal information transmitted by fax, resulting in unauthorized disclosures. However, both institutions took satisfactory corrective measures during the investigation.
AI-generated summary for reference only. Always verify against the official decision ↗
Both banks were recommended to implement measures for better internal communication of privacy breaches, notify all affected customers of breaches, examine fax transmission confirmation processes, and ensure recovery of erroneously transmitted customer information.
- PIPEDA
This is an informational summary of a regulatory decision and not legal advice.