PIPEDA Findings #2020-003: Dell improves security and complaint handling practices following breaches and OPC Investigation
Following complaints from two customers who were victims of tech support scams, the OPC investigated Dell's security safeguards and complaint handling practices. Dell discovered that two employees of its service provider in India had sold customer information on two separate occasions, leading to personal information breaches affecting thousands of Canadians. The OPC found that Dell's safeguards, including access controls and breach investigation procedures, were insufficient given the sensitivity of the data and the risk environment.
- Adequacy of security safeguards for personal information transferred to a service provider
- Effectiveness of access controls and monitoring for preventing insider theft of data
- Sufficiency of investigation into customer complaints alleging privacy breaches
- Appropriateness of breach notification and response
Complaint well-founded and resolved
The OPC found that Dell failed to adequately safeguard customer data held by its service provider, leading to breaches. However, Dell implemented significant remedial measures and improved its security and complaint handling processes to the OPC's satisfaction.
AI-generated summary for reference only. Always verify against the official decision ↗
Dell implemented enhanced monitoring and logging, strengthened access controls, improved breach response plans, and provided additional training to staff and service providers.
- Principle 4.1.3 PIPEDA
- Principle 4.7 PIPEDA
- Principle 4.10.4 PIPEDA
This summary is informational only and not legal advice.