PIPEDA Findings #2021-004: Company’s employees bypassed authentication protocols allowing fraudsters to repeatedly access customer’s account
This investigation concerned a complaint that Fido Solutions Inc. failed to safeguard a customer's personal information, allowing fraudsters to access and alter account details. It was found that Fido's customer service representatives repeatedly failed to follow authentication protocols, leading to unauthorized access. Additionally, the complaint alleged Fido failed to provide a requested transcript in an understandable format. Fido has committed to implementing enhanced safeguards regarding authentication protocols and has since provided the requested transcripts.
- Adequacy of safeguards to protect customer personal information from unauthorized access.
- Effectiveness of authentication protocols and employee adherence.
- Proper response to customer requests for access to personal information.
- Provision of personal information in a generally understandable format.
Complaint found well-founded regarding both safeguarding of information and access request, with corrective actions taken.
Fido failed to adequately safeguard personal information due to repeated bypasses of authentication protocols by staff, and initially provided access to recordings in an incomprehensible format. However, Fido committed to implementing enhanced safeguards and subsequently provided a transcript, resolving the issues.
AI-generated summary for reference only. Always verify against the official decision ↗
Fido committed to implementing enhanced authentication protocols and staff training, and has provided transcripts of calls to the complainant.
- Principle 4.7 PIPEDA
- Principle 4.7.1 PIPEDA
- Principle 4.9 PIPEDA
- Principle 4.9.4 PIPEDA
This summary is informational only and not legal advice.