PIPEDA Findings #2021-007: Computer services company accesses customer’s laptop remotely during help desk call without seeking customer’s express consent
The complainant alleged that a computer services company remotely accessed his laptop without his express consent during a help desk call. The Office of the Privacy Commissioner of Canada (OPC) found that the company failed to obtain meaningful express consent for remote access and did not have adequate safeguards to protect customer information. The company has since restructured, ceased offering personal help desk services, and no longer uses the remote access software, leading the OPC to find the complaint well-founded and resolved.
- Whether meaningful express consent was obtained for remote computer access.
- Whether adequate safeguards were in place to protect customer data during remote access.
- The nature of consent required for accessing potentially sensitive personal information on a customer's laptop.
Complaint well-founded and resolved.
The company failed to demonstrate it obtained meaningful express consent for remote access and lacked adequate safeguards. However, the company has since ceased the practice and restructured, resolving the issue.
AI-generated summary for reference only. Always verify against the official decision ↗
The company ceased its personal help desk services and no longer uses the remote access software in question.
- Principle 4.3 PIPEDA
- Principle 4.7 PIPEDA
- Principle 4.7.1 PIPEDA
- Principle 4.7.3 PIPEDA
This summary is informational only and not legal advice.