Decisions/Federal (Canada)/Personal Information Protection and Electronic Documents Act/PIPEDA Findings #2024-002: Investigation into Brinks Home

Federal (Canada)Office of the Privacy Commissioner of CanadaPersonal Information Protection and Electronic Documents ActPIPEDA Findings #2024-002Well-founded & resolved

PIPEDA Findings #2024-002: Investigation into Brinks Home

Organization: Brinks Home

Decision: Mar 28, 2024Published: Mar 28, 2024

Official Decision ↗Bookmark View Governing Law

Plain-Language Summary

The OPC investigated a complaint that Brinks Home failed to implement adequate safeguards, leading to the compromise of customer personal information via its online portal. While the OPC found Brinks Home had failed to adequately protect customer information, the issue was resolved through corrective actions and the subsequent sale of customer accounts. The OPC also determined that Brinks Home was not required to report the breach to the OPC or notify affected individuals because it did not present a real risk of significant harm.

Key Issues

Adequacy of safeguards for personal information
Compliance with mandatory breach reporting requirements
Assessment of real risk of significant harm (RROSH)
Employee error leading to unauthorized access

Outcome

Complaint partially well-founded and resolved; partially not well-founded.

Reasoning

The OPC found that Brinks Home's initial failure to safeguard data was resolved through corrective actions. The breach notification aspect was deemed not well-founded as the incident did not pose a real risk of significant harm.

AI-generated summary for reference only. Always verify against the official decision ↗

Decision Notes

Recommended action / remedy

Brinks Home implemented corrective measures, including updating processes and training, and subsequently sold its customer accounts.

Statutory provisions cited

Principle 4.7 PIPEDA
s. 10.1 PIPEDA

This summary is informational only and not legal advice.