PIPEDA Findings #2026-001: Investigation into the personal information retention practices of Loblaw for the PC Optimum Loyalty Program
The OPC investigated Loblaw Companies Ltd. regarding complaints about the deletion of PC Optimum Loyalty Program accounts. The investigation found Loblaw contravened PIPEDA by taking an unreasonable amount of time to address deletion requests and by failing to ensure that retained purchase history data was sufficiently anonymized after account closures. Loblaw has agreed to take corrective actions, including a third-party assessment of its anonymization processes.
- Adequacy of Loblaw's processes for addressing individual privacy challenges regarding account deletion.
- Compliance with PIPEDA's retention principle regarding anonymization of purchase history data.
- Timeliness of Loblaw's response to customer deletion requests.
- Sufficiency of Loblaw's anonymization techniques for retained data.
Complaint findings were well-founded but resolved or conditionally resolved.
Loblaw contravened PIPEDA by delaying account deletion responses and failing to adequately anonymize retained data. However, the company has committed to improvements and a third-party review, leading to a conditionally resolved outcome for one issue and resolved for the other.
AI-generated summary for reference only. Always verify against the official decision ↗
Loblaw agreed to enhance procedures for timely response to privacy concerns, to conduct an annual review and deletion of inactive PCid's, and to engage an independent third party to assess its anonymization process for retained data from closed accounts.
- Principle 4.5.3 PIPEDA
- Principle 4.10 PIPEDA
- Principle 4.4 PIPEDA
- Principle 4.5.2 PIPEDA
This summary is informational only and not legal advice.