BreachOfPrivacy
Menu
Register / Login

No account? Contact us

Decisions/Federal (Canada)/Personal Information Protection and Electronic Documents Act/PIPEDA Report of Findings #2016-005: Joint investigation of Ashley Madison by the Privacy Commissioner of Canada and the Australian Privacy Commissioner/Acting Australian Information Commissioner
Federal (Canada)Office of the Privacy Commissioner of CanadaPersonal Information Protection and Electronic Documents ActPIPEDA Report of Findings #2016-005Well-founded & conditionally resolved
Flag of Canada

PIPEDA Report of Findings #2016-005: Joint investigation of Ashley Madison by the Privacy Commissioner of Canada and the Australian Privacy Commissioner/Acting Australian Information Commissioner

Organization: Avid Life Media Inc. (ALM)
Decision: Aug 22, 2016Published: Aug 22, 2016
Official Decision ↗BookmarkView Governing Law
Plain-Language Summary

This report details a joint investigation by the Office of the Privacy Commissioner of Canada (OPC) and the Australian Office of the Information Commissioner (OAIC) into Avid Life Media Inc. (ALM), the operator of Ashley Madison. The investigation followed a significant data breach where personal information of millions of users was exposed. The OPC found that ALM contravened PIPEDA regarding information security, indefinite retention of user data, accuracy of email addresses, and transparency with users. ALM has entered into a compliance agreement with the OPC to address these issues.

Key Issues
  • Adequacy of information security safeguards
  • Indefinite retention of user data
  • Accuracy of collected email addresses
  • Transparency and user consent regarding data handling practices
Outcome

Complaint well-founded and conditionally resolved

Reasoning

ALM failed to implement adequate safeguards, retain personal information only as long as necessary, ensure the accuracy of email addresses, and be transparent with users about its data handling practices, thus contravening PIPEDA.

AI-generated summary for reference only. Always verify against the official decision ↗

Decision Notes
Recommended action / remedy

ALM has agreed to implement recommendations to address identified privacy issues, including enhancing its information security framework, establishing clear data retention periods, improving email address accuracy, and ensuring transparency with users. A compliance agreement was entered into with the OPC.

Statutory provisions cited
  • PIPEDA Principle 4.7
  • PIPEDA Principle 4.7.1
  • PIPEDA Principle 4.1.4
  • PIPEDA Principle 4.5
  • PIPEDA Principle 4.5.2
  • PIPEDA Principle 4.3.8
  • PIPEDA Principle 4.6
  • PIPEDA Principle 4.6.1
  • PIPEDA Section 6.1
  • PIPEDA Principle 4.3
  • PIPEDA Principle 4.3.5
  • PIPEDA Principle 4.8
  • PIPEDA Principle 4.8.1
  • PIPEDA s. 11(2)
  • PIPEDA s. 17.1(1)

This summary is for informational purposes only and does not constitute legal advice.