Investigation into a privacy breach at Public Services and Procurement Canada
Public Services and Procurement Canada (PSPC) improperly disclosed pay-related information for 69,087 public servants to the wrong government institutions. An investigation found that PSPC contravened the Privacy Act due to this unauthorized disclosure. However, the complaints are considered resolved because PSPC took satisfactory corrective actions to remedy the vulnerabilities that caused the breach and notified affected individuals.
- Unauthorized disclosure of personal information
- Adequacy of PSPC's response to the breach
- Timeliness and completeness of notification to affected individuals
- Implementation of corrective measures to prevent recurrence
Complaint well-founded and resolved
PSPC contravened section 8 of the Privacy Act by disclosing personal information without proper authority. However, the contravention is considered resolved due to PSPC's prompt and comprehensive corrective actions, which mitigated damages and reduced the likelihood of recurrence.
AI-generated summary for reference only. Always verify against the official decision ↗
PSPC implemented corrective measures including a documented process with quality assurance for producing reports, removal of employee home addresses from future reports, and exploration of automated solutions. They also followed up to ensure flawed reports were deleted and committed to alerting departments about residual copies.
- s. 8 Privacy Act
- s. 3 Privacy Act
This summary is informational only and not legal advice.