Veteran’s complaint highlights significant privacy issues - October 6, 2010
A veteran complained that Veterans Affairs Canada (VAC) had inappropriately used and shared his sensitive medical information in briefing notes to the Minister, and had transferred his medical file to a VAC-administered hospital without his consent. The investigation found that the briefing notes contained excessive medical details and that sensitive information was shared widely within VAC without a need-to-know. The transfer of the medical file also occurred without the required consent. The complaint was found to be well-founded.
- Inappropriate use and disclosure of sensitive medical information in briefing notes.
- Transfer of personal medical information to a hospital without consent.
- Failure to limit access to personal information on a need-to-know basis.
- Compliance with section 7 of the Privacy Act regarding use of personal information.
Complaint well-founded — corrective measures recommended
The investigation found that Veterans Affairs Canada used and shared the complainant's sensitive medical information excessively and without a demonstrable need, contravening section 7 of the Privacy Act. The transfer of the medical file to a hospital also occurred without the required consent.
AI-generated summary for reference only. Always verify against the official decision ↗
The OPC recommended that VAC develop an enhanced privacy policy framework, revise information management practices to ensure information is shared on a need-to-know basis, provide employee training on privacy, and review procedures to ensure consent is obtained before transferring personal information to hospitals.
- s. 7 Privacy Act
This summary is informational only and not legal advice.