Federal (Canada) Privacy Decisions

This report details a joint investigation by the Office of the Privacy Commissioner of Canada (OPC) and the Australian Office of the Information Commissioner (OAIC) into Avid Life Media Inc. (ALM), the operator of Ashley Madison. The investigation followed a significant data breach where personal information of millions of users was exposed. The OPC found that ALM contravened PIPEDA regarding information security, indefinite retention of user data, accuracy of email addresses, and transparency with users. ALM has entered into a compliance agreement with the OPC to address these issues.

• Adequacy of information security safeguards
• Indefinite retention of user data
• Accuracy of collected email addresses
• Transparency and user consent regarding data handling practices

This report details an investigation into Compu-Finder's practices of collecting and using email addresses for marketing its training courses without adequate consent. The Office of the Privacy Commissioner of Canada (OPC) found that Compu-Finder contravened PIPEDA by failing to obtain meaningful consent, lacking accountability frameworks, and not being transparent about its privacy practices. While Compu-Finder agreed to implement recommendations, the complaint was found to be well-founded and resolved in part, and well-founded and conditionally resolved in part, with a compliance agreement entered into.

• Collection and use of email addresses without consent
• Lack of accountability and transparency in privacy practices
• Use of address harvesting software
• Validity of implied and express consent claims