Decisions/Federal (Canada)

Federal (Canada)

Federal (Canada) Privacy Decisions

Browse privacy decisions from Federal (Canada) — with AI-generated plain-language summaries for every ruling.

3 decisions matching

Jurisdiction

Federal (Canada)Ontario British Columbia Alberta Saskatchewan Manitoba Quebec Nova Scotia New Brunswick Prince Edward Island Newfoundland and Labrador

Governing law

ATIA CASL PIPEDA Privacy Act

Outcome

OIC Order (ATIA s.36.1, binding)Well-founded Well-founded & resolved Well-founded & conditionally resolved Well-founded & unresolved Not well-founded Action warranted s.6.1 Application Granted (refusal authorized)s.6.1 Application Denied (must respond)Settled Resolved Early-resolved Discontinued Withdrawn Declined to investigate No jurisdiction

Decision Type

Systemic Investigations

Sort

Default: publication date

Index date

Browse by Year

2026 2025 2024 2023 2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001

Federal (Canada)Personal Information Protection and Electronic Documents ActEarly-resolved

Oct 31, 2012Early resolved case summary #2· Indexed Apr 12, 2026

Early resolved case summary #2: Telecommunications firm discloses individual’s personal information without consent when it merged two household accounts that shared an address

A major telecommunications provider

An individual complained to the OPC after a telecommunications firm disclosed his personal account and debt information to his tenant without his consent. The firm had merged the landlord's account with the new tenant's account when the tenant opened his own account. The firm accepted responsibility, corrected the accounts, and made amends with the landlord, leading to the early resolution of the complaint.

Official ↗

Federal (Canada)Personal Information Protection and Electronic Documents ActWell-founded & resolved

Aug 22, 2012Commissioner’s Findings - PIPEDA Report of Findings # 2012-004· Indexed Apr 12, 2026

Commissioner’s Findings - PIPEDA Report of Findings # 2012-004 : Weak authentication allowed imposter to hijack customer’s cell phone account

A cellular telephone service provider

A customer complained that his cell phone service provider disclosed his personal information to an imposter and inadequately responded to his request for access to his data. The Office of the Privacy Commissioner of Canada (OPC) found that the provider contravened PIPEDA by allowing an employee to disclose sensitive account details without proper authentication. The OPC also found that the provider initially failed to meet the 30-day deadline for responding to the customer's access request, but this aspect was later resolved. The OPC recommended the company review its privacy management programs.

Official ↗

Federal (Canada)Personal Information Protection and Electronic Documents ActWell-founded & resolved

Aug 14, 2012Commissioner’s Findings - PIPEDA Report of Findings # 2012-010· Indexed Apr 12, 2026

Commissioner’s Findings - PIPEDA Report of Findings # 2012-010: Telecommunications firm adopts additional accountability measures to ensure a consistent approach in handling access requests

A telecommunications firm

A complainant alleged that a telecommunications firm failed to provide her with access to her personal information, specifically notes and transcripts of recorded conversations relating to her account dispute. The investigation found that the firm failed to respond to the access request within the statutory time limits and deleted records that were the subject of the request, contravening PIPEDA. The firm accepted recommendations to amend its policies, procedures, and provide enhanced training to staff, leading to the resolution of the complaint.

Official ↗

Outcome Notes

Federal rulings come from two regulators with different statutory authority — outcome filters cover both.

OIC Order (ATIA s.36.1, binding) — Since June 2019 (Bill C-58) the Information Commissioner can issue binding orders requiring disclosure or reconsideration. Enforceable after 31/41 business days unless reviewed by the Federal Court (s.41).

Well-Founded — finding that the complaint is well-founded. For OIC: ATIA s.37(1)(a) finding (may be paired with a s.36.1 order). For OPC: Privacy Act s.35(1) / PIPEDA s.13(1) advisory finding — recommendations only, no binding order-making power.

Not Well-Founded — no contravention found.

s.6.1 Application— the OIC's response to a head's application for authorization to refuse a frivolous, vexatious, or bad-faith access request. Granted = institution may refuse; Denied = institution must respond.

Settled / Resolved / Early-resolved — OPC matter resolved during or before formal findings without a contravention finding.

Declined to investigate / No jurisdiction — Procedural close (Privacy Act s.34, PIPEDA discretion, or scope outside the Acts).

References: ATIA s.36.1 · OPC disposition definitions

About This Archive

Breach of Privacy archives Canadian privacy decisions from federal, provincial, and territorial commissioners. Each decision includes an AI-generated plain-language summary. Always verify against the official source document.

Federal (Canada) Privacy Decisions

Early resolved case summary #2: Telecommunications firm discloses individual’s personal information without consent when it merged two household accounts that shared an address

Quick View

Early resolved case summary #2: Telecommunications firm discloses individual’s personal information without consent when it merged two household accounts that shared an address

Commissioner’s Findings - PIPEDA Report of Findings # 2012-004 : Weak authentication allowed imposter to hijack customer’s cell phone account

Quick View

Commissioner’s Findings - PIPEDA Report of Findings # 2012-004 : Weak authentication allowed imposter to hijack customer’s cell phone account

Commissioner’s Findings - PIPEDA Report of Findings # 2012-010: Telecommunications firm adopts additional accountability measures to ensure a consistent approach in handling access requests

Quick View

Commissioner’s Findings - PIPEDA Report of Findings # 2012-010: Telecommunications firm adopts additional accountability measures to ensure a consistent approach in handling access requests

Filters