Canadian Privacy Decisions

The OPC investigated a complaint that Brinks Home failed to implement adequate safeguards, leading to the compromise of customer personal information via its online portal. While the OPC found Brinks Home had failed to adequately protect customer information, the issue was resolved through corrective actions and the subsequent sale of customer accounts. The OPC also determined that Brinks Home was not required to report the breach to the OPC or notify affected individuals because it did not present a real risk of significant harm.

• Adequacy of safeguards for personal information
• Compliance with mandatory breach reporting requirements
• Assessment of real risk of significant harm (RROSH)
• Employee error leading to unauthorized access

The Office of the Privacy Commissioner of Canada (OPC) investigated a complaint against Aylo (formerly MindGeek) concerning its handling of user-uploaded intimate content. The OPC found that MindGeek failed to obtain valid consent for the collection, use, and disclosure of personal information, particularly highly sensitive intimate images. The OPC also determined that MindGeek did not provide an accessible or effective process for individuals to remove their non-consensual content from its websites. Furthermore, the investigation concluded that MindGeek lacked accountability for the personal information under its control. The complaint was found to be well-founded and remains unresolved.

• Validity of consent for collecting and using intimate images
• Effectiveness and accessibility of content takedown processes
• Accountability for personal information under control
• Jurisdiction over international operations