BreachOfPrivacy
Menu
Register / Login

No account? Contact us

Canadian Privacy Decisions

Canadian Privacy Decisions

The comprehensive archive of Canadian privacy decisions from federal, provincial, and territorial commissioners — with AI-summarized plain-language summaries for every decision.

3 decisions matching
Sign in to search
Federal (Canada)Personal Information Protection and Electronic Documents ActWell-founded & conditionally resolved
Dec 14, 2020PIPEDA Findings #2020-005· Indexed Apr 12, 2026

PIPEDA Findings #2020-005: Investigation into Desjardins’ compliance with PIPEDA following a breach of personal information between 2017 and 2019

Desjardins

This investigation examined Desjardins' compliance with PIPEDA following a significant data breach that occurred between 2017 and 2019, affecting nearly 9.7 million individuals. The Office of the Privacy Commissioner of Canada (OPC) found that Desjardins contravened PIPEDA principles regarding accountability, data retention, and security safeguards. While Desjardins' mitigation measures for affected individuals were deemed adequate, the OPC issued recommendations to address the identified contraventions.

Official ↗

Quick View

Personal Information Protection and Electronic Documents ActWell-founded & conditionally resolved

PIPEDA Findings #2020-005: Investigation into Desjardins’ compliance with PIPEDA following a breach of personal information between 2017 and 2019

Dec 14, 2020PIPEDA Findings #2020-005
Adjudicator: Daniel Therrien
Plain-Language Summary

This investigation examined Desjardins' compliance with PIPEDA following a significant data breach that occurred between 2017 and 2019, affecting nearly 9.7 million individuals. The Office of the Privacy Commissioner of Canada (OPC) found that Desjardins contravened PIPEDA principles regarding accountability, data retention, and security safeguards. While Desjardins' mitigation measures for affected individuals were deemed adequate, the OPC issued recommendations to address the identified contraventions.

Key Issues
  • Adequacy of security safeguards throughout the personal information lifecycle.
  • Compliance with accountability principles, including implementing procedures and training staff.
  • Appropriateness of data retention and destruction practices.
  • Effectiveness of mitigation measures offered to individuals affected by the breach.
Read Full AnalysisOfficial Decision ↗
Federal (Canada)Privacy ActWell-founded & conditionally resolved
Aug 7, 2020· Indexed Apr 12, 2026

Review of passport protection practices of four federal institutions

Immigration, Refugees and Citizenship Canada (IRCC)

This report details a review of passport protection practices by four federal institutions: IRCC, ESDC, GAC, and CPC. While the institutions generally had reasonable measures to prevent unauthorized passport disclosures, the review identified areas for improvement in incident detection, remediation for affected individuals, and learning from past breaches. The institutions agreed to implement the OPC's recommendations to enhance these processes.

Official ↗

Quick View

Privacy ActWell-founded & conditionally resolved

Review of passport protection practices of four federal institutions

Aug 7, 2020
Adjudicator: Daniel Therrien
Plain-Language Summary

This report details a review of passport protection practices by four federal institutions: IRCC, ESDC, GAC, and CPC. While the institutions generally had reasonable measures to prevent unauthorized passport disclosures, the review identified areas for improvement in incident detection, remediation for affected individuals, and learning from past breaches. The institutions agreed to implement the OPC's recommendations to enhance these processes.

Key Issues
  • Adequacy of measures to prevent unauthorized disclosure of passports
  • Effectiveness of incident detection mechanisms
  • Sufficiency of remediation measures for affected individuals
  • Processes for learning from past passport breach incidents
Read Full AnalysisOfficial Decision ↗
Federal (Canada)Access to Information Act
Jul 22, 2020· Indexed May 4, 2026

Access at issue: Nine recommendations regarding the processing of access requests at National Defence

National Defence

This report details a systemic investigation into how the Department of National Defence (DND) processed access to information requests between January 1, 2017, and December 21, 2018. The investigation examined six key offices and DND's ATIP Directorate, reviewing their internal processes, training, and statistics. The Commissioner made nine recommendations to the Minister of National Defence to address identified shortcomings, which the Minister accepted and agreed to implement.

Official ↗

Quick View

Access to Information Act

Access at issue: Nine recommendations regarding the processing of access requests at National Defence

Jul 22, 2020
Adjudicator: Caroline Maynard
Plain-Language Summary

This report details a systemic investigation into how the Department of National Defence (DND) processed access to information requests between January 1, 2017, and December 21, 2018. The investigation examined six key offices and DND's ATIP Directorate, reviewing their internal processes, training, and statistics. The Commissioner made nine recommendations to the Minister of National Defence to address identified shortcomings, which the Minister accepted and agreed to implement.

Key Issues
  • Timeliness of access to information request processing
  • Adherence to legislative obligations under the Access to Information Act
  • Effectiveness of internal procedures and training for ATIP staff
  • Improvement of ATIP compliance metrics
Read Full AnalysisOfficial Decision ↗

Filters

Sign in to search
Sort

Default: publication date

Index date