Want to stay current on e–commerce law? Sign up for Email Newsletter.
Privacy Commissioner of Canada Releases Findings from CIBC Privacy Inquiry
On April 18, 2005, the Office of the Privacy Commissioner of Canada (OPC) released the findings of its investigation into the well-publicized Canadian Imperial Bank of Canada's ("CIBC") well-publicized privacy breach. The incident involved a series of misdirected faxes containing the personal information of CIBC customers that were sent by different branches of the bank to a company in Quebec and another company in the United States. The misdirected faxes were sent between 2001 and 2004 and the bank did not notify customers whose privacy was breached until the matter was picked up by media outlets.
The Privacy Commissioner, Jennifer Stoddart, stated that the failure of CIBC's privacy practices in functioning properly should serve as a wake-up call to all Canadian organizations. She indicated that the act of publishing a privacy policy does not by itself mean that a business has complied with the Personal Information Protection and Electronic Documents Act (PIPEDA). A business must take further steps to ensure that all its employees are aware of and adhere to the privacy policy and all breaches in the privacy policy are brought to the immediate attention of its privacy officials. Among the Privacy Commissioner's recommendations to CIBC are that the bank address privacy concerns as soon as they arise and that it notify affected customers when a breach occurs.
For additional information, visit: