The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

Privacy Calendar

Links

RSS FEED for this site

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Thursday, April 20, 2006

Incident: Alberta Commissioner faults store for inadequate security of personal information after customers' information used fraudulently

In case you were wondering whether printing credit card numbers on receipts is a risky venture, think about Monarch Beauty Supply in Edmonton, Alberta. The company, like many others, prints this information on receipts. And this company threw them out in a dumpster behind the store.

Edmonton Police received from an anonymous informant copies of that confidential information and began an investigation. The Information and Privacy Commissioner of Alberta also received a complaint from a customer of Monarch Beauty Supply that her credit card had been fraudulently used to buy a laptop. The investigation found that other personal information originating with the company had found its way into the hands of criminals.

The Commissioner found that the company did not adequately safeguard personal information, in violation of PIPA. The Commissioner also noted that there was inadequate training of staff because store managers were not trained in privacy.

Lessons learned:

Do not print credit and debit card numbers on receipts.
Do not dispose of personal information by throwing it out.
Make sure that all staff who handle personal information are trained in their obligations under the law.

Under most of Canada's privacy laws, individuals who have been harmed by a company's violation of the law can seek damages from the company that violated the law. Victims of identity theft can seek compensation for all the damage done because of a company's screw up.

See the Commissioner's report:

Investigation Report P2006-IR-003
Information and Privacy Commissioner's investigation finds Monarch Beauty Supply improperly disposed of over 2600 customer receipts by placing them in a dumpster. The Alberta business failed to protect personal information from identity thieves.
Click to view more information Investigation Report P2006-IR-003

See coverage from the Edmonton Sun: Crook used dumped credit data.

Privacy Personal+Information Dumpster+Diving Fraud Identity+Theft Alberta