The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Thursday, April 20, 2006
In case you were wondering whether printing credit card numbers on receipts is a risky venture, think about Monarch Beauty Supply in Edmonton, Alberta. The company, like many others, prints this information on receipts. And this company threw them out in a dumpster behind the store.
Edmonton Police received from an anonymous informant copies of that confidential information and began an investigation. The Information and Privacy Commissioner of Alberta also received a complaint from a customer of Monarch Beauty Supply that her credit card had been fraudulently used to buy a laptop. The investigation found that other personal information originating with the company had found its way into the hands of criminals.
The Commissioner found that the company did not adequately safeguard personal information, in violation of PIPA. The Commissioner also noted that there was inadequate training of staff because store managers were not trained in privacy.
Lessons learned:
Under most of Canada's privacy laws, individuals who have been harmed by a company's violation of the law can seek damages from the company that violated the law. Victims of identity theft can seek compensation for all the damage done because of a company's screw up.
See the Commissioner's report:
Investigation Report P2006-IR-003Information and Privacy Commissioner's investigation finds Monarch Beauty Supply improperly disposed of over 2600 customer receipts by placing them in a dumpster. The Alberta business failed to protect personal information from identity thieves.
Click to view more information Investigation Report P2006-IR-003
See coverage from the Edmonton Sun: Crook used dumped credit data.
Labels: alberta, identity theft, information breaches, laptop, pipa
The Canadian Privacy Law Blog is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.