TORONTO — LifeLabs failed to protect the personal health information of millions of Canadians, a joint investigation suggests.

The joint investigation by the information and privacy commissioners of Ontario and B.C. says the failure resulted in a significant privacy breach in December 2019, which affected 15 million Canadians – primarily in those two provinces.

“Our investigation revealed that LifeLabs failed to take necessary precautions to adequately protect the personal health information of millions of Canadians, in violation of Ontario’s health privacy law,” Brian Beamish, information and privacy commissioner of Ontario said in a statement.

“This breach should serve as a reminder to organizations, big and small, that they have a duty to be vigilant against these types of attacks. I look forward to providing the public, and particularly those who were affected by the breach, with the full details of our investigation.”

Michael McEvoy, information and privacy commissioner of British Columbia, added: “LifeLabs’ failure to properly protect the personal health information of British Columbians and Canadians is unacceptable. LifeLabs exposed British Columbians, along with millions of other Canadians, to potential identity theft, financial loss, and reputational harm. The orders made are aimed at making sure this doesn’t happen again.”

The investigation says LifeLabs failed:

  • To take the reasonable steps to protect confidential information in its electronic systems, violating Ontario’s health privacy law, the Personal Health Information Protection Act (PHIPA), and B.C.’s personal information protection law
  • To put in place the adequate information technology security policies
  • By collecting more personal information than was necessary

Publication of the report is being delayed, according to the commissioners, because LifeLabs says the information the company provided is confidential. The commissioners deny those claims and say they plan to publish the report unless LifeLabs takes court action.

While the joint inquiry found that LifeLabs took “reasonable steps” to contain and investigate the breach, the Information and Privacy Commissioner of Ontario ordered the laboratory testing provider to implement a number of additional measures to further address the shortcomings revealed in the investigation.

Their recommendations for LifeLabs include:..

 

Read The Full Article

Read The official release from the Privacy Commissioners (more detail)

Leave a Reply

Check Also

EU confirms PIPEDA’s adequacy status under the GDPR

In a Report issued two weeks ago,[1] the European Commission advised that i…