Privacy Commissioner Releases Report on CIBC junkyard faxes

The Federal Privacy Commissioner just released her report a few minutes ago. This was where bank branches sent faxes containing customer information in error for years to a junkyard. I can't say it any better than the Privacy Commissioner did in her press release, including:

“Canadians expect much more from the institutions they entrust with their personal information. As Privacy Commissioner, I was disappointed that an apparently well-organized institution such as CIBC failed to recognize that the misdirected faxes were a privacy issue. That the bank’s privacy policies and practices were not functioning on a practical level should serve as a wake-up call to all organizations in Canada,”

“Simply publishing a privacy policy does not make a business privacy compliant. Organizations must ensure that all employees are aware of and adhere to privacy policies. When there are breaches, these must be brought to the immediate attention of the organization’s privacy officials,”

For more detailed information on the incident and the Privacy Commissioner's findings see:

Privacy Commissioner incident report

David Fraser's Privacy blog

GeneralDavid Canton