Ontario IPC and BC OIPC find LifeLabs failed to protect personal information exposed in breachChristian Fernsby ▼ | June 26, 2020
A joint investigation by the Information and Privacy Commissioners of Ontario and BC has found that LifeLabs failed to protect the personal health information of millions of Canadians resulting in a significant privacy breach in 2019.
The Ontario and BC offices determined the company:
- failed to take reasonable steps to protect the personal health information in its electronic systems;
- failed to have adequate information technology security policies in place; and
- collected more personal health information than was reasonably necessary.
"Our investigation revealed that LifeLabs failed to take necessary precautions to adequately protect the personal health information of millions of Canadians, in violation of Ontario's health privacy law. This breach should serve as a reminder to organizations, big and small, that they have a duty to be vigilant against these types of attacks. I look forward to providing the public, and particularly those who were affected by the breach, with the full details of our investigation."
LifeLabs advised that on October 28, 2019, it detected a cyberattack on its computer systems. On December 17, 2019, the Ontario and BC privacy commissioners announced their joint investigation into the breach, which affected millions of Canadians. ■