POST Online Media Lite Edition


Ontario IPC and BC OIPC find LifeLabs failed to protect personal information exposed in breach

Christian Fernsby |
A joint investigation by the Information and Privacy Commissioners of Ontario and BC has found that LifeLabs failed to protect the personal health information of millions of Canadians resulting in a significant privacy breach in 2019.

Article continues below

Topics: LIFELABS   

The joint investigation revealed that the company's failure to implement reasonable safeguards to protect the personal health information of millions of Canadians violated Ontario's health privacy law, PHIPA, and BC's personal information protection law, PIPA.

The Ontario and BC offices determined the company:

- failed to take reasonable steps to protect the personal health information in its electronic systems;

- failed to have adequate information technology security policies in place; and

- collected more personal health information than was reasonably necessary.

"Our investigation revealed that LifeLabs failed to take necessary precautions to adequately protect the personal health information of millions of Canadians, in violation of Ontario's health privacy law. This breach should serve as a reminder to organizations, big and small, that they have a duty to be vigilant against these types of attacks. I look forward to providing the public, and particularly those who were affected by the breach, with the full details of our investigation."

LifeLabs advised that on October 28, 2019, it detected a cyberattack on its computer systems. On December 17, 2019, the Ontario and BC privacy commissioners announced their joint investigation into the breach, which affected millions of Canadians.

What to read next

Class action launched against LifeLabs over privacy breach
Health data of 15 million Canadians target of LifeLabs cyberattack
Australia launches Federal Court action against Facebook