LifeLabs failed to guard the private well being data of thousands and thousands of Canadians, ensuing in a “important privateness breach,” based on a joint investigation by Ontario and B.C.’s data and privateness commissioners.
Final December, the laboratory testing firm revealed it had been the goal of a big cyberattack affecting the personal data of 15 million Canadians — primarily residents of B.C. and Ontario.
The joint investigation discovered the corporate didn’t implement cheap safeguards to guard the private well being data, which violated B.C.’s private data safety regulation, Ontario’s well being privateness regulation and the Private Well being Data Safety Act.
“LifeLabs’ failure to correctly shield the private well being data of British Columbians and Canadians is unacceptable,” B.C. data and privateness commissioner Michael McEvoy mentioned in a press release.
“LifeLabs uncovered British Columbians, together with thousands and thousands of different Canadians, to potential identification theft, monetary loss and reputational hurt.”
The outcomes of the investigation additionally discovered that LifeLabs didn’t have sufficient know-how safety insurance policies and picked up extra private data than crucial.
“This investigation additionally reinforces the necessity for adjustments to B.C.’s legal guidelines that permit regulators to think about imposing monetary penalties on corporations that violate folks’s privateness rights,” McEvoy added.
The Canadian laboratory testing firm has been ordered by each places of work to implement measures to deal with these shortcomings.