from certain Canadian consumers who had direct-to-consumer products or fraud alerts. The affected personal information was collected by Equifax Inc.The complainants alleged that Equifax should not have allowed their personal information to have been compromised, that post-breach measures offered did not work properly for them as Canadians, and that they were surprised their information was in the US to begin with.
Nineteen individuals made complaints to our Office against Equifax about this matter, including five whose personal information was compromised during the breach. and Equifax Canada to address the contraventions found. This report contains a number of recommendations to Equifax Inc. and Equifax Canada contravened the Act with respect to all of the issues identified above. Our investigation concluded that both Equifax Inc. Given the age of certain information compromised in the breach, we also examined Equifax Inc.’s data destruction practices. and Equifax Canada, as well as whether Equifax Canada had adequate accountability for Canadian data processed by Equifax Inc., and obtained valid consent for this processing from individuals. In this context, at issue is the adequacy of safeguards by Equifax Inc. We also found that Equifax Canada’s security infrastructure was highly integrated with that of Equifax Inc. from certain Canadian consumers who purchased or received Footnote 3 direct-to-consumer products or fraud alerts from Equifax Canada Co. The Office of the Privacy Commissioner of Canada’s (“our Office” or “ OPC”) investigation into this matter determined that the affected personal information of Canadians was collected by Equifax Inc. to be 19,000, almost all of whom had their social insurance number, along with other accompanying identifiers, compromised. The number of affected Canadians Footnote 2 was later estimated by Equifax Inc. publically announced that an attacker had accessed the personal information of more than 143 million individuals, Footnote 1 including personal information for certain UK and Canadian residents. 
Adequacy of Post-Breach Safeguards to Protect Against Unauthorized Use Safeguards of Personal Information by Equifax Canada Consent Obtained from Canadians for Disclosure of Information to Equifax Inc. Accountability of Equifax Canada for Canadian Personal Information Handling by Equifax Inc. Retention of Personal Information by Equifax Inc. Safeguards for Canadian Personal Information held by Equifax Inc.
0 kommentar(er)
