LifeLabs signage is seen outside of one of the lab’s Toronto locations, Tuesday, Dec. 17, 2019. THE CANADIAN PRESS/Cole Burston

LifeLabs ‘failed to protect’ personal information of millions of Canadians: investigation

The Canadian laboratory testing company was found to have violated its patients’ privacy

A joint investigation between B.C. and Ontario privacy commissioners has found that LifeLabs “failed to protect private information” during its 2019 privacy breach.

The privacy commissioners’ release on Thursday (June 25), found LifeLabs did not have “reasonable safeguards” in place to protect 15 million customers, largely in B.C. and Ontario. The company reported the breach to both privacy commissioners in November of last year, after detecting a cyberattack on its computer systems on Oct. 28.

READ MORE: Hackers target LifeLabs medical database in B.C., Ontario

Although B.C. and Ontario’s privacy commissioners released a broad overview of their investigation report on Thursday, they did not publish the entire report due to LifeLabs’ objections.

“LifeLabs has claimed that some of the information contained in the report is privileged or confidential and objected to the release of that information,” the release stated.

However, the privacy commissioners said they would release the full report unless LifeLabs attempts to get a court ruling in the company’s favour.

The privacy commissioners issued three joint orders to LifeLabs, outline broadly in Thursday’s release: to improve specific practices regarding information technology security, to formally put in place written information practices and policies with respect to information technology security, and to cease collecting specified information and to securely dispose of the records of that information which it has collected.

LifeLabs was also recommended to consult with third-party experts about if a longer period of credit monitoring would be “more appropriate.”

B.C’s privacy commissioner also said the LifeLabs case should serve as an example of why the office needs to be able to impose financial fines and penalties following investigations.

“This is the very kind of case where my office would have considered levying penalties,” said Michael McEvoy, Information and Privacy Commissioner of B.C. For its part, Ontario is expected to be able to levy financial penalties once a recently announced amendment to Ontario’s privacy law comes into effect. It would be the first province in Canada to have the ability to levy monetary penalties against individuals and companies that violate the Personal Health Information Protection Act.

READ MORE: LifeLabs facing proposed class action over data breach affecting up to 15M clients


@katslepian

katya.slepian@bpdigital.ca

Like us on Facebook and follow us on Twitter.

Want to support local journalism during the pandemic? Make a donation here.

privacy

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

Faulty janitorial equipment likely caused Saanich school fire

Saturday morning fire damaged roof of Strawberry Vale Elementary

Greater Victoria records highest unemployment in history with 11 per cent

Past peak was 7.8 per cent more than a decade ago, according to South Island Prosperity Partnership

Garth Homer Society in Saanich turns lemons into lemonade with online programs

Victoria disability organization sets up online programs and learning tools in wake of COVID-19

Human behaviour likely to deter birds from Esquimalt Lagoon, survey suggests

More Great Blue Herons spotted, fewer mallard ducks seen

Sidney’s Mary Winspear Centre to host a trio of acts

Aaron Pritchett, Alex Cuba and Valdy will each play four shows

Islanders want BC Ferries to follow order that lets residents board before tourists

For ferry-dependent communities, ferries are often the sole practical lifeline to work, school or medical appointments.

Beverly Hills 90210 star’s family selling Vancouver Island Beach Resort

You can own Jason Priestley’s Terrace Beach Resort in Ucluelet for less than $5 million

Genetic detectives begin work to trace spread of COVID-19 in Canada

The kinds of genetic technology being used for this project did not exist when SARS hit Canada in 2003

Sports fishers protest Fraser River Chinook closures

Public Fishery Alliance wants hatchery fish open for harvest

B.C. Ferries increasing passenger capacity after COVID-19 restrictions

Transport Canada 50-per-cent limit being phased out, no current plans to provide masks

Shellfish industry get funds to clean up at Island sites and beyond

Businesses can apply to cover half of costs to clean up so-called ‘ghost gear’

Amber Alert for two Quebec girls cancelled after bodies found

Romy Carpentier, 6, Norah Carpentier, 11, and their father, Martin Carpentier, missing since Wednesday

B.C. man prepares to be first to receive double-hand transplant in Canada

After the surgery, transplant patients face a long recovery

Most Read