Canada’s privacy commissioners for the provinces of British Columbia and Ontario, on Thursday, said that the country’s one of biggest laboratory testing company LifeLabs failed to appropriately safeguard critical health information of millions of its customers. The breach has been counted as country’s one of the biggest in last year.
LifeLabs has been ordered by the Information and Privacy Commissioner (OIPC) of Ontario to make improve in data security system and clarification of its data protection policies. LifeLabs has further been instructed to intimate individuals about the extent of their information that has been exposed.
LifeLabs is the largest laboratory of Canada providing specialty medical testing services to nearly 15 million customers. Sensitive personal information of its customers held by LifeLabs was exposed due to a breach reported by the company in November 2019. The information so exposed include from their names, addresses and emails to customer logins and passwords, health card numbers and lab tests.
Due to LifeLabs’ claim that information was privileged and confidential, commissioners have delayed release of the full report. However the privacy commissioners was not in agreement with LifeLabs’ that stance and was in view that report should be made public, unless LifeLabs get court order not to do so.
The company however took sufficient measures to stop as well as investigate any breach, found the privacy commissioners in their joint report. But the company failed to adequately protect sensitive personal data of its customers.
LifeLabs in its statement said that it was review the findings of the report and showed its commitment to being transparent and open.
The findings of the investigation report has raised the requirement of amending the B.C.’s laws allowing it the authority to impose financial penalties on the companies which failed to safeguard the privacy rights of the people, British Columbia’s information and privacy commissioner Micheal McEvoy said in a statement.