Photo Courtesy: LifeLabs Laboratory, Facebook
By Veronica Beltran
lifelabs breach

2019 LifeLabs breach exposed personal health information of millions of Canadians

Jun 25, 2020 | 10:57 AM

VICTORIA—A joint investigation conducted by two separate information and privacy commissioners (IPC) found that LifeLabs failed to protect the personal health information of millions of Canadians.

The IPC of B.C. and Ontario say the significant privacy breach occurred in 2019. The joint investigation found that the company failed to implement reasonable safeguards to protect the personal health information of millions of Canadians violated Ontario’s health privacy law, the Personal Health Information Protection Act, and B.C.’s personal information protection law.

“LifeLabs’ failure to properly protect the personal health information of British Columbians and Canadians is unacceptable. LifeLabs exposed British Columbians, along with millions of other Canadians, to potential identity theft, financial loss, and reputational harm. The orders made are aimed at making sure this doesn’t happen again.—Michael McEvoy, information and privacy commissioner of British Columbia

Both the Ontario and B.C. IPC’s determined the company:

  • failed to take reasonable steps to protect the personal health information in its electronic systems
  • failed to have adequate information technology security policies in place
  • collected more personal health information than was reasonably necessary
Prince George Cougars
Cougars preparing for a tough opponent in WHL second round
11h ago
Craig Briere
Former Kodiaks President speaks out regarding "false and untrue" allegations
12h ago
Highway of Tears
Highway of Tears symposium underway
12h ago

“This investigation also reinforces the need for changes to B.C.’s laws that allow regulators to consider imposing financial penalties on companies that violate people’s privacy rights. This is the very kind of case where my office would have considered levying penalties,” added Michael McEvoy, information and privacy commissioner of B.C.

On March 25, 2020, the Ontario government amended Ontario’s health privacy law. Once implemented, Ontario will be the first province in Canada to give the information and privacy commissioner the power to levy monetary penalties against individuals and companies that contravene the Personal Health Information Protection Act.

Both offices have requested that LifeLabs implement a number of measures to address the possibility of any future breaches.

by Veronica Beltran

What's Trending

Prince George Cougars
Cougars preparing for a tough opponent in WHL second round
11h ago
Craig Briere
Former Kodiaks President speaks out regarding "false and untrue" allegations
12h ago
Highway of Tears
Highway of Tears symposium underway
12h ago
From kindergarten to Grade 7, every student left their mark on École Franco-Nord's new Indigenous mural
14h ago
Commercial fire
Commercial fire on Hart Highway causes $150k in damages
18h ago