CIPPIC Urges Canadian Privacy Commissioner to Investigate Customer Data Security Breach by Winners

It appears that a recent widespread data security breach will attract the attention of federal privacy officials in Canada. The Canadian Internet Policy and Public Interest Clinic (CIPPIC) has filed a complaint with the Privacy Commissioner of Canada (Commissioner) under section 11 of the Personal Information Protection and Electronic Documents Act (PIPEDA) asking the Commissioner to investigate the security breach which was widely reported to have exposed personal information of customers of Winners Merchants International LP (Winners) in Canada. The complaint urges the Commissioner to investigate not only the incidents reported on by the press (and alluded to by Winners in a letter to customers appearing on its web site) but also the general data collection practices of Winners. In particular, CIPPIC has voiced its concern that Winners may have collected and retained more information (including credit card information) than was necessary and to which customers may not have consented. Whatever the outcome, such a request and the response of the Commissioner is likely to shed further light on commercial data retention practices and what consumers can do to reduce their exposure to future security breaches. For the text of CIPPIC's complaint, see: http://www.cippic.ca/en/news/documents/winners2007jan23.pdf For the text of a letter from Winners to its customers, visit: http://www.winners.ca/en/index.asp; and follow the link "IMPORTANT CUSTOMER ALERT" Summary by: The Editor