From the Office of the Privacy Commissioner of Canada, an announcement concerning the alleged rogue insider breach at a financial institution that impacted the personal information of more than 2.9 million of its members, including 2.7 million individual members and 173,000 business members. On July 8, the Commissioner announced:
The Commission d’accès à l’information du Québec and the Office of the Privacy Commissioner of Canada announced today that they will be investigating following a privacy breach at Desjardins.
The investigations will examine whether the organization was in compliance with Québec’s Act Respecting the Protection of Personal Information in the Private Sector and Canada’s federal private sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA).
While Desjardins mostly operates in Quebec and is subject to the provincial law, it is also subject to the federal privacy law for its activities in other provinces. Therefore, the two offices have decided to collaborate for the purposes of these investigations.
As these are active investigations, no additional details are available at this time.