LifeLabs data breach report released after firm loses four-year bid to keep it quiet
Advertisement
Read this article for free:
or
Already have an account? Log in here »
To continue reading, please subscribe:
Monthly Digital Subscription
$0 for the first 4 weeks*
- Enjoy unlimited reading on winnipegfreepress.com
- Read the E-Edition, our digital replica newspaper
- Access News Break, our award-winning app
- Play interactive puzzles
*No charge for 4 weeks then price increases to the regular rate of $19.00 plus GST every four weeks. Offer available to new and qualified returning subscribers only. Cancel any time.
Monthly Digital Subscription
$4.75/week*
- Enjoy unlimited reading on winnipegfreepress.com
- Read the E-Edition, our digital replica newspaper
- Access News Break, our award-winning app
- Play interactive puzzles
*Billed as $19 plus GST every four weeks. Cancel any time.
To continue reading, please subscribe:
Add Free Press access to your Brandon Sun subscription for only an additional
$1 for the first 4 weeks*
*Your next subscription payment will increase by $1.00 and you will be charged $16.99 plus GST for four weeks. After four weeks, your payment will increase to $23.99 plus GST every four weeks.
Read unlimited articles for free today:
or
Already have an account? Log in here »
Hey there, time traveller!
This article was published 25/11/2024 (375 days ago), so information in it may no longer be current.
A long-withheld investigation into a 2019 hacking at LifeLabs Inc. that compromised millions of Canadians’ health data has finally been made public after an Ontario court dismissed the company’s appeal to prevent its release.
A statement from the privacy commissioners of both Ontario and British Columbia says their joint report, completed in June 2020, found that LifeLabs “failed to take reasonable steps” to protect clients’ data while collecting more personal health information than was “reasonably necessary.”
The report ordered LifeLabs to address a number of issues such as appropriately staffing its security team, and the commissioners’ statement says the company complied with all of the orders and recommendations.
LifeLabs had cited litigation and solicitor-client privilege to prevent the document’s publication, but this was opposed by the commissioners’ offices.
The company then sought a judicial review in Divisional Court in Ontario before the case made its way to the Ontario Court of Appeal, where LifeLabs’ appeal was dismissed.
B.C. Information and Privacy Commissioner Michael Harvey says in a statement that “the road to accountability and transparency has been too long” for the victims of the data breach.
“LifeLabs’ failure to put in place adequate safeguards to protect against this attack violated patients’ trust, and the risk it exposed them to was unacceptable,” Harvey says. “When this happens, it is important to learn from past mistakes so others can prevent future breaches from happening.
“But to learn from lessons, we need to share them.”
Ontario Information and Privacy Commissioner Patricia Kosseim says in the statement that she is pleased with the court’s decision to uphold the decision by her office “to help restore public trust in the oversight mechanisms designed to hold organizations accountable.”
In May, Canadians who applied to be part of a class-action lawsuit against LifeLabs began receiving cheques and e-transfers, with administrator KPMG saying more than 900,000 valid claims were received.
An Ontario court had approved a total Canada-wide settlement of up to $9.8 million in the data breach, which allowed hackers to access the personal information of up to 15 million customers.
This report by The Canadian Press was first published Nov. 25, 2024.