CIMM - Data Breaches and Privacy Breaches - June 2, 2021

Key messages

Supplementary messages

Data breaches

Privacy breaches

IRCC’s process and handling of privacy breaches

Fingerprint and photo privacy breach

[If pressed on what the consequences are on the individuals as a result of the privacy breach?]

Notable IRCC breaches:

Name of reach # of individuals affected Description of incident breach and mitigation measures taken Type of breach

Client Survey Privacy Breach
This breach was recently referenced during Question Period


IRCC contracted Advanis to conduct its annual Client Service Evaluation Survey.
When Advanis sent out the email invitation to IRCC clients; a different recipient’s name was included in the invitation, for all invitations.

Program officials implemented measures to ensure this type of breach does not occur in the future. Of note, the 2021 Survey has been conducted, approximately 230,000 survey invitations were sent and there were no known privacy breaches related to this year’s survey.

Non-material breach
CPC-Sydney Privacy Breach 721

On April 29, 2020, CPC-Sydney sent out a message to 721 staff regarding a training initiative. In error, the personal email addresses of all those in receipt of the email were released to the other staff members.
The Director of CPC-Sydney sent out an apology email to all staff.

Non-material breach

GCKeys Cyberattack

Elections Canada Privacy Breach


Privacy breaches

Fingerprint and photo privacy breach

Page details

Date modified: