Monarch Beauty Supply, a beauty trade company with operations across the USA and Canada improperly disposed of 2,606 customer credit and debit card sales receipts by placing them in an unlocked dumpster. These receipts were stolen and (in at least one case) used to commit fraud.
In early September, 2005, the Edmonton Police Service (EPS) notified the Office of the Information and Privacy Commissioner (OIPC) that documents containing personal information from the Monarch Beauty Supply store in west Edmonton were turned over to EPS by a confidential informant. The documents included the store’s daily financial records, customer credit and debit sales receipts containing customers’ names, credit card numbers, expiry dates, customers’ signatures, and debit card numbers.
In response to this information from EPS, the Information and Privacy Commissioner Frank Work commenced an investigation of Monarch Beauty Supply, under the Personal Information Protection Act (PIPA).
The Investigator found that Monarch Beauty Supply failed to protect personal information in their custody and made the following recommendations:
- Notify all Edmonton based customers of the security breach and provide assistance
- Develop new security and disposal policy and procedures
- Conduct privacy and security training/awareness for employees
- Implement more rigorous safeguards, and regularly monitor the effectiveness of these safeguards
The organization cooperated fully with the investigation and implemented these recommendations.