Alberta’s Information and Privacy Commissioner has initiated an investigation into a stolen laptop computer which contains financial and other personal information about possibly 8,000 clients of MD Management, a subsidiary of the Canadian Medical Association.
Commissioner Frank Work has the authority under the Personal Information Protection Act (PIPA), to conduct an investigation to ensure compliance with any provision of this Act. PIPA governs the collection, use, disclosure and safeguarding of personal information in the hands of private sector organizations in Alberta.
MD Management advised the Information and Privacy Commissioner of the incident and outlined the steps taken since they became aware of the theft. Following inquiries by individuals affected, the Commissioner decided to conduct an independent review of the organization’s privacy and security practices. MD Management has committed to cooperate fully with the Commissioner’s investigation.
The Commissioner recognizes that MDM has taken sound steps, and the OIPC will collaborate with the company and will provide independent oversight.
The investigation will focus on what happened, determine the level of risk to individuals, and suggest ways to reduce the risk of similar incidents.
The laptop was apparently stolen from the vehicle of an employee of MD Management.