P2020-ND-170

On March 16, 2020, the Organization sent an email to clients informing them how to access virtual services. The email was sent to 41 clients without blind copying client names and email addresses. A second email containing a consent form for virtual services was then sent to 11 clients without blind copying client names and email addresses. The incident was discovered the same day, when a client forwarded one of the emails to a Psychologist, alerting her to the breach. The Organization subsequently identified a third occasion where an email was sent to 41 additional names and email addresses, without the use of blind carbon copy. On March 17, 2020 the Organization submitted a second breach report to the OIPC regarding the third incident.

File Type: pdf
File Size: 612 KB
Categories: 2020