Outcomes - Selected Case Summaries



RCIPS sends misdirected data on firearms owner

Informal Resolution | 18 March 2022

An email containing personal information relating to a firearm license holder was inadvertently sent to an unintended recipient. The RCIPS became aware of the breach three days later when an employee noticed the mistake, and the recipient informed the RCIPS the following day. The RCIPS requested the deletion of the email and the attachment, which the recipient confirmed.

Upon review, we concluded that RCIPS had taken appropriate action to close the breach. Going forward, the RCIPS also committed to implement encryption for this type of correspondence. We advised the RCIPS to ensure that all elements of the data breach notification required by law were addressed, including notifications to data subjects.