Published Thursday, July 26, 2012 4:58PM MDT
Last Updated Thursday, July 26, 2012 7:22PM MDT
A local couple was surprised to find their personal, confidential information online after a friend did a search on their address using a popular web browser.
Robert Reid's fiancée, Francine, has had an auto glass insurance policy with a company called AMI for years.
A co-worker of hers happened to Google her email address recently and came up with a tangle of data that looks like an AMI client list.
The list contained Francine's name, phone number, address, email address, and the make, model and VIN number of her vehicle and that of hundreds of other people.
“I was honestly just shocked, I couldn't believe that that much private information was available for me to look at, copy and do whatever I wanted to,” said Reid.
Reid says Francine emailed and called AMI, both to complain about the data breach and to cancel her policy, and the company said it would investigate.
Reid says no one got back to them. "They told us nothing and they wouldn't even acknowledge that this was an issue."
CTV Consumer Specialist Lea Williams-Doherty contacted AMI at its Edmonton headquarters to ask how this happened and whether any of its customers have been negatively impacted.
In an emailed statement it said…
"to the best of our knowledge [Francine’s] experience is the only time the data was found online...the data in question was from an online form on our public website...the form was used by a total of 552 customers...we are in the process of notifying [them]...any evidence of this information has been completely erased...."
Lea also went to the Office of the Information and Privacy Commissioner and asked what measures are in place to ensure companies guard our confidential information on computer systems.
"The Personal Information Protection Act requires organizations to make reasonable security arrangements to protect personal information in their custody from unauthorized access or disclosure,” said Diane McCloud-McKay from the Information| Privacy Commissioner Office.
The law requires companies to inform the privacy commissioner if there is a risk of significant harm to its customers because of a data leak and the commissioner will conduct an investigation and make orders.
Individuals can also report a data breach by filing a complaint with the Privacy Commissioner's Office.