The Office of the Privacy Commissioner of Canada recently announced findings concerning the use of a former customer’s personal information collected by an online dating service. After requesting to terminate his membership to the online dating service, the unnamed individual also requested that he be removed from the mailing list and that all his personal information be deleted. Later, the individual notified the Office about his concern that he was still receiving marketing emails and that the online dating service had informed him that his personal information was the property of the service.

The Office found that the online dating service had committed several violations of the Personal Information Protection and Electronic Documents Act (PIPEDA), including failing to provide the complainant with access to his personal information within 30 days of his request, retaining personal information after his membership was terminated, using his personal information after he had withdrawn consent to send him marketing emails, failing to maintain a privacy policy, and failing to safeguard customer’s personal information. In the middle of this investigation, a new owner took over the dating service and many of these violations have since been resolved.

Tip: This case is a reminder for companies (in Canada and elsewhere) to look at their data retention and opt-out procedures.