Digital Privacy and Security Complaints Reference Guide

Why Should You Report Scams and Frauds?

Your information could link a number of crimes together, in Canada and abroad Your Information could progress or complete an investigation. Reporting helps make crime trends more accurate and allows for crime forecasting It helps law enforcement, private and public sector, academia etc. to learn about the crimes and help with prevention and awareness efforts.

Fraud Attempts

Image for Fraud attempts section

According to the Canadian Anti-Fraud center, it is advised that you report the incident to the CAFC (whether you were scammed or not). Go to the online reporting system at the CAFC and report your incident. You can also report over the phone at (toll-free): 1-888-495-8501 (Available Monday to Friday from 9 am to 4;45 pm EST. Closed on holidays). What to include in your report: what platform you were contacted on, the details of the scammers account, how they approached you and what they said to you, anything odd that you noticed about their behavior, any links they sent you (do not click on them, but report that they sent you a link).

Fraud Crimes

Collect relevant documents, receipts, and copies of emails and text messages. This will come in handy for reporting. Contact your local police, and remember that it is their role to investigate your situation and be of help to you. Make sure to report the fraud to the Canadian Anti-Fraud Center and complete the steps mentioned in the “suspected fraud” section.

Data Breaches

Report any data breach involving personal information to the appropriate Privacy Commissioner (see below).

If You Have Lost Money or Information

Image for If You Have Lost Money or info Section

Contact your financial institution as soon as possible, and report the incident as well as the amount of money that was taken from you. Lock and place flags on all of your accounts, changes all of your passwords, and report the fraud to both Equifax, and Transunion, which are Credit Bureaus. Report the incident to the Canadian Anti-Fraud Centre, and make sure to have documents that can prove your identity (birth certificate, driver’s licence, health card, etc) in the case of identity theft. File a report with the police and get a file number from them. This will allow you to update your file if there is any more suspicious activity after the initial incident.

A Canadian may need to contact the Federal Bureau of Investigation (FBI) in the United States if they believe that they are the victim of a cybercrime that originates from or involves the US, or if they have information that could assist in an FBI investigation. Cybercrimes that may involve the FBI include hacking, identity theft, fraud, child exploitation, and terrorism-related offenses. It is important to note that the FBI’s jurisdiction is limited to crimes that occur within the US or that involve US citizens or companies, and Canadians should generally first contact Canadian law enforcement agencies or the Canadian Anti-Fraud Centre if they are the victim of a cybercrime or have information about a cybercrime that involves Canada or Canadians. However, if the cybercrime has a connection to the US, such as a US-based server or a US-based suspect, it may be appropriate to contact the FBI. Canadians can contact the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov to file a complaint about a cybercrime, or they can contact their local FBI field office. The FBI has offices located throughout the US and around the world, and their contact information can be found on the FBI’s website at www.fbi.gov.

SPAM Messages

Image for Spam messages Section

Spam refers to unsolicited or unwanted electronic messages, typically sent in bulk, often for commercial or fraudulent purposes. These messages can take various forms, such as email, text messages, social media messages, or automated voice calls, and they often contain misleading or deceptive information designed to trick recipients into taking a certain action, such as making a purchase, providing personal information, or clicking on a link that could install malware or lead to a phishing scam.

CASL (Canada’s Anti-Spam Legislation) safeguards consumers and businesses from digital technology abuse, such as spam and other electronic hazards. Additionally, it promotes fair competition for businesses in the digital, global marketplace.

CASL is enforced by three government agencies: the Canadian Radio-television and Telecommunications Commission (CRTC), the Competition Bureau, and the Office of the Privacy Commissioner of Canada (OPC). The CRTC is primarily responsible for enforcing the provisions related to commercial electronic messages, including the requirement to obtain consent, identify the sender, and provide an unsubscribe mechanism. The Competition Bureau is responsible for enforcing the provisions related to false or misleading representations in electronic messages, while the OPC oversees the provisions related to the collection, use, and disclosure of personal information in the context of commercial electronic messages.

CRTC

Image for CRTC Section

Online complaints can be filed online through the CRTC’s Spam Reporting Centre. complaints can be made over the phone at 1-866-580-3625, and over email at info@fightspam.gc.ca

The Competition Bureau

Address: Competition Bureau Canada 50 Victoria Street Gatineau, Quebec K1A 0C9

Phone number: 1-800-348-5358 TTY (for hearing impaired): 1-866-694-8389

Email: compbureau@ic.gc.ca

Website: www.competitionbureau.gc.ca

Note that the Competition Bureau also has regional offices across Canada, and their contact information can be found on their website.

SMS or Text Spam

Copy the message and forward it to 7726 (SPAM). This helps your wireless provider spot and block similar messages in the future. Report it on the messaging app you use. Look for the option to report junk or spam. Do not click on any links in the message or answer the message. Block the number that sent the spam message. Submit information on the incident to the Spam Reporting Centre. This includes screenshots of the email or mobile text spam, or information pertaining to other electronic texts. The Spam Reporting Centre is a service provided by the Government of Canada that allows individuals to report spam and other electronic threats they receive, such as phishing scams, malicious software, and false or misleading electronic messages. The service is operated by the Canadian Centre for Cyber Security, in partnership with the Royal Canadian Mounted Police (RCMP) and other government agencies, and it aims to help Canadians protect themselves from online threats and support the enforcement of Canadian laws related to spam and electronic threats. The Spam Reporting Centre can be accessed online at https://www.canada.ca/en/online-security/sms-spam-fraud/unwanted-text-messages.html.

Exploitation/Extortion

Picture promoting the importance of protecting your digital privacy.

File a report with the Canadian Anti-Fraud Centre. Contact your local police department if the culprit has extorted money from you, and provide any identifying information and proof. If the exploitation involves intimate images/video or sexual exploitation go to Cybertip.ca and report your situation (they immediately forward case to police as well as reach out to platform the exchange happened on and limit the image’s availability). Contact NeedHelpNow.ca for support, resources and information on what to do next. If victim is underage, tell a trustworthy adult who can help. Go to stopsextortion.com for tips and next steps + speak with a trained counsellor (good for young victims). Text THORN to 741741. Kidshelpphone.org is also available by phone 1-800-668-6868 and by text for immediate help by texting CONNECT to 686868.

Organization Contacts

Privacy Concerns and Complaints:

GDPR (EU) Privacy Issues

Image for GDPR Section

GDPR (General Data Protection Regulation) is a regulation in the EU that governs the protection of personal data, and a Canadian might need to file a complaint under GDPR if their personal data is being processed by an organization in the EU. The GDPR gives people the power to sue if they’ve been harmed by a breach. If customers suspect a breach, they can make a complaint to supervisory authorities about a business. In case of suspected breach, consumers have the option to lodge official administrative complaints with supervisory authorities against an enterprise. A personal data breach is when there’s a security problem that results in personal data being destroyed, lost, changed, or accessed without authorization. This can happen accidentally or on purpose.

To report a complaint related to GDPR, you can contact the supervisory authority responsible for data protection in your country. You can find a list of supervisory authorities in the EU on the European Commission’s website. Alternatively, if you’re not located in the EU, but your complaint concerns an EU-based company or organization, you can contact the supervisory authority of the EU member state where the company or organization is based. When making a complaint, be sure to provide as much detail as possible about the issue, including the type of data involved, the circumstances of the breach, and any harm that you believe has resulted. The supervisory authority will then investigate the matter and take appropriate action.

US Privacy Issues

Canadians may file a complaint with the Federal Trade Commission (FTC) or other American government agencies if they believe that their privacy rights have been violated by a US-based organization or individual. For example, if a Canadian resident receives unsolicited commercial emails or text messages from a US-based sender, they may file a complaint with the FTC, which enforces anti-spam laws in the US.

You can contact the Federal Trade Commission (FTC) in the United States in several ways:

  1. Phone: You can call the FTC’s Consumer Response Center at 1-877-FTC-HELP (1-877-382-4357) or the Business Center at 1-202-326-2222.
  2. Online: You can file a complaint online with the FTC at https://www.ftccomplaintassistant.gov/.
  3. Mail: You can send a letter to the FTC at the following address: Federal Trade Commission 600 Pennsylvania Avenue NW Washington, DC 20580
  4. Fax: You can send a fax to the FTC at 1-202-326-2012.

Note that the FTC also has regional offices located throughout the United States, and their contact information can be found on the FTC’s website at www.ftc.gov.

A Canadian might need to contact the following American agencies about a privacy concern:

  1. The Department of Commerce: The Department of Commerce oversees the Privacy Shield Framework, which is a mechanism for transferring personal data from the European Union (EU) to the US. If a Canadian company or individual is concerned about the transfer of their personal data from the EU to the US, they may need to contact the Department of Commerce Address: U.S. Department of Commerce, 1401 Constitution Ave., NW, Washington, DC 20230, USA Phone: 1-202-482-2000 Website: https://www.commerce.gov/
  2. The Federal Communications Commission (FCC): The FCC is responsible for regulating communications in the US, including telephone and internet service providers. If a Canadian individual or company is experiencing unwanted telemarketing calls or other unwanted communications from a US-based service provider, they may need to contact the FCC. Federal Communications Commission (FCC): Address: Federal Communications Commission, 445 12th Street SW, Washington, DC 20554, USA Phone: 1-888-225-5322 Website: https://www.fcc.gov/
  3. The Securities and Exchange Commission (SEC): The SEC regulates securities transactions in the US and has jurisdiction over companies that are publicly traded in the US. If a Canadian individual or company is concerned about the privacy practices of a US-based publicly traded company, they may need to contact the SEC. Securities and Exchange Commission (SEC): Address: U.S. Securities and Exchange Commission, 100 F Street, NE, Washington, DC 20549, USA Phone: 1-800-SEC-0330 Website: https://www.sec.gov/
  4. The Department of Homeland Security (DHS): The DHS is responsible for protecting the US from cyber threats and has various agencies that focus on cybersecurity, including the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity and Communications Integration Center (NCCIC). If a Canadian company or individual experiences a cybersecurity incident or believes that they are being targeted by a cyber attack originating from the US, they may need to contact the DHS. Department of Homeland Security (DHS): Address: U.S. Department of Homeland Security, Washington, D.C. 20528, USA Phone: 1-202-282-8000 Website: https://www.dhs.gov/

Note that these agencies may have different contact information depending on the nature of the privacy concern, and it may be helpful to consult their respective websites or speak with a legal expert to determine the best course of action.

Canadian Privacy Issues

The Difference Between The Federal and Provincial Privacy Commissioners

Jurisdiction: The federal privacy commissioner has jurisdiction over all federally-regulated organizations, as well as any private-sector organizations that operate across provincial or national borders. They also oversee federal government agencies including the Canada Revenue Agency (CRA), the Canadian Security Intelligence Service (CSIS), the Canadian Border Services Agency (CBSA), the Royal Canadian Mounted Police (RCMP), the Department of National Defence (DND), Health Canada, and Environment and Climate Change Canada. Provincial privacy offices oversee privacy issues related to provincial government institutions including healthcare, education, transportation, natural resources, social services, and justice, and private sector organizations that operate solely within their respective provinces. include departments responsible for.

Legislation: The federal privacy commissioner enforces PIPEDA (the Personal Information Protection and Electronic Documents Act), which is a federal law that sets out rules for the collection, use, and disclosure of personal information in the course of commercial activity. Under the federal private sector privacy law (PIPEDA), organizations can face fines of up to $100,000 per violation for failing to report a data breach to the Privacy Commissioner or to notify affected individuals in certain circumstances. Provincial privacy commissioners enforce provincial privacy laws, which can vary from province to province.

When and Why should You Contact the Privacy Commissioner

Image for Why you should contact the privacy commissioner Section

Privacy Breaches: If an individual suspects that their personal information has been mishandled or improperly disclosed, they may contact the privacy commissioner’s office to report the breach and seek guidance on what to do next.

Access to Personal Information: If an individual is having difficulty accessing their own personal information from an organization, they may contact the privacy commissioner’s office to request assistance.

Privacy Policies: If an individual has concerns about the privacy policies of a particular organization, they may contact the privacy commissioner’s office to request an investigation into the organization’s practices.

Privacy Rights: If an individual is unsure about their privacy rights and wants to learn more about how to protect their personal information, they may contact the privacy commissioner’s office for information and guidance.

Compliance: If an organization is not complying with privacy laws and regulations, individuals or organizations may contact the privacy commissioner’s office to report the non-compliance and seek resolution.

Privacy Commissioners In Canada

Federal Privacy Commissioner

Newfoundland And Labrador

  • Tel: (709) 729-6309 Fax: (709) 729-6500 Toll Free in Newfoundland and Labrador: 1-877-729-6309
  • e-mail: commissioner@oipc.nl.ca
  • P.O. Box 13004, Station “A”, St. John’s, NL, A1B 3V8
  • Sir Brian Dunfield Building, 3rd Floor, 2 Canada Drive
  • Office Hours: Monday to Friday, 8:30 a.m. – 4:30 p.m.
  • Summer Hours: Monday to Friday, 8:30 a.m. to 4:00 p.m.
  • Website

Ontario

  • Toll- free: 1-800-282-1376
  • Phone: 819-994-5444 Fax: 819-994-5424 TTY: 819-994-6591
  • Open Monday to Friday from 9 am to 4 pm (EST)
  • Mailing address: Office of the Privacy Commissioner of Canada
  • 30 Victoria Street Gatineau, Québec K1A 1H3
  • Website

Alberta

  • Office of the Information and Privacy Commissioner for British Columbia
  • PO Box 9038 Stn. Prov. Govt. Victoria B.C. V8W 9A4 (250) 387-5629
  • Callers outside Victoria can contact the office toll-free by calling Enquiry BC requesting a transfer to (250) 387-5629.
  • Enquiry BC: Vancouver: (604) 660-2421 Elsewhere in BC: (800) 663-7867
  • Hours: Mon-Fri 8:30am-4:30pm Telephone: (250) 387-5629 E-mail: info@oipc.bc.ca
  • Website

Manitoba

  • General office email: ombudsman@ombudsman.mb.ca
  • In Winnipeg: 750 – 500 Portage Avenue (Colony Square), Winnipeg, MB R3C 3X1 (204) 982-9130
  • 1-800-665-0531 (toll-free) (204) 942-7803 (fax)
  • In Brandon:202 – 1011 Rosser Avenue (Scotia Towers), Brandon, MB R7A OL5 (204) 571-5151
  • 1-888-543-8230 (toll-free) (204) 571-5157 (fax)
  • In Thompson: Suite 1720, City Centre Mall, 300 Mystery Lake Road, Thompson, MB R8N 0M2 (204) 677-7270
  • Website

New Brunswick

  • Phone (506) 444-4180
  • E-mail IAPU-UAIPVP@gnb.ca
  • Office hours 8:15 a.m. to 4:30 p.m., Monday to Friday
  • Website

Northwest Territories

  • GNWT Access and Privacy Office
  • Policy and Planning Division, Department of Justice, Government of the Northwest Territories
  • 4903 49th St, PO Box 1320, Yellowknife NT X1A 2L9 Canada
  • apo@gov.nt.ca
  • Phone: 1‑867‑767‑9256
  • Fax: 1‑867‑873‑0659
  • Website

British Columbia

  • Office of the Information and Privacy Commissioner for British Columbia
  • PO Box 9038 Stn. Prov. Govt. Victoria B.C. V8W 9A4 (250) 387-5629
  • Callers outside Victoria can contact the office toll-free by calling Enquiry BC requesting a transfer to (250) 387-5629.
  • Enquiry BC: Vancouver: (604) 660-2421 Elsewhere in BC: (800) 663-7867
  • Hours: Mon-Fri 8:30am-4:30pm Telephone: (250) 387-5629 E-mail: info@oipc.bc.ca
  • Website

Nova Scotia

  • Public enquiries form
  • Use the Public Enquiries Contact Form to send your questions or comments about programs and services.
  • Contact centre
  • Toll-free: 1-800-670-4357
  • Toll-free TTY: 1-877-404-0867
  • Website

Nunavut

  • Office of the Information and Privacy Commissioner
  • PO Box 1000, Station #270
  • 607 Queen Elizabeth II Way
  • Iqaluit, Nunavut, X0A 0H0
  • tel: (867) 979-3081
  • toll-free: 1-855-979-3081
  • email: admin@atipp-nu.ca
  • Website

Prince Edward Island

  • 149 Kent Street, Suite 301 P.O. Box 2000 Charlottetown, PE C1A 7N8
  • Phone: 902-368-4099
  • Email: InfoPrivacy@assembly.pe.ca
  • Website

Quebec

  • Office 2.36, 525, boulevard René-Lévesque Est
  • Quebec City (Quebec) G1R 5S9
  • Telephone: 418 528-7741 Fax: 418 529-3102
  • Montreal
  • Suite 900 2045 Stanley Street Montreal (Quebec) H3A 2V4
  • Telephone: 514 873-4196 Fax: 514 844-6170 Toll free: 1 888 528-7741
  • Email:cai.communications@cai.gouv.qc.ca
  • Opening hours: 8:30 a.m. to 12 p.m. / 1 p.m. to 4:30 p.m.
  • Website

Saskatchewan

  • Saskatchewan Information and Privacy Commissioner
  • 503 – 1801 Hamilton Street Regina SK S4P 4B4
  • Telephone: 306-787-8350 Toll Free Telephone (within Saskatchewan): 1-877-748-2298
  • Email: intake@oipc.sk.ca for information pertaining to your access and privacy rights
  • Email: webmaster@oipc.sk.ca for concerns regarding our website and its content
  • Website

Yukon

  • 3162 Third Avenue, Main Floor
  • (corner of Third Avenue & Alexander Street)
  • Whitehorse, Yukon, Y1A 1G3
  • Phone: 867-667-8468
  • Toll free in the Yukon:
  • 1-800-661-0408 (ext. 8468)
  • Email*: info@yukonombudsman.ca
  • Website