The Office of the Privacy Commissioner of Canada published key takeaways from its investigation of the 2020 data breach of the Canada Revenue Agency sign-in portal and the Employment and Social Development Canada's "GCKey" authentication service. Recommendations include addressing privacy risks through programs and services, and conducting regular security assessments.