Saturday, December 29, 2012

Government "loses" sensitive personal information on thousands of Canadians

Over the past week, Human Resources and Skills Development Canada has been notifying approximately 5000 people that their personal information has been lost. According to reports, the information was on a USB device that has been "misplaced". The information includes Social Insurance Number(SIN); surname; primary and, if applicable, secondary medical condition; birthdate; presence of other payers (e.g., workers' compensation); level of education; occupation type; and, Service Canada processing centre.

This is an ENORMOUS screw up by the Government of Canada. Unencrypted personal information should never be put on these devices as they are notoriously easy to lose. I am also surprised that the Privacy Commissioner's office, at least as quoted in the media, has not yet decided whether to do a formal investigation.
Personal info for thousands lost by federal government - Politics - CBC News

A federal government department says there is no evidence that missing personal information about thousands of Canadians has been used for fraudulent purposes.Human Resources and Skills Development Canada says an employee reported on Nov. 16 that a USB key containing personal information, including Social Insurance Numbers, of about 5,000 Canadians was missing.

The department, which handles a variety of files including pensions, old age security, employment insurance and childcare tax credits, says all those affected have been contacted.

A spokesperson said in an email Friday evening that the affected people have been advised of the incident and informed of the steps they can take to help protect their personal information.

HRSDC notified the privacy commissioner's office on Dec. 21 that the data had been lost.

About 60 people have already called an information line at the privacy commissioner's office expressing concern about the incident and complaints have already been filed.
"It's too early to say whether or not these will turn into official, full, investigations," said Anne-Marie Hayden, a spokeswoman for the privacy commissioner.
"We'd have to look at what we receive first and determine next steps from there."
HRSDC said it has seen no evidence that any of the information contained on the missing USB key has been used for fraudulent purposes.

"Nonetheless, we have advised affected individuals to carefully review and verify bank information, credit card information and other financial transaction statements as a means of safeguarding their personal information as a precautionary measure," the email said.

"We are currently analyzing this incident with the view of preventing a similar occurrence in the future," it added.

The commissioner's office is working with HRSDC in an effort to figure out what happened.

Each year, federal departments are required to report on how well they comply with privacy legislation.

In the 2010-2011 report — the most recent one posted on HRSDC's website — the department noted that it had been the subject of three complaints regarding how it handled personal information.


Gerald Parker said...

David please make contact.
Facebook Class Action page has been setup.

Anonymous said...

Do you have to have a face book acct. to contact the site because this is the last place I need more of my privacy to be disclosed