Tuesday, December 07, 2004

More Ontario government damage control

The Ontario government has released an apology and an account for what happened in the most recent breach of privacy that involved 27,000 government benefits recipients:

Update On Disclosure Of Personal Information :

Government Apologizes And Takes Immediate Steps To Correct Computer Error

  TORONTO, Dec. 6 /CNW/ - On behalf of the Ontario government, Gerry Phillips, Chair of Management Board of Cabinet, today repeated his apology to recipients of cheques from the Ontario Child Care Supplement for Working Families Program whose privacy was breached last week. The breach, which affects approximately 27,000 people, resulted from an error that caused the stub portion of the cheques to include the name, address and an identifier that includes the SIN number of another client.

  Phillips has stressed that the Ontario government will take every action possible to help prevent the recurrence of such incidents in the future.

  This disclosure of personal information about another recipient was caused by a cheque-printing error that occurred during the implementation of a computer software upgrade. These cheques were dated November 30, 2004, and were part of a run of approximately 27,000. The approximately 86,000 people who receive payments by direct bank deposit were not affected.

  While there were many people affected, the personal information of any single recipient is only included on one other cheque stub.

Measures Taken


  Once ministry staff learned of the nature and scope of the problem on the evening of December 2, government cheque production and distribution were stopped.

  On December 3, the government informed the Information and Privacy Commissioner and all MPPs of the breach. Government officials worked with the Information and Privacy Commissioner and others to determine the most appropriate way to assist the affected individuals.

  On the weekend, letters of apology were prepared for all Ontario Child Care Supplement clients affected by this breach. At 7 a.m. today, the letters were given to Canada Post for delivery.

  Based on advice from the Information and Privacy Commissioner, the government has asked people affected by this to destroy any personal information they received which does not belong to them. As a precautionary measure, the government has recommended that cheque recipients monitor and verify all bank accounts, credit card and other financial transaction statements for any suspicious activity.

  Government officials have identified the problem, fixed and tested its computer cheque systems, and been assured that these systems will operate properly.

  Officials have also taken steps to ensure that no problems have arisen in other computer cheque systems. These systems are operating correctly, cheque processing has resumed, and no backlog is expected.

  The government has implemented additional quality assurance measures and will continue to update appropriate technical and procedural measures to ensure the highest standards for safeguarding personal information.

  The government welcomes and will cooperate fully with the Information and Privacy Commissioner during any investigation into this matter.

  In addition to seeking the Commissioner's advice, the government is conducting an internal audit into this breach to determine precisely what happened and why.

  The government sincerely regrets the breach of privacy."

No comments: