Tuesday, April 23, 2013

Statistics on Federal Government data breaches are staggering

According to documents filed in Parliament in response to a request for information filed by the opposition, the Federal Government has experienced thousands of data breaches over the past decade, affecting the personal information of hundreds of thousands of Canadians. And the vast majority were not reported to the affected individuals.

Government data breached thousands of times in last decade, documents say

OTTAWA — The federal government has seen more than 3,000 data and privacy breaches over the past 10 years, breaches that have affected more than 725,350 Canadians, according to documents tabled in Parliament on Tuesday.

The responses from departments, given to the New Democrats in response to an order paper question, also show that less than 13 per cent of all breaches have been reported, including a handful from the Department of Fisheries and Oceans that affected more than 4,400 individuals.

“There may be issues where Canadians have been put at risk and they haven’t been informed,” said NDP critic Charlie Angus, who submitted the written question. “As a standard, we should involve the privacy commissioner when Canadians’ privacy is breached.”

The list, however, is not a complete accounting of breaches, suggesting that there the number of breaches may be higher than reported. For instance, the Canada Revenue Agency didn’t provide any numbers, saying that a search of the hard copy records of breaches would be too cumbersome to be completed.

The list also turned up at least three instances where the data loss led to criminal activity, including one at the Public Service Commission in the 2007-2008 fiscal year that led to the termination of a contract with the recycling firm JC Fiber. Another data loss at the Department of Finance ended with one worker being charged with breach of trust.

The Department of Foreign Affairs, according to the documents, has 11 ongoing investigations into data breaches that affect at least 42 individuals.

The tabling of the figures prompted the government to release a statement signed by three cabinet ministers, including two whose departments have either come under scrutiny for losing the information of Canadians: Veterans Affairs Minister Steven Blaney, and Human Resources Minister Diane Finley.

“Our Government takes the privacy of Canadians very seriously, especially the critical importance of the proper handling of sensitive personal information,” Treasury Board President Tony Clement said in the statement.

“We will continue to work closely with the Office of the Privacy Commissioner to ensure that the privacy of Canadians is protected.”

Finley’s department has been dealing with fallout from two data breaches. In one incident, the department lost a portable hard drive with the personal information of about 583,000 Canada Student Loan recipients, including their social insurance numbers. In a second incident, a lawyer on loan to HRSDC from the Department of Justice lost a USB key with personal information about more than 5,000 employment insurance recipients.

Both have prompted investigations by the privacy commissioner, Jennifer Stoddardt, who was notified of both incidents.

“This came out of the massive data breach at HRSDC and the fact they spent a number of months keeping it quiet while they searched for it,” Angus said. “Now we see we’ve got well over 3,000 breaches.”

“What we’re seeing here is this about covering the rear-ends of ministers trying to keep their jobs,” Angus said.

No comments: