Canada’s privacy commissioner is expressing concern over the substantial mishandling of citizen’s private information.
Jennifer Stoddart is also concerned that public service loss of data such as through loss of memory sticks, or breaches in security, are not being fully reported to her office.
There have apparently been over 3,000 incidents of breaches of public service information over the last ten years, but only 403 cases were reported to her office.
Data losses at federal departments have come under greater scrutiny since late last year over concerns about privacy breaches at Veterans Affairs Canada, and, more recently, two breaches at Human Resources and Skills Development Canada, one of which involved a lost USB key with information on 5,000 individuals. Over the last 10 years, 3,134 information and data breaches have affected personal information on over a million Canadians according to documents tabled in Parliament this week.
One department, Human Resources and Skills Development Canada (HRSDC) had 885 breaches since 2002, reporting 62 of them to the privacy commissioner, while Correctional Service Canada reported 147 of the 894 breaches.
The total number of Canadians whose private information may be affected, is likely higher as one department, the Canada Revenue Agency, didn’t provide any figures and others, such as Correctional Services Canada, listed as “unknown” the number of people affected by a single breach. Statistics Canada listed the number of households and businesses affected by each breach, but couldn’t give more precise numbers.
Early this month The Investment Industry Regulatory Organization (IIROC) says a portable device containing the personal information of 52,000 clients from dozens of investment firms has been reported missing.
Canada’s financial industry regulator said Friday the missing data is from clients at 32 firms, but would not disclose which ones
The agency says it “deeply regrets” the accidental loss of the device and is in the midst of contacting clients who may now have their personal information put at risk. The regulator said it was unclear where the device was misplaced and what information it may have contained
The IIROC said an internal investigation has been launched and a third-party security expert will be trying to determine what type of information may have lost. The agency said so-far there has been no evidence of unauthorized attempts to access the portable device.
For reasons beyond our control, and for an undetermined period of time, our comment section is now closed. However, our social networks remain open to your contributions.