27/02/2020

Canada: Federal departments and agencies have mishandled personal information belonging to 144,000 Canadians over the past two years

The new figures were included in the federal government's answer to an order paper question filed by an MP. The 800-page response didn't offer an explanation for the errors, which range from minor issues to serious breaches involving sensitive personal information.

  • The Canada Revenue Agency (CRA) was guilty of the most breaches, with more than 3,005 separate incidents affecting close to 60,000 Canadians between Jan. 1, 2018 and Dec. 10, 2019 and the errors concerned included problms with misdirected mail, security incidents and employee misconduct. The Parliament statement says that two-thirds of the total individuals affected were as a result of three separate and unrealted incidents.
  • Health Canada responsible for 122 breaches, affecting 23,894 individuals. The the agency said in its "most serious" breach, a government employee mistakenly received an email containing personal information. That person immediately notified the appropriate officials at Health Canada and deleted the email, the report said.
  • Canada Broadcasting Corporation (CBC) was responsible for the third-highest number of casualties, with 17 breaches affecting 20,129 individuals, all of whem were employees. CBC reported one major that saw the theft of IT equipment containing confidential information as the most serious.
  • The Public Health Agency of Canada (PHAC) was responsible for seven breaches that affected 3,725 individuals; similarly, Environment was responsible for seven breaches, seeing 6,028 affected.
  • Public Services and Procurement experienced 164 breaches, with 5,149 affected; Employment and Social Development Canada suffered 1,421 breaches, affecting 3,586 individuals.
  • Department of National Defence (DND) was responsible for 170 breaches, with 2,273 individuals affected; Immigration saw 3,005 breaches, affecting 4,268 individuals; and affecting 5,130 individuals was the 59 breaches Canada Post was responsible for.

The report also quotes Canada's Privacy Commissioner Daniel Therrien, saying the commissioner has been pushing for changes to the Privacy Act to make breach reporting mandatory, like it is elsewhere, such as Australia. At presnet, federal departments only have to alert affected individuals in the event of 'material' breaches, cases involving sensitive personal information which might cause serious injury to an individual, or those affecting large numbers of people.

The Canadian spay agency, the Communications Security Establishment (CSE) also has a history of abusing privacy. A national security measure to track patterns of suspicious activity, the Canadian metadata surveillance program was implemented in 2005 by secret decree. This included the illegal monitoring of free airport Wi-Fi services to gather the communications of all travellers using the service and their subsequent tracking. It was then suspended for a year in 2008, amid concerns that the program could amount to unwarranted surveillance of innocent Canadians. However, the program was renewed in 2011 via ministerial directive from then-Defence Minister Peter MacKay. The program was broadly approved by the CSE Commissioner at the time, although he number of Canadians affected by this surveillance is unknown.

https://www.cybersecurityintelligence.com/blog/canadas-government-breaks-the-rules-4809.html

No comments :

Post a Comment