E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: Toronto SUN

Posted on January 18, 2011

From lost laptops to stray confidential documents, Statistics Canada has grappled with several "serious" security breaches that have compromised sensitive personal information about Canadians. Internal reports obtained by QMI Agency through Access to Information reveal a number of incidents in the past five years where the federal information-gathering agency has probed and quietly done damage control on security lapses.

There have been several cases of government-issued laptops containing confidential personal information stolen from employees' homes or vehicles. In at least two incidents, field interviewers had left a sticky note with the password with the portable computer.

One Toronto staffer left the completed questionnaire of another participant at a respondent's home instead of a blank one. Another employee faxed off a blank survey to a business - but inadvertently included sheets of confidential information about two other businesses.

A letter from Wayne Watson, director general of Investigations and Inquiries Branch of the Privacy Commissioner's office, called a March 2007 breach of the employment records of 66 enumerators and crew leaders for the 2006 census "a serious matter." Documents were left in surplus filing cabinets and sold at a Crown Assets Auction in Edmonton.

The silver lining of this lapse, he noted, was that it led to new safeguards to prevent a recurrence. "These people should now be better informed of the privacy rights of individuals so that others may be spared the invasion of privacy (names deleted) suffered," he wrote.

In one potentially egregious case, a couriered envelope containing 11 unencrypted, non-password-protected CDs sent to Ottawa headquarters went missing. The discs contained more than 21,000 electronic images of birth, death, stillbirth and marriage registrations.

The package, sent from Alberta's Vital Statistics Program on July 9, 2010, was finally discovered locked in a rarely used cabinet Nov. 30, 2010.

Documents also reveal physical security breaches and cases of e-mail mishaps and loose password rules that violated the federal Privacy Act.

Stats Canada spokesman Peter Frayne said breaches are relatively rare in the context of massive volumes of information gathered. In a five-year period the agency conducted more than 22 million interviews with only a dozen or so security incidents - the majority resulting from criminal acts by third parties.

"Statistics Canada considers protecting the confidentiality of respondent information not only a legal obligation, but a corporate imperative," he told QMI. "It is a fundamental value ingrained in the agency’s culture."

All employees go through intensive training and take a life-long oath of secrecy. They are subject to $1,000 and/or a jail term of up to six months if they release personal information - or up $5,000 and/or five years in prison if used for personal profit.

Security measures are in place to protect information filed on the Internet and stored on laptops or offices. All suspected security breaches are investigated and reported to the Privacy Commissioner and/or police if substantiated.

Some examples of security breaches at Statistics Canada in the past five years:

OCT. 2010: Purolator envelope containing 11 unencrypted, non-password-protected CDs for the Vital Statistics Program in Alberta addressed to Ottawa head office sent July 9, 2010 is discovered missing. It contains more than 21,000 electronic images of confidential information about individual birth, death, stillbirth and marriage registrations. It is found Nov. 30, 2010 locked in a rarely-used filing cabinet.

SEPT. 2009: Stats Can library's password access protocol constitutes "major security breach."

DEC. 2008: A briefcase with documents and personal notes is stolen from the car of an interviewer from Quebec. Confidential addresses of respondents were included.

JULY 2008: An error in transmission meant e-mails of 108 subscribers of Health Reports notifications were "inadvertently revealed" to all recipients of message - constituting a breach of Privacy Act and Stats Can policy.

JUNE 2008: Stats Can is informed that on Feb. 12, 2008 Surrey RCMP and Canada Post recovered completed 2006 census questionnaires from a private residence in a bust of a major identity theft ring. Other items included equipment related to credit card/ID theft, drivers' licences, 3,000 pieces of stolen mail, government-issued cheques, fake currency and more than 100 CDs with thousands of personal data profiles. Census questionnaires were not in the hands of census staff - it is believed they were obtained by tipping mailboxes or break-ins to homes and cars.

AUG. 2007: A laptop containing personal information about individuals who participated in the Labour Force Survey or Canadian Community Health Survey is stolen from the residence of an employee in Abbotsford, BC. Password was written on a sticky note stored in laptop case. Police called, affected people are informed and interviewer receives verbal reprimand.

JUNE 2007: Laptop with three completed household spending surveys stolen in home break-in in Delta, B.C.

MARCH 2007: Edmonton regional office reports two laptop thefts from field interviewers' vehicles. Staff are reminded about protocol for securing material.

MARCH 2007: Privacy Commissioner's office advised of inadvertent disclosure and loss of personal info after surplus filing cabinets with Records of Employment about 66 2006 census workers were sold at a Crown Assets Auction in Edmonton. Affected individuals are contacted and Stats Can implements more stringent procedures to avoid a recurrence.

JULY 2006: Enumerator leaves completed questionnaire instead of blank at Scarborough, Ont. respondent's home.

APRIL 2005: Blank forms faxed to a business include additional pages of confidential information related to two other businesses. Staff receive retraining and posters/notices are displayed as reminders.

FEB. 2005: Marketing information collected for one user is reviewed by another user and possibly four other unknown individuals in a Corporations Returns Act survey.

FEB. 2005: Laptop being shipped from Williams Lake, B.C. to Edmonton containing 23 Survey of Household Spending cases - including 11 completed ones - goes missing. A flurry of e-mails ensues among senior managers at Stats Can and officials "pester" Canada Post to find the lost item. Confidential statistical info is encrypted. Laptop is found two weeks later.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.