Canadian federal privacy scorecard worst yet, says Commissioner

Share this article:

Canadian government agencies hit an all-time high for privacy complaints and data breaches this year, according to the annual report from the federal Privacy Commissioner – and most of the increase stemmed from two departmental data breaches.

Privacy complaints were up 130 percent to 2,273 in the year from April 2012 to March 31, 2013, said the Commissioner, due largely to data breaches by Employment and Social Development Canada and Justice Canada. Around half of all complaints concerned those breaches.

ESDC was known as Human Resources and Skills Development Canada (HRSDC) in January, when it lost the personal data of 583,000 student loan borrowers. HRSDC was also implicated in the loss of personal data for over 5000 individuals who appealed disability rulings under the Canada Pension Plan. That also made Justice Canada a target of complaints.

These were not the only data breaches reported to the Commissioner. Overall, federal institutions experienced 109 breaches – up 36 percent from the year prior.

The Privacy Commissioner singled out the Canada Revenue Agency for particular criticism after a separate audit, following reports of breaches including misuse and misdirection of mail, and unauthorized access to taxpayer files. It found that the agency was failing to conduct threat and risk assessments on sensitive IT systems, and was not tracking unauthorized access.

Government agencies report data breaches on a voluntary basis, admitted the Commissioner, stating that this made it unclear whether breaches had indeed increased, or whether staff was simply becoming more diligent.

Share this article:

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

More in SC Canada

Health law needs reform, says provincial privacy watchdog

The Albertan Information and Privacy Commissioner has formally asked the government to amend the province's Health Information Act with mandatory breach reporting and notification measures.

Well.ca security not that well, letter reveals

Well.ca, an online store selling health and beauty products, exposed names, addresses and credit card details for some of its customers in December, it admitted last month.

Canada signs Wedge Networks to secure government data centers

The Canadian government has hired Wedge Networks, a provider of cloud-based security services, to secure its computing infrastructure.