Canadian federal privacy scorecard worst yet, says Commissioner
Canadian government agencies hit an all-time high for privacy complaints and data breaches this year, according to the annual report from the federal Privacy Commissioner – and most of the increase stemmed from two departmental data breaches.
Privacy complaints were up 130 percent to 2,273 in the year from April 2012 to March 31, 2013, said the Commissioner, due largely to data breaches by Employment and Social Development Canada and Justice Canada. Around half of all complaints concerned those breaches.
ESDC was known as Human Resources and Skills Development Canada (HRSDC) in January, when it lost the personal data of 583,000 student loan borrowers. HRSDC was also implicated in the loss of personal data for over 5000 individuals who appealed disability rulings under the Canada Pension Plan. That also made Justice Canada a target of complaints.
These were not the only data breaches reported to the Commissioner. Overall, federal institutions experienced 109 breaches – up 36 percent from the year prior.
The Privacy Commissioner singled out the Canada Revenue Agency for particular criticism after a separate audit, following reports of breaches including misuse and misdirection of mail, and unauthorized access to taxpayer files. It found that the agency was failing to conduct threat and risk assessments on sensitive IT systems, and was not tracking unauthorized access.
Government agencies report data breaches on a voluntary basis, admitted the Commissioner, stating that this made it unclear whether breaches had indeed increased, or whether staff was simply becoming more diligent.