Compliance Management, Privacy, Security Strategy, Plan, Budget

Government site exposes citizen data

A Government of Canada website served up more than expected when it went live this fall.

An error in Service Canada's new Access Key site, which was launched on September 26, inadvertently exposed the social insurance numbers and banking information of about 75 people. The site – designed as a “one-stop shop” for Canadians to manage benefits such as unemployment insurance and federal pensions – was shut down for repairs on September 28.

“As soon as we identified the issue, we shut down the system and worked with [Public Works and Government Services Canada] and the supplier to correct the problem,” a Service Canada spokesperson told CBC News. The spokesperson blamed “an error in the program's coding” for the information leak.

Service Canada wasn't quite as quick to notify the federal privacy commissioner of the problem. The commissioner's office expressed concern that managers from Service Canada didn't contact the organization for three days.

It wasn't the first instance of tension between the two federal bodies. The Privacy Commissioner also criticized Service Canada for failing to submit the required privacy impact assessment (PIA) for the Access Key site until just 30 days before it was launched. PIAs, which help programmers identify and manage privacy risks, are normally filed 90 days prior to the introduction of a new federal government program or service.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.