The privacy commissioner is blasting managers at Elections Ontario for failing to enact security measures after losing two USB keys with the personal information of more than two-million voters.
Ann Cavoukian calls it the largest privacy breach in Ontario history and she’s come up with recommendations to prevent it from happening again.
The two USB keys contained the unencrypted personal information of as many as 2.4-million voters. According to Cavoukian, four-million people are impacted because Elections Ontario could not identify which of the 20 to 25 electoral districts from a group of 49 were involved.
Cavoukian said the information on the lost memory sticks was not encrypted and said the same mistake was made even after they were reported missing.
“On what planet do you do that?,” she asked. “You do the same thing and don’t encrpyt the data again? It’s baffling to me.”
She said it’s like leaving money lying around for someone to steal.
“It can have the same value because the damage that can result from identity theft and many other deceptive practices is considerable,” she said.
The memory keys contained names, addresses and birth dates, but fortunately the agency does not collect social insurance numbers, health card or drivers’ licence or banking information which could be used by identity thieves.
Meanwhile, her recommendations to Elections Ontario are:
– Conduct an independent third party audit of all of the personal information management policies, practices and procedures at Elections Ontario
– Following the audit, develop a privacy policy that includes encryption and follow it
– Establish technology sevices as the centre of responsibility and accountability at Elections Ontario for the implementation of the privacy policy
– Appoint a senior manager as the chief privacy officer
– Develop a comprehensive, mandatory privacy program for all temporary and full-time newly hired staff and all staff on an annual basis
– Provide commissioner’s office with a copy of the audit report and any new or revised policies
The recommendations to the government of Ontario are:
– Ask the auditor general to conduct regular privacy audits of information management practices at public sector agencies
– Conduct a complete review and modernization of the election act to ensure the privacy and security of personal information is strongly protected and used prudently
The office of the privacy commissioner published a report based on the investigation and it’s available online.
http://www.ipc.on.ca/images/Findings/2012-07-31-Elections-Ont_1.pdf
Voter information privacy breach ‘largest privacy breach in Ontario’s history,’ commissioner says
Charlene Close
Gas Prices
680News Android App
Weather Guarantee
Advertiser Directory
Comments
Editor's note: Comments which include offensive or inappropriate language will be deleted. Healthy debate is encouraged but we will not permit any personal attacks. View our comment policy here.