Telecom Signaling Industry News

TMCNet:  Feds apologize for losing personal info on half a million Canadians

[February 14, 2013]

Feds apologize for losing personal info on half a million Canadians

(Canadian Press DataFile Via Acquire Media NewsEdge) By Stephanie Levitz OTTAWA _ We're sorry _ and we're trying to make sure it never happens again.

That was the message Thursday from senior federal bureaucrats responsible for the loss of personal information belonging to more than half a million Canadians.

Employees at Human Resources and Skills Development Canada lost an external hard drive and USB key in November, resulting in the massive privacy breach.

"Sensitive personal information was stored on unencrypted portable storage devices and not properly secured. This should not have occurred," said Ian Shugart, a deputy minister with the department.

"On behalf of Human Resources and Skills Development Canada, I say to the committee, I apologize for these incidents. " Most of the people affected participated in the Canada Student Loan program between 2000 and 2007, though information belonging to participants in other programs _ as well as government staff _ was also compromised.

Both the RCMP and privacy commissioner are now investigating and at least three class action lawsuits have been launched.

A trio of bureaucrats from the department appeared before a House of Commons committee Thursday to give their account of what happened.

After the hard drive vanished on Nov. 5, officials spent a month scouring offices in Gatineau, Que., both searching for the missing device and trying to figure out what data was on it, Shugart said.

"We were being diligent about the search, when we came to the conclusion, the strong supposition that the material was not likely to be found, we continued even after to that to search exhaustively, " he said.

But when they realized that the social insurance numbers, birthdays and account balances of some 583,000 people had gone missing, Shugart said they immediately notified the privacy commissioner, began alerting those affected and launched an internal investigation.

Meanwhile, another search had already been launched for a USB key that went missing some 10 days earlier. That device contained social insurance numbers, birthdays and information on medical conditions for about 5,000 people. In that instance, it only took six days for the privacy commissioner to be warned.

MPs wondered why, in the case of the hard drive, it seemed to take so long to let Canadians know their personal information had been lost.

"You describe the actions as swift, you acted swiftly, but November 5 this first hard drive went missing and there wasn't a formal investigation launched until the first week of January," said NDP MP Ryan Cleary.

"How can you describe that as swift " Shugart said the officials were simply following their own rules.

"I don't want to be misunderstood as in any way saying that what occurred is acceptable _ it wasn't _ but with the information we had at the time we had it, we believe we acted appropriately with respect to our protocols." In neither case is criminal behaviour suspected, Shugart added.

"We encountered no evidence of malfeasance and none of the monitoring that has been done since has given us any reason to believe that malicious activity has been undertaken." In the wake of the two losses, the government has arranged for those affected to have access to credit protection packages via the credit reporting service Equifax.

About 50,000 people have enrolled so far, the bureaucrats said.

They've also fielded calls from about 200,000 people concerned about their data, and say about 65 per cent were caught up in the loss.

Since the two incidents, the department has banned the use of portable hard drives and unapproved USB sticks. They have also installed new data loss protection software designed to keep better tabs on where and how data is being moved around the department.

The ongoing internal investigation means no disciplinary action has yet been taken against the employees responsible for the data loss, though existing policies suggest they could lose their jobs.

Human Resources was responsible for 19 out of 80 privacy breaches by government departments reported to the privacy commissioner's office last year.

The majority of the 80 were due to human error, the commissioner's office reported.

Shugart said his department's aim is to get that number down to zero.

"Human beings run the system; there can never be any absolute fail-safe," he said.

"But in terms of that human culture, we want to be an organization that is excellent in everything that we do and individuals know their part in the larger scheme of things and they will handle Canadians information carefully, sensitively and accordingly to the rules." (c) 2013 The Canadian Press

[ Back To Telecom Signaling's Homepage ]

Featured Events

5G NA Signaling Day

November 14-16, 2016
Sheraton Dallas, Dallas, TX

Featured Webcasts

Securing The Signaling Interconnect: Oracle's Perspective On Recent Security Events

Today's telecommunications landscape is changing rapidly, and the "institution" of trust between networks that has been assumed over the decades is no longer relevant. We are now hearing of vulnerabilities in CSP interconnection points that have been known ...

Applications of Wi-Fi Calling

With all of the discussion about faster data access and richer content, it could be assumed that voice services no longer play an important role in the business model of the communications service provider. Join ReThink Technologies Research and Oracle Communications as we explore ...

Featured Whitepapers

Oracle Communications Diameter Signaling Router Main Differentiators

Diameter is the protocol used by network elements in LTE and 3G networks to enable and monetize services, such as voice, video and data. Diameter enables revenue-generating data services; including tiered data plans, loyalty programs, application specific QoS, content provider and Internet of Things (IoT) solutions ...

Multi-Layer Security Protection for Signaling Networks

The sanctity of mobile operators' networks and brands will depend greatly on their ability to deliver QoS guarantees to roaming and interconnect partners, while simultaneously protecting increasingly multimedia-savvy and socially connected ...

Featured Datasheets

Oracle Communications Diameter Signaling Router

Centralizing Diameter routing with cloud deployable Oracle Communications Diameter Signaling Router creates a secure signaling architecture that reduces the cost and complexity of the core network and enables elastic growth, interoperability and rapid introduction ...

Oracle Communications Mobile Security Gateway

The Oracle Communications Mobile Security Gateway is a high performance gateway that allows the Communications Service Provider (CSP) to cost effectively expand network coverage and increase capacity by incorporating Heterogeneous ...

Oracle Communications Evolved Communications Application Server

As service providers drive their networks toward an all-IP and virtualized state, they require the means to design and deliver compelling high definition voice, video and multimedia offers via Voice over LTE (VoLTE) and Voice over WiFi (VoWiFi) ...

Featured Infographic