ANOTHER MAJOR PRIVACY BREACH IN B.C.

Since 2010, a total of 4,420 government privacy breaches have been reported to the Office of the Chief Information Officer in B.C. That’s almost a thousand “breaches” a year. (1)  And, it only includes those reported.   The privacy commissioner’s office has “looked into some 500 privacy breaches of one kind or another involving government and its agencies over the past five years”. (9)  And again, it includes only those reported which are a very small fraction of the total “breaches” because government agencies are not required to report “breaches”.

Now, more information has been “lost” by the B.C. government. This time the education ministry  “lost” “personal information for 3.4 million B.C. and Yukon students and B.C. teachers from 1986 and 2009.   The hard drives included names, addresses, genders, birth dates and education identity numbers, teacher retirement plans, substance abuse information, mental health issues, psychological assessments, plus detailed family data, social, type of schooling, grade information, graduation status, financial aid data, and designations such as ESL and special needs, economic and education status of cancer victims and children in provincial foster care and health and behaviour issues for children in care.  (1)(2)(5)(7)  “It also included family troubles and police interventions……, letters from members of the public with specific complaints about teachers; particulars on some 1,000 cancer survivors who took part in a lengthy research trial”. (9) This information was NOT anonymous.  All information could be connected to people’s names. (8)

Why does the education ministry have information going back 30 years? The teacher retirement plans was a survey done in 2003 so the older information pertains to the children.  Isn’t there a time limit on how long the government can keep information on students and children in care.  Oh right, this is the B.C. government that keeps all information on citizens for ever.

The hard drive was discovered missing in August 2015 but the hard drive “could have been missing for as long as five years”. (4)  The ministry had been trying to track it down since early August and didn’t notify the Technology Minister Amrik Virk until around September 11, 2015.

Again, the privacy commissioner’s office listed numerous ways in which the education ministry failed to provide adequate security and provided recommendations to improve security. (1) This is the same list/recommendations as identified in previous “breaches” and, no doubt, it will be the same list/recommendations as identified in future “breaches”.  I suspect the privacy commissioner’s office keeps a copy of this list of inadequate security measures and recommendations that it just reprints for each new “breach’  because nothing changes.

The Technology Minister Amrik Virk called the “breach” “low risk” because there is no indication of fraud and identity theft. (5) What a “convenient” statement.  Apparently, the ministry has done comprehensive searches by up to 50 bureaucrats, and “they had looked in every box, in every desk, in every drawer, and they weren’t able to find it” (6), but the ministry still considers the possibility of theft to be “low”.  And, the warehouse was not equipped to secure information. (6)  Plus, when the statement was made, the ministry had not examined the potential risk to individuals or notified them. (5)  The use of the information by others may not be as obvious as identity theft.  Personal information is very valuable these days.  Based on what I’ve read, companies are building large personal information databases.  This information can be used by the company and/or sold to marketers, insurance, banks, future employers, etc. so the people whose information went “missing” may never know that they lost a job, a bank loan, insurance and so on because of the information the companies were/are able to access.  This “loss” of information could haunt these people for the rest of their lives.

And, as the privacy commissioner’s office noted: the information could cause emotional hurt, humiliation or damage to reputation, if in the wrong hands.   “I think it essential to emphasize that the affected individuals are some of the most vulnerable in our society.  They include children in care, children in custody, children with special needs, and children with health conditions. These are all circumstances that can lead to stigmatization by society in general and instances of individual discrimination.” (1)

The privacy commissioner’s office “interviewed some 16 individuals, including current and former employees. But ‘owing to the passage of time, the testimony was, understandably, often vague, incomplete or inconsistent.’ Coupled with the lack of documentation — another common occurrence with this government — she was unable to place blame on any particular individuals”. (9) So, again, no one will be held accountable.

Education Minister Mike Bernier said: “We sincerely apologize for any inconvenience this incident may have caused people” (italics mine).  Could you trivialize the matter more?  My goodness, did the government drop someone’s pen?

But just ask the B.C. government, including medical people, and they will tell you that your information is protected.

“The incident prompted the Government Communications and Public Engagement office to write a 16-page script of anticipated questions and suggested answers for politicians.” (1) So the hand puppets and toadies just regurgitate the scripted answers.

The scripted answers also state that the trend of reported “breaches” was increasing through 2014, but has since begun to decline. Other possibilities:

  1. This is a scripted answer by government so is likely a lie. See post “Our Information is Not Protected – Part I” for example(s) of how government lies.
  2. The government may just be covering up more “breaches” and not reporting them.
  3. When you are “losing” information on millions of B.C. citizens at one time, what’s left to “breach” that isn’t already out there? Again, see post “Our Information is Not Protected – Part I” where the government “illegally shared” information on 4 to 5 million B.C. citizens.

And, of course, they promise everything will be fixed so citizen’s information is protected. Until the next time!!  Because they lie!!

My question is: Is there any information left, on the people of B.C., held by the B.C. government, that hasn’t been illegally shared or “lost”??

 

 

 

 

 

  1. Education Ministry Chastised for Latest BC Data Breach – Bob Mackin, 29 JAN 2016, TheTyee.ca

 

  1. Ministry of Education failed to protect personal information involving missing portable hard drive – Dissent, 28 JAN 2016, Office of Inadequate Security

 

  1. Investigation Report F16-01, Ministry of Education, 28 JAN 2016, The Privacy Commissioner’s office; CanLII Cite: 2015 BCIPC No. 65; Quicklaw Cite: [2015] B.C.I.P.C.D. No. 65

 

  1. B.C. ministry broke rules, leading to data breach: Privacy commissioner – The Canadian Press, 28 JAN 2016, The Globe and Mail,

 

  1. B.C. education data breach: government can’t find unencrypted hard drive – 15 Sep 2015, CBC

 

  1. B.C. Education Ministry Slammed For Losing Hard Drive With Students’ Personal Info – Tamsyn Burgmann, 28 JAN 2016, The Canadian Press

 

  1. B.C. ministry broke rules, leading to data breach: Privacy commissioner – The Canadian Press, 28 JAN 2016, The Globe and Mail

 

  1. Largest data breach in B.C. could have been “completely preventable’: watchdog report – Paula Baker, 28 JAN 2016, Global News (this is actually the 2nd largest see , see post “Our Information is Not Protected – Part I” where the government “illegally shared” information on 4 to 5 million B.C. citizens.

 

  1. Privacy breach a failure of ‘executive leadership,’ watchdog says – Vaughn Palmer, 28 JAN 2016, Vancouver Sun (a paper I never bought)

 

10. B.C. student data breach could affect more than 3 million people – Amy Judd, 22 SEP 2015, Global News