Canada's Government Breaks The Rules

Uploaded on 2020-02-26 in GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

Federal departments and agencies in Canada have mishandled personal information belonging to 144,000 Canadians over the past two years, according to new figures tabled in the Ottowa House of Commons, and not everyone who was swept up in a privacy breach was told about it.

The new figures were included in the federal government's answer to an order paper question filed by an MP. The  800-page response didn't offer an explanation for the errors, which range from minor issues to serious breaches involving sensitive personal information.

The Canada Revenue Agency (CRA) was guilty of the most breaches, with more than 3,005 separate incidents affecting close to 60,000 Canadians between Jan. 1, 2018 and Dec. 10, 2019 and the errors concerned included problms with misdirected mail, security incidents and employee misconduct. The Parliament statement says that two-thirds of the total individuals affected were as a result of three separate and unrealted incidents.

Health Canada responsible for 122 breaches, affecting 23,894 individuals. The the agency said in its "most serious" breach, a government employee mistakenly received an email containing personal information. That person immediately notified the appropriate officials at Health Canada and deleted the email, the report said.

Canada Broadcasting Corporation (CBC) was responsible for the third-highest number of casualties, with 17 breaches affecting 20,129 individuals, all of whem were employees. CBC reported one major that saw the theft of IT equipment containing confidential information as the most serious.

The Public Health Agency of Canada (PHAC) was responsible for seven breaches that affected 3,725 individuals; similarly, Environment was responsible for seven breaches, seeing 6,028 affected.

Public Services and Procurement experienced 164 breaches, with 5,149 affected; Employment and Social Development Canada suffered 1,421 breaches, affecting 3,586 individuals.

Department of National Defence (DND) was responsible for 170 breaches, with 2,273 individuals affected; Immigration saw 3,005 breaches, affecting 4,268 individuals; and affecting 5,130 individuals was the 59 breaches Canada Post was responsible for.

The report also quotes Canada's  Privacy Commissioner Daniel Therrien, saying the commissioner has been pushing for changes to the Privacy Act to make breach reporting mandatory, like it is elsewhere, such as Australia.  At presnet, federal departments only have to alert affected individuals in the event of 'material' breaches, cases involving sensitive personal information which might cause serious injury to an individual, or those affecting large numbers of people.

A History of Canadian Surveillance

The Canadian spay agency, the Communications Security Establishment (CSE) also has a history of abusing privacy. A national security measure to track patterns of suspicious activity, the Canadian metadata surveillance program was implemented in 2005 by secret decree. This included the illegal monitoring of free airport Wi-Fi services to gather the communications of all travellers using the service and their subsequent tracking.  

It was then suspended for a year in 2008, amid concerns that the program could amount to unwarranted surveillance of innocent Canadians. However, the program was renewed in 2011 via ministerial directive from then-Defence Minister Peter MacKay. The program was broadly approved by the CSE Commissioner at the time, although he number of Canadians affected by this surveillance is unknown.

CBC:        Parliamnt of Canada:       ZDNet:        Wikipedia:  

You Might Also Read: 

What is The Canadian Institute For Cybersecurity & Why Does It Matter?:

 

 

« Sustained Cyber Attacks Are The New Normal
Facebook Scams Offer Fake Money To Steal Personal Data »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Information Commissioner's Office (ICO) - UK

Information Commissioner's Office (ICO) - UK

The Information Commissioner's Office is an independent authority set up to uphold information rights in the public interest.

BakerHostetler

BakerHostetler

BakerHostetler is one of the largest law firms in the USA We have five core practice groups including a specialty practice team in Privacy and Data Protection.

Senetas

Senetas

Senetas is a leading developer and manufacturer of certified high-assurance encryption solutions, dedicated to protecting network transmitted data without compromising performance.

Altius IT

Altius IT

Altius IT reviews your website for security vulnerabilities and provides a report identifying vulnerabilities and recommendations to make secure.

Fastpath Solutions

Fastpath Solutions

Fastpath deliver software solutions that enable you to take control of your security, compliance and risk management initiatives.

Vade Secure

Vade Secure

Vade Secure provides protection against the most sophisticated email scams such as phishing and spear phishing, malware and ransomware.

Qualcomm Technologies

Qualcomm Technologies

Qualcomm invents breakthrough technologies that transform how the world connects, computes and communicates.

SystemExperts

SystemExperts

SystemExperts is a premier provider of IT compliance and cyber security consulting services.

ThreatX

ThreatX

ThreatX provides complete web application & API protection to address expanding app footprints and complex attacks.

Bionic

Bionic

Bionic is an agentless way to get control over your increasingly complex applications so you can manage, operate, and secure them faster and more efficiently.

AirITSystems

AirITSystems

AirITSystems offer companies comprehensive IT security solutions that take all security considerations into account and are tailored to your business.

Nostra

Nostra

Nostra are a next generation managed services provider with a constant focus on Security and Business Continuity.

NetBlocks

NetBlocks

NetBlocks is a global internet monitor working at the intersection of digital rights, cyber-security and internet governance.

Airgap Networks

Airgap Networks

Airgap is fixing the fundamental flaw of excessive trust. We help enterprises modernize their network for a simple and secure infrastructure.

SignalFire

SignalFire

SignalFire invest across both enterprise and consumer sectors at the seed and early growth stages.

ProjectDiscovery

ProjectDiscovery

ProjectDiscovery is an open-source, cybersecurity company that builds a range of software for security engineers and developers.