Canada's Government Breaks The Rules

Uploaded on 2020-02-26 in GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

Federal departments and agencies in Canada have mishandled personal information belonging to 144,000 Canadians over the past two years, according to new figures tabled in the Ottowa House of Commons, and not everyone who was swept up in a privacy breach was told about it.

The new figures were included in the federal government's answer to an order paper question filed by an MP. The  800-page response didn't offer an explanation for the errors, which range from minor issues to serious breaches involving sensitive personal information.

The Canada Revenue Agency (CRA) was guilty of the most breaches, with more than 3,005 separate incidents affecting close to 60,000 Canadians between Jan. 1, 2018 and Dec. 10, 2019 and the errors concerned included problms with misdirected mail, security incidents and employee misconduct. The Parliament statement says that two-thirds of the total individuals affected were as a result of three separate and unrealted incidents.

Health Canada responsible for 122 breaches, affecting 23,894 individuals. The the agency said in its "most serious" breach, a government employee mistakenly received an email containing personal information. That person immediately notified the appropriate officials at Health Canada and deleted the email, the report said.

Canada Broadcasting Corporation (CBC) was responsible for the third-highest number of casualties, with 17 breaches affecting 20,129 individuals, all of whem were employees. CBC reported one major that saw the theft of IT equipment containing confidential information as the most serious.

The Public Health Agency of Canada (PHAC) was responsible for seven breaches that affected 3,725 individuals; similarly, Environment was responsible for seven breaches, seeing 6,028 affected.

Public Services and Procurement experienced 164 breaches, with 5,149 affected; Employment and Social Development Canada suffered 1,421 breaches, affecting 3,586 individuals.

Department of National Defence (DND) was responsible for 170 breaches, with 2,273 individuals affected; Immigration saw 3,005 breaches, affecting 4,268 individuals; and affecting 5,130 individuals was the 59 breaches Canada Post was responsible for.

The report also quotes Canada's  Privacy Commissioner Daniel Therrien, saying the commissioner has been pushing for changes to the Privacy Act to make breach reporting mandatory, like it is elsewhere, such as Australia.  At presnet, federal departments only have to alert affected individuals in the event of 'material' breaches, cases involving sensitive personal information which might cause serious injury to an individual, or those affecting large numbers of people.

A History of Canadian Surveillance

The Canadian spay agency, the Communications Security Establishment (CSE) also has a history of abusing privacy. A national security measure to track patterns of suspicious activity, the Canadian metadata surveillance program was implemented in 2005 by secret decree. This included the illegal monitoring of free airport Wi-Fi services to gather the communications of all travellers using the service and their subsequent tracking.  

It was then suspended for a year in 2008, amid concerns that the program could amount to unwarranted surveillance of innocent Canadians. However, the program was renewed in 2011 via ministerial directive from then-Defence Minister Peter MacKay. The program was broadly approved by the CSE Commissioner at the time, although he number of Canadians affected by this surveillance is unknown.

CBC:        Parliamnt of Canada:       ZDNet:        Wikipedia:  

You Might Also Read: 

What is The Canadian Institute For Cybersecurity & Why Does It Matter?:

 

 

« Sustained Cyber Attacks Are The New Normal
Facebook Scams Offer Fake Money To Steal Personal Data »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Redscan Cyber Security

Redscan Cyber Security

Redscan Cyber Security is a Managed Security Services Provider (MSSP) that enables businesses to effectively manage their information security risks.

Cyber Exec

Cyber Exec

Cyber Exec is an executive search firm dedicated to global talent acquisition in Cyber Security, Information Technology, Defense...

Conference-Service

Conference-Service

Conference-Service provides a categorised calendar of conferences and events, including Information Security & Privacy.

Exida

Exida

Exida is a leading product certification and knowledge company specializing in industrial automation system safety, security, and availability.

Pole SCS (Secure Communicating Solutions)

Pole SCS (Secure Communicating Solutions)

SCS is a world-class competitiveness cluster dedicated to digital technologies in the fields of Microelectronics, Internet Of Things, Digital Security, Artificial Intelligence And Big Data.

ActiveCyber

ActiveCyber

ActiveCyber is a source for news, reviews, learning, and technological innovation in the active cyber defense industry.

Software Engineering Institute (SEI)

Software Engineering Institute (SEI)

At the CERT Division of SEI we study and solve cybersecurity problems, research security vulnerabilities in software, and develop information and training to help improve cybersecurity.

NLnet Labs

NLnet Labs

NLnet Labs is a not-for-profit foundation with a long heritage in research and development, Internet architecture and governance, as well as security in the area of DNS and inter-domain routing.

Dual Layer IT Solutions

Dual Layer IT Solutions

Dual Layer offer a full range of IT Services and Solutions for businesses from IT infrastructure design to cloud/hosted solutions, cybersecurity, disaster recovery and IT training.

Veracity Industrial Networks

Veracity Industrial Networks

Veracity provides an innovative industrial network platform that improves the reliability, efficiency, and security of industrial networks and devices.

UK Research & Innovation (UKRI)

UK Research & Innovation (UKRI)

UKRI works in partnership with universities, research organisations, businesses, charities, and government to create the best possible environment for research and innovation to flourish.

Qascom

Qascom

Qascom is an engineering company offering security solutions in satellite navigation and space cybersecurity. We are one of the European key players in GNSS authentication and security.

FourthRev

FourthRev

FourthRev is an education-technology start-up with a mission to solve the skills crisis of the Fourth Industrial Revolution.

NewAE Technology

NewAE Technology

NewAE Technology is revolutionizing the hardware security market by making every engineer and designer aware of side-channel power analysis and glitching as important attack vectors.

Coalition for Secure AI (CoSAI)

Coalition for Secure AI (CoSAI)

CoSAI is an open ecosystem of AI and security experts from industry leading organizations dedicated to sharing best practices for secure AI deployment and collaborating on AI security research.

Cythera

Cythera

Cythera is an Australian cyber security company with in-house cyber security professionals providing world-class cyber protection to medium to large companies all over Australia.