It’s easy to take cheap shots at public servants – there are so many of them and it’s harder for them to hide their fumblings than people in the private sector.
Still, with admission by Human Resources and Skills Development Canada minister Diane Finley that her department has – again – lost an unencrypted device with personal information on it.
As the year ended it was reported that someone at HRSD can’t find a USB key with information on 5,000 people.
This time it’s a portable hard drive with the names, social insurance numbers, birth dates and other information on 585,000 student loan borrowers between 2000 and 2006, plus contact information on 250 departmental staffers from a Gatineau, Que., office.
The loss of the drive, which went missing Nov. 5, is being investigated by the RCMP and the office of the federal privacy commissioner.
An official with HRSD told The Star the department’s policy is such devices have to be encrypted. So who can’t read?
According to a statement from HR minister Diane Finley, the drive was being used as a backup.
By the way, if you’d like to know how things work in her department, here’s a chronology:
–Nov. 5, 2012: An HRSDC employee discovered that an external hard drive was missing. Search efforts began.
–Nov. 28: The Departmental Security Officer was notified.
–Dec. 6: Discovery that personal information of Canada Student Loans Program clients was on the hard drive.
–Dec. 14: The Office of the Privacy Commissioner was notified.
–Jan. 7: The incident was referred to the Royal Canadian Mounted Police.
–Jan. 11: Canadian public was informed of the incident.
That’s right: Just over a month after HRSD realized what was on the drive, and five days after the RCMP was notified, the general public was told.
What’s Finley doing about it? New, stricter protocols are being immediately implemented. Portable hard drives are no longer permitted by departmental staff. Unapproved USB keys – remember the one the department is still search for? — are not to be connected to the network.
“I have requested that HRSDC employees across Canada receive comprehensive communications on the seriousness of these recent incidents and that they participate in mandatory training on a new security policy to ensure that similar situations do not occur again,” Finley said in a statement. “Further, I have instructed that the new policy contain disciplinary measures that will be implemented for staff, up to and including termination, should the strict codes of privacy and security not be followed.”
Letters are being sent to affected people who the department has current contact information on. Starting today, a special phone numbers has been set up 1 -866-885-1866 (or 416-572-1113 for those outside of North America) for people to verify if they are affected by this incident, and to ask additional questions regarding this issue. Hours of operation will be 8:00 a.m.-8:00 p.m. (EST), 7 days a week.
