Ontario government acts to defuse security slip up

Swift action by Management Board of Cabinet has defused what could have been a major embarrassment for the Ontario government – a recent security slip up that caused personal information of 27,000 Ontarians to be disclosed to strangers.

The privacy breach occurred a couple of weeks ago when Ontario child-care supplement cheques were mailed out with stubs attached that included the name, address and SIN – not of the recipient – but another client.

The fallout could have been even more severe were it not that the majority of child-care support recipients – approximately 86,0000 persons – receive payments by direct bank deposit. The information of these recipients was not disclosed.

Damage was also restricted because the government learned of the breach early – on December 2 – and promptly stopped cheque production and distribution.

The next day the government reportedly informed the Information and Privacy Commissioner (IPC) and all MPPs of the incident. Government officials worked with the IPC and others to determine the most appropriate way to assist the affected individuals, according to a Management Board Secretariat (MBS) release.

Apology letters were drafted and mailed to all Ontario Child Care Supplement clients affected by this breach.

The government blamed human error and a new computer system. Management board chair Gerry Phillips said the new software wasn’t tested on the computers that are used to issue the cheques. But he added government employees should be held responsible, not the computer program.

“I take this matter extremely seriously and apologize on behalf of the government for this unacceptable release of personal information,” said Phillips. “I want to assure the public that government officials have identified the cause of the problem and have taken steps to ensure this does not happen again.”

He said his office is working with the IPC and other experts “to determine the most appropriate way to assist the affected individuals.”

Based on advice from Privacy Commissioner, the government has urged everyone affected by this incident to destroy any personal information they received which does not belong to them.

As a precautionary measure, MBS has also asked cheque recipients to monitor and verify all bank accounts, credit card and other financial transaction statements for any suspicious activity.

The MBS release said Government officials have identified the problem, fixed and tested its computer cheque systems, and have been assured these systems will operate properly. “Officials have also taken steps to ensure no problems have arisen in other computer cheque systems.”

The Ontario government is reportedly conducting an internal audit into this breach to determine precisely what happened and why.

Related Download
Improving the State of Affairs With Analytics Sponsor: SAS
Improving the State of Affairs With Analytics
Download this case study-rich white paper to learn why data management and analytics are so crucial in the public sector, and how to put it to work in your organization.
Register Now