Not only that, she said, the initial report by a forensics firm into the loss wrongly said the data on the keys could only be accessed by Elections Ontario software or “specialized” commercial software.
In fact, Cavoukian said, the information was in a “standard database coding language” that could be accessed by a variety of commercially available and free software programs.
It was initially believed that the missing sticks held data on 25 voting districts out of 107. However, because the temporary staff were working on a total of 49 districts, Cavoukian can’t be sure data on which districts were lost.
So she’s recommending that 4 million voters in the 49 polls watch their bank and credit card records for the next 12 months for suspicious activity.
The data included persons names, addresses and dates of birth. Birth dates are important pieces of information for people who commit identity fraud, Cavoukian said. But the voters list also has exact names --- say, John Irving Smith, as opposed to John Smith – which could help fraudsters as well.
Elections Ontario is an agency that reports to the Speaker of the Legislature.
Two people who had responsibilities for the drives for locking up the drives at the temporary facility are no longer with agency.
The Ontario Provincial police has opened a criminal investigation.
Cavoukian said she couldn’t fault completely Elections Ontario’s technical staff completely, for they repeatedly advised management against using USB keys. Instead a decision was made to give the project leaders memory sticks with encryption software, but not the training in how to use it. Nor could she fault the temporary staff.
“While there appeared to be a general recognition of the importance of privacy and security,” Cavoukain said, “for the most part concerns about how personal information was to be managed tended to be directed to Elections Ontario’s external stakeholders [including political parties and returning officers] who are the recipients of the information, as opposed to their internal processes.”
“Ultimately, at the root of the problems uncovered during my investigation was the complete failure to build privacy into the routine day to day information management practices of this organization,” she told reporters.
“What is particularly discouraging was the discovery that the privacy and security of personal information, which is their sole responsibility in terms of the electorate, was not part of the training programs that were offered to staff.
The need to protect personal information must be part of Election Ontario’s culture, she said, to restore the trust of taxpayers.
To do it, she recommends
--The agency hire an independent group to audit its privacy policies and procedures, and develop a requirement that any personal information stored on mobile devices must be encrypted.
--That requirement already exists, Cavoukian admitted, but it wasn’t reflected in the agency’s practices. “A policy is not enough sitting on some shelf, not understood, not translated into the day to day steps of your staff … It has to be embedded in the operations of your agency.”
--There has to be accountability “at the highest levels” at Elections Ontario, including the hiring of a privacy officer. It is “astounding” it doesn’t, Cavoukian said.
Also, the agency’s technology services department should take full responsibility for training and supporting staff to ensure the protection of personal voter information.
Cavoukian has also asked the provincial government to have the auditor-general regular privacy audits of public sector agencies, which, like Elections Ontario, don’t come under her office’s jurisdiction.
Cavoukian did her investigation at the request of Elections Ontario.