Ontario’s privacy commissioner is angry that two people in the provincial elections office disregarded government policy and left unencrypted personal data of over 2 million voters on two USB drives
that disappeared in the spring.
“I’m deeply disturbed,” Ann Cavoukian said Tuesday in an interview.
It’s “the largest data breach that has occurred in the province,” she said from either a public agency or a private sector business. The risk, she added, is someone could access personal information and steal peoples' identities.
It’s not merely a black eye for the province. It’s also an embarrassment because Cavoukain (pictured above) is known around the world as a privacy advocate.
“One of the reasons I was so disturbed is the data on millions of people was not encrypted,” she added.
isn’t exactly clear what’s on the drives, according to chief electoral officer Greg Essensa – or whether the drives were stolen or are merely missing
(Photo by IT World Canada)
He told reporters the two drives have names, addresses, gender, birth dates and “any other personal information updates provided to Elections Ontario” by roughly half of people on the voters list last fall, and possibly, whether they voted. What's not on the drives ae social insurance numbers, health card numbers, drivers licence information, credit card or banking information.
But after several months of investigating it still isn’t sure what names were on the drives. It believes they covered 20 to 25 of the 49 electoral districts being worked on by staff at the time.
Even forensic experts hired by the department can’t figure out which ridings were on the drives.
The department has done a “rigorous” search for the drive, Essensa said, and a full investigation by a private law firm and a forensics security firm, an investigation still ongoing. It’s also been reported to the Ontario Provincial Police.
Meanwhile, he’s advising all Ontarians to watch for “potential unusual activity” regarding any transactions with the province, banks, utilities and retailers.