Tuesday, May 24, 2022

Employee fired after biggest privacy breach at Canada Revenue, says CBC

Sometimes employees just can’t resist the temptation to snoop through customer files.

Hospitals and doctors’ offices, which have detailed medical records of patients are one prime sector with potential for prolems. Canada Revenue Agency, with years of tax information about citizens and residents is another.

CBC has already reported that eight CRA staffers were fired during the fiscal year that ended March 31 for mproperly accessing taxpayer data. Now comes news that another person was fired just before that for committing the the biggest privacy breach in the department’s history.

The broadcaster said sometime before March 23, 2016 the unnamed employeee improperly accessed the accounts of 38 taxpayers in detail, and briefly accessed another 1,264 accounts using a search function to find surnames and postal codes.

In that case, a CRA spokesman told the broadcaster, no taxpayer data was changed. The spokesperson also stressed that of the 1,264 accounts briefly accesseed files were viewed for approximately two seconds per account.

The spokesperson also noted that on March 31 the CRA completed a $10.2-million IT system that “will monitor employee accesses to taxpayer information and will flag accesses that appear inconsistent with the employees’ assigned workloads or duties.”

So this is time for another reminder that the federal privacy commissioner’s office has issued guidance on ways to cut down on employee snooping.  Suggestion number one is foster a culture of privacy.

“Perhaps the most important element in the prevention of employee snooping is an organization’s culture of privacy,” says the document, “as it supports the effectiveness of all other measures. This starts with the establishment of clear expectations and requirements for employees. Develop a set of comprehensive privacy policies and procedures, and reflect and operationalize them in concrete practices, to ensure that employees: (i) understand that privacy is a core organizational value, and (ii) know what this means for their day-to-day activities.  Further, give your organization’s privacy officer (or a similar role) a clear mandate to educate, monitor compliance, and investigate and address violations. When the importance of, and practices associated with, respecting privacy are front-of-mind, employees are less likely to snoop without thinking — helping to avoid incidents based on impulsiveness, misunderstanding or curiosity.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.