Canada's Government Breaks The Rules

Federal departments and agencies in Canada have mishandled personal information belonging to 144,000 Canadians over the past two years, according to new figures tabled in the Ottowa House of Commons, and not everyone who was swept up in a privacy breach was told about it.

The new figures were included in the federal government's answer to an order paper question filed by an MP. The  800-page response didn't offer an explanation for the errors, which range from minor issues to serious breaches involving sensitive personal information.

The Canada Revenue Agency (CRA) was guilty of the most breaches, with more than 3,005 separate incidents affecting close to 60,000 Canadians between Jan. 1, 2018 and Dec. 10, 2019 and the errors concerned included problms with misdirected mail, security incidents and employee misconduct. The Parliament statement says that two-thirds of the total individuals affected were as a result of three separate and unrealted incidents.

Health Canada responsible for 122 breaches, affecting 23,894 individuals. The the agency said in its "most serious" breach, a government employee mistakenly received an email containing personal information. That person immediately notified the appropriate officials at Health Canada and deleted the email, the report said.

Canada Broadcasting Corporation (CBC) was responsible for the third-highest number of casualties, with 17 breaches affecting 20,129 individuals, all of whem were employees. CBC reported one major that saw the theft of IT equipment containing confidential information as the most serious.

The Public Health Agency of Canada (PHAC) was responsible for seven breaches that affected 3,725 individuals; similarly, Environment was responsible for seven breaches, seeing 6,028 affected.

Public Services and Procurement experienced 164 breaches, with 5,149 affected; Employment and Social Development Canada suffered 1,421 breaches, affecting 3,586 individuals.

Department of National Defence (DND) was responsible for 170 breaches, with 2,273 individuals affected; Immigration saw 3,005 breaches, affecting 4,268 individuals; and affecting 5,130 individuals was the 59 breaches Canada Post was responsible for.

The report also quotes Canada's  Privacy Commissioner Daniel Therrien, saying the commissioner has been pushing for changes to the Privacy Act to make breach reporting mandatory, like it is elsewhere, such as Australia.  At presnet, federal departments only have to alert affected individuals in the event of 'material' breaches, cases involving sensitive personal information which might cause serious injury to an individual, or those affecting large numbers of people.

A History of Canadian Surveillance

The Canadian spay agency, the Communications Security Establishment (CSE) also has a history of abusing privacy. A national security measure to track patterns of suspicious activity, the Canadian metadata surveillance program was implemented in 2005 by secret decree. This included the illegal monitoring of free airport Wi-Fi services to gather the communications of all travellers using the service and their subsequent tracking.  

It was then suspended for a year in 2008, amid concerns that the program could amount to unwarranted surveillance of innocent Canadians. However, the program was renewed in 2011 via ministerial directive from then-Defence Minister Peter MacKay. The program was broadly approved by the CSE Commissioner at the time, although he number of Canadians affected by this surveillance is unknown.

CBC:        Parliamnt of Canada:       ZDNet:        Wikipedia:  

You Might Also Read: 

What is The Canadian Institute For Cybersecurity & Why Does It Matter?:

 

 

« Sustained Cyber Attacks Are The New Normal
Facebook Scams Offer Fake Money To Steal Personal Data »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CERT.AZ

CERT.AZ

The national Cyber Security Center of the Republic of Azerbaijan.

DG Technology

DG Technology

DG Technology is a customer-centric technology expert and business consultant that delivers services and products to minimize your information security, compliance, and business risks.

PerimeterX

PerimeterX

PerimeterX is the leading provider of solutions that secure digital businesses against automated fraud and client-side attacks.

Accertify

Accertify

Accertify is a leading provider of fraud prevention, chargeback management, and payment gateway solutions.

Cybersecurity Professionals

Cybersecurity Professionals

Search vacancies from top cyber security jobs worldwide on CyberSecurity Professionals. View IT security jobs or upload your CV to be seen by recruiters from industry leading firms.

Argo Group

Argo Group

Argo is an international underwriter of specialty insurance. Argo Cyber offers a full spectrum of coverage solutions related to professional and technology services.

Corsha

Corsha

Corsha is on a mission to simplify API security and allow enterprises to embrace modernization, complex deployments, and hybrid environments with confidence.

CybX Security LLC

CybX Security LLC

CybX is the first company of its kind to merge the practice of computer forensics with computer security and information security.

Littlefish

Littlefish

Littlefish provide world-class, award-winning Managed IT and Cyber Security Services, delivered from our 24/7 UK service centres.

SuperCom

SuperCom

SuperCom are a global secure solutions integrator and technology provider for governments and other consumers facing organizations around the world.

BAE Systems

BAE Systems

BAE Systems develop, engineer, manufacture, and support products and systems to deliver military capability, protect national security, and keep critical information and infrastructure secure.

Cytek

Cytek

Cytek is a leading provider of cybersecurity and HIPAA compliance for dental practices and other industries.

Radius Technologies

Radius Technologies

Radius Technologies is trusted by progressive SMEs to deliver world-class cloud, IT solutions, IT and data security, and telecoms systems.

National Information and Cybersecurity Council (NICC)

National Information and Cybersecurity Council (NICC)

National Information and Cybersecurity Council is a leading collaborative effort between Government of India and Industry to raise Cybersecurity awareness nationally.

ConductorOne

ConductorOne

ConductorOne is building the identity security platform for the modern workforce.

FOSSA

FOSSA

FOSSA is a leading SBOM (software bill of materials) and software supply chain risk management platform.