Canada's Government Breaks The Rules

Federal departments and agencies in Canada have mishandled personal information belonging to 144,000 Canadians over the past two years, according to new figures tabled in the Ottowa House of Commons, and not everyone who was swept up in a privacy breach was told about it.

The new figures were included in the federal government's answer to an order paper question filed by an MP. The  800-page response didn't offer an explanation for the errors, which range from minor issues to serious breaches involving sensitive personal information.

The Canada Revenue Agency (CRA) was guilty of the most breaches, with more than 3,005 separate incidents affecting close to 60,000 Canadians between Jan. 1, 2018 and Dec. 10, 2019 and the errors concerned included problms with misdirected mail, security incidents and employee misconduct. The Parliament statement says that two-thirds of the total individuals affected were as a result of three separate and unrealted incidents.

Health Canada responsible for 122 breaches, affecting 23,894 individuals. The the agency said in its "most serious" breach, a government employee mistakenly received an email containing personal information. That person immediately notified the appropriate officials at Health Canada and deleted the email, the report said.

Canada Broadcasting Corporation (CBC) was responsible for the third-highest number of casualties, with 17 breaches affecting 20,129 individuals, all of whem were employees. CBC reported one major that saw the theft of IT equipment containing confidential information as the most serious.

The Public Health Agency of Canada (PHAC) was responsible for seven breaches that affected 3,725 individuals; similarly, Environment was responsible for seven breaches, seeing 6,028 affected.

Public Services and Procurement experienced 164 breaches, with 5,149 affected; Employment and Social Development Canada suffered 1,421 breaches, affecting 3,586 individuals.

Department of National Defence (DND) was responsible for 170 breaches, with 2,273 individuals affected; Immigration saw 3,005 breaches, affecting 4,268 individuals; and affecting 5,130 individuals was the 59 breaches Canada Post was responsible for.

The report also quotes Canada's  Privacy Commissioner Daniel Therrien, saying the commissioner has been pushing for changes to the Privacy Act to make breach reporting mandatory, like it is elsewhere, such as Australia.  At presnet, federal departments only have to alert affected individuals in the event of 'material' breaches, cases involving sensitive personal information which might cause serious injury to an individual, or those affecting large numbers of people.

A History of Canadian Surveillance

The Canadian spay agency, the Communications Security Establishment (CSE) also has a history of abusing privacy. A national security measure to track patterns of suspicious activity, the Canadian metadata surveillance program was implemented in 2005 by secret decree. This included the illegal monitoring of free airport Wi-Fi services to gather the communications of all travellers using the service and their subsequent tracking.  

It was then suspended for a year in 2008, amid concerns that the program could amount to unwarranted surveillance of innocent Canadians. However, the program was renewed in 2011 via ministerial directive from then-Defence Minister Peter MacKay. The program was broadly approved by the CSE Commissioner at the time, although he number of Canadians affected by this surveillance is unknown.

CBC:        Parliamnt of Canada:       ZDNet:        Wikipedia:  

You Might Also Read: 

What is The Canadian Institute For Cybersecurity & Why Does It Matter?:

 

 

« Sustained Cyber Attacks Are The New Normal
Facebook Scams Offer Fake Money To Steal Personal Data »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Arcitura Education

Arcitura Education

Arcitura is a leading global provider of progressive, vendor-neutral IT training and certification programs.

Mobile Mentor

Mobile Mentor

Mobile Mentor is an independent provider of enterprise mobility solutions in New Zealand and Australia.

Software Factory

Software Factory

Software Factory develops custom-built high-performance software solutions and products for applications including industrial cyber security.

Norwegian Information Security laboratory (NISlab)

Norwegian Information Security laboratory (NISlab)

NISlab conducts international competitive research in information and cyber security and operates study programs in this area.

Haltdos

Haltdos

Haltdos is an AI driven website protection service that secures websites against today's cyber threats.

TCPWave

TCPWave

TCPWave IPAM is the world’s first acclaimed DNS/DHCP management software to pass the most stringent Information security tests.

Berwick Partners

Berwick Partners

Berwick Partners’ Cyber Security Practice is a leading recruiter of senior management positions in this field; we have an exceptional understanding of the constantly changing Cyber landscape.

Styra

Styra

Styra allows companies to secure cloud environments and applications, including those built on the popular Kubernetes open-source cloud platform.

Plug and Play Tech Center

Plug and Play Tech Center

Plug and Play is the ultimate innovation platform, bringing together the best startups and the world’s largest corporations.

FDD Center on Cyber and Technology Innovation (CCTI)

FDD Center on Cyber and Technology Innovation (CCTI)

The Foundation for Defense of Democracies is a nonprofit research institute focusing on foreign policy and national security. Ares of focus include cyber security and technology innovation.

Phished

Phished

Phished is an AI-driven platform that focuses on the human side of cybersecurity. By combining fully automated training software with personalised, realistic simulations of cyberattacks.

NewAE Technology

NewAE Technology

NewAE Technology is revolutionizing the hardware security market by making every engineer and designer aware of side-channel power analysis and glitching as important attack vectors.

Data Protection Commission (DPC)

Data Protection Commission (DPC)

The Data Protection Commission (DPC) is the national independent authority responsible for upholding the fundamental right of individuals in the EU to have their personal data protected.

Kiteworks

Kiteworks

Kiteworks (formerly Accellion) creates a dedicated Private Content Network that ensures zero-trust private content protection and compliance.

Centroid

Centroid

Centroid is a cloud services and technology company that provides Oracle enterprise workload consulting and managed services across Oracle, Azure, Amazon, Google, and private cloud.

Centric Consulting

Centric Consulting

Centric Consulting is an international management consulting firm with unmatched expertise in business transformation, AI strategy, cyber risk management, technology implementation and adoption.