The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Tuesday, December 07, 2004
The Ontario government has released an apology and an account for what happened in the most recent breach of privacy that involved 27,000 government benefits recipients:
Update On Disclosure Of Personal Information :Government Apologizes And Takes Immediate Steps To Correct Computer Error
TORONTO, Dec. 6 /CNW/ - On behalf of the Ontario government, Gerry Phillips, Chair of Management Board of Cabinet, today repeated his apology to recipients of cheques from the Ontario Child Care Supplement for Working Families Program whose privacy was breached last week. The breach, which affects approximately 27,000 people, resulted from an error that caused the stub portion of the cheques to include the name, address and an identifier that includes the SIN number of another client.
Phillips has stressed that the Ontario government will take every action possible to help prevent the recurrence of such incidents in the future.
This disclosure of personal information about another recipient was caused by a cheque-printing error that occurred during the implementation of a computer software upgrade. These cheques were dated November 30, 2004, and were part of a run of approximately 27,000. The approximately 86,000 people who receive payments by direct bank deposit were not affected.
While there were many people affected, the personal information of any single recipient is only included on one other cheque stub.
Measures Taken
--------------
Once ministry staff learned of the nature and scope of the problem on the evening of December 2, government cheque production and distribution were stopped.
On December 3, the government informed the Information and Privacy Commissioner and all MPPs of the breach. Government officials worked with the Information and Privacy Commissioner and others to determine the most appropriate way to assist the affected individuals.
On the weekend, letters of apology were prepared for all Ontario Child Care Supplement clients affected by this breach. At 7 a.m. today, the letters were given to Canada Post for delivery.
Based on advice from the Information and Privacy Commissioner, the government has asked people affected by this to destroy any personal information they received which does not belong to them. As a precautionary measure, the government has recommended that cheque recipients monitor and verify all bank accounts, credit card and other financial transaction statements for any suspicious activity.
Government officials have identified the problem, fixed and tested its computer cheque systems, and been assured that these systems will operate properly.
Officials have also taken steps to ensure that no problems have arisen in other computer cheque systems. These systems are operating correctly, cheque processing has resumed, and no backlog is expected.
The government has implemented additional quality assurance measures and will continue to update appropriate technical and procedural measures to ensure the highest standards for safeguarding personal information.
The government welcomes and will cooperate fully with the Information and Privacy Commissioner during any investigation into this matter.
In addition to seeking the Commissioner's advice, the government is conducting an internal audit into this breach to determine precisely what happened and why.
The government sincerely regrets the breach of privacy."
Labels: cardsystems, information breaches, ontario
The Canadian Privacy Law Blog is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.