Federal Privacy Investigations Hold No Weight

 

Earlier I wrote about an incident with Human Resources and Skills Development Canada (HRSDC) in Chatham with regard to the employment of a person who was found by the Office of the Privacy Commissioner to have breached multiple people’s privacy while employed with HRSDC. This person was found to have gone into Canadian Pension Plan (CPP) files without cause or authorization. He was let go from his position and an assurance was given to the complainant that the measures taken would protect those involved in the long-term. Six months later, he is working at the Federal Economic Development Agency for Southern Ontario (FedDev) in Kitchener. When contacted, FedDev refused to give any form of assurance that this employee did not have the ability to access personal files, even once made aware of the previous investigation. People working for this department can access Service Canada records (such as CPP), Canada Revenue Agency records, etc by requesting this from those departments and supposedly with written consent from the file owners.

Since the lack of assurance was not an acceptable response the Lambton-Kent-Middlesex Member of Parliament (MP) was contacted in the hopes they could get assurance from the Federal Economic Development Agency. This was another dead end. When the MP’s office contacted FedDev, they were given the run-around. FedDev refused to discuss this situation and offered only assurance that citizens’ files are safe based on their procedures. HRSDC procedures are supposed keep citizens’ file safe as well.

How is it that when thousands of federal employees are being let go, they have a new hire who was found through a federal investigation to have breached privacy in a previous federal position? Are there no other people to fill the role? Or did HRSDC fail to put a note in this employee’s file stating that they did an investigation and it was found that he had breached privacy?

Surely, for the sake of Canadian citizens, HRSDC would put a note in the personnel file of someone who breached the Privacy Act. The Privacy Commissioner put it in writing, why wouldn’t HRSDC? According to the Privacy Act the Commissioner was to have sent a report of the findings to HRSDC, so there should be no question of whether or not the personnel file contains information on the breach.

During all of this, the employee had criminal charges pending including technology crime. My information about a background check, having come from local police saying charges show up, may be incorrect when it comes to the RCMP file used for professional background checks – which many only show convictions. According to the Information and Privacy Commissioner’s website the Canadian Police Information Centre does possess information on pending charges and whether or not this information is disclosed rests with the local police force providing the information to an organization. Most of the time, the police follow a standard and only inform potential employers of convictions, not pending charges. This employee has now plead guilty to one of the charges.

Information on pending charges not being given to an organization makes some sense as we are a nation where one is innocent until proven guilty. However, there is no law saying you cannot discriminate based on pending criminal charges. In fact, as a citizen, the idea that the government will employ someone charged leaves me a bit uncomfortable. There is no reason the government cannot request pending charges as part of their background check. In fact, it would make sense when the positions have access to extremely sensitive information.

It leaves one to question what they do when the person is convicted after being hired with pending charges. As citizens, we would expect the employee to be released from their employment but seeing as they are perfectly willing to employ someone who has been found to breach privacy (which is actually a crime) it does not seem beyond reason to think they may continue to employ someone who is convicted of violent and technological crimes.

Perhaps they only terminate employees who make the government or department look bad. If this is so, how many criminals does the Canadian Federal Government have working for them? (And no, I’m not referring to politicians and tax collectors.)

Related articles

• Privacy commissioner ‘deeply disturbed’ by Election Ontario’s handling of voter data (theglobeandmail.com)
• Canadian Federal Government Privacy Fail (rantingrhetoric.wordpress.com)

 

Canadian Federal Government Privacy Fail

 

As citizens we believe the Canadian government keeps our information private and safe. When you get right down to it, the government’s job is to protect its citizens. That is why our tax money is spent on CPP, EI, Social Assistance, National Defence, police forces, healthcare, etc. The government has files on you and your loved ones. It knows when and where you were born, where you’ve worked, how long you’ve worked, how much you’ve made, where you live, where you’ve lived, your various names, your social insurance number. You name it; it is probably in a file somewhere. In this technology age, that information is easily accessible and easily copied. And in this age of technology, the ability to keep our private information private is extremely important. It only takes a birthday, full name and address to steal an identity. Add on things such as your SIN number and it is a breeze.

There are safeguards that are supposed to be in place to protect you. Various privacy acts exist. Employees are made to sign that they will follow proper privacy protocols. They are given criminal background checks.

There have been a few incidents in the news over the last year or so. A prime example being: A woman taking information home and her boyfriend getting a hold of it. This ended up in the news, so we heard about it. How many other times does this sort of thing happen and we never hear? What does the government normally do to handle these situations?

Around this time last year, Human Resources and Skills Development Canada was in the process of investigating an alleged breach of privacy at its Chatham location in the Pension department. An employee there was said to have gone into a number of files without cause or authorization to gather information for his own use. HRSDC had not discovered this themselves but had to be informed of it by one of the people whose file was accessed. At the time of the investigation, the employee was also awaiting trial for technology-related offences such as mischief in relation to data and unauthorized use of a computer.  This person has since plead guilty to mischief and given 12 months probation with a conditional discharge, allowing him to gain employment in sensitive areas once his probation is completed. When he was initially employed he had no criminal record and so was able to pass the background check. They do not repeat the check to ensure their employees continue to have a good record. They trust their employees. Employees are expected to inform their employer if they are charged.

The Privacy Commissioner’s office was also informed of the privacy breach and was involved with the investigation. The investigation did not get wrapped up quickly. The HRSDC investigator went on vacation in the middle of it and it was not passed off to another investigator so it would continue to be investigated for the month she was away. The investigation involved them looking at the access records to determine if the employee did go in, what he did in the files, etc. It also involved, about half way through, a conversation with the employee in question. This is not initially a bad thing until you realize that the employee gets to stay in his job after that point. He gets to keep having access even after he is informed he is under investigation.

Eventually, months later, the investigation was completed. The person who reported the breach was given a letter by the Privacy Commissioner’s office stating that “the allegations were well-founded”. They say that the steps taken will ensure the safety of those affected for the long-term.

The people whose files are breached are not informed by HRSDC or the Privacy Commissioner that this breach has happened. The only person given any information is the person who told them it had happened. No letter is sent informing them that someone went into their files without authorization and was accessing employment history, SIN numbers, etc. All things that could very easily be used for identity theft. Apparently the Government didn’t feel the threat was great enough that these people needed to be informed of this.

The Government will not say what the measures taken were. They say telling what they did to remedy the situation would be a breach of the offender’s privacy.

He can breach multiple people’s privacy and the government won’t even tell those people how they’ve remedied the situation.

It was discovered that the employee no longer worked for HRSDC. This seemed like a good solution. He could no longer access files. It was expected that he would not be able to get another government job since he was (we assume) let go for breaching privacy. And let’s not forget he had criminal charges pending trial. That would make it impossible to pass an indepth criminal background check, a requirement for employment with the government.

Apparently not. In less than six months this employee has managed to get another Federal Government job. This time working for the Federal Economic Development Agency for Southern Ontario in Kitchener. My response to that is… WTF? A person can be found to have breached the privacy act, gets let go from their position and is able to get another government position? While awaiting trial for criminal offences? Including computer crimes? I am confused, outraged and disappointed. I trusted my government.

The Federal Economic Development Agency for Southern Ontario was contacted. They were sent the information about the previous investigation and were asked to give assurance that the employee did not have access to files that could contain personal or business information. Not an unreasonable act when they employ someone who was found to have breached privacy in his previous position with the Federal Government.

The Director General of Human Resources, Colleen Robinson, responded with a letter stating that due to the employee’s privacy she cannot say what the outcome of her review of the information was, but that they take privacy very seriously. She was not informed of the pending criminal charges as that seemed unnecessary since all that was desired was knowing that the information in their care is kept safe .

No one asked for any private information about the employee or anyone else. All that was requested was an assurance that the information that employees of that office can access is safe from unauthorized access by someone who has already been found to have breached the privacy act. This is not an outrageous request. As stated at the beginning, this is the government’s role. To protect its citizens. Someone who breaches privacy and has criminal charges against him should not be able to have free access to people’s private information.

This event makes one wonder: How many employees are breaching privacy but are not being reported? How many employees have been let go from one government department for privacy breach to be hired in another? And how can someone with seven criminal charges awaiting trial get a job that requires a criminal background check to ensure they can be trusted with your information?

Personally, I’m disgusted. I feel I cannot trust the Canadian Federal Government with my information and safety. In a world of identity theft how can our Government allow someone who breaches our privacy to continue to have access to their files?

And without the Economic Development Agency’s word that this person cannot access private files, how can we feel secure knowing someone like that is working for them?

Related articles

• Federal Privacy Investigations Hold No Weight (rantingrhetoric.wordpress.com)
• Privacy commissioner ‘deeply disturbed’ by Election Ontario’s handling of voter data (theglobeandmail.com)
• SA Health’s Medvet breached Privacy Act with sloppy software (zdnet.com)

 

Diversity or Conformity?

 

Canadian flag outside the Maritime Museum of the Atlantic on September 4th, 2004 at approximately 16:43:08 (AST) (Photo credit: Wikipedia)

Today’s blog was going to be examining an issue with how some police officers treat domestic violence incidents… but that has been derailed by the bumper sticker I saw this morning. Yes. A bumper sticker.

A Ford minivan had a Canadian flag on its back window. Nothing wrong with that. Not until you get close enough to read “Fit in or Fuck off”. I wasn’t quick enough on the trigger to snap a photo, nor can I find one on Google this morning.

Why does this upset me and warrant a blog post? Because, when you get right down to it, I am insulted. If the statement had not been places on a Canadian flag I may not have been as upset but as it stands, I’m disgusted.

Canada is a country of diversity. We have two national languages. We have schools that offer language classes in Ojibwe, Japanese, German, Spanish, Latin and, of course, English and French. There are private schools that are specifically Jewish or Muslim, on top of our “public” Catholic schools. Only 1/3 of our population increase is due to births, the rest is immigration. The 2006 Census showed that nearly the same number of people spoke a non-official language as spoke French. 520,380 people responded to the Census indicating they spoke neither English nor French.

In 2006, based on the Census responses, there were approximately 1.7 million people of Aboriginal origins, 2.2 million of East and Southeast Asian origins, 1 million Dutch and 10 million that identified as simply being Canadian.

According to the 2001 Census there were 10 million people of the Catholic religion, followed by 3.7 million people who have no religion affiliation. There were 411, 520 Muslims, 268,910 Jews (Yep. More Muslims than Jews), 253,735 Buddhists and 18, 925 Pagans.

In 2006 there were approximately 1.1 million single-mother households. 1.34 million common-law couples and 6.1 million married couples. In 2006, of all couples, 0.6% were same-sex couples. 9% of people in these relationships had children.

80% of the population lives in urban areas with only 20% of the population living in rural areas. The urban area with the largest population is Toronto.

6.5 million Canadians over the age of 15 possessed a high school diploma in 2006. 5.8 million possessed a University-level degree or diploma. 6 million did not possess a degree or diploma of any kind (which isn’t that bad since those who are 15 have not yet finished high school).

The median age for men is 40 years and for women 42 (I rounded). In 2006 there were 16.3 million men and 16.6 million women.

So, how does one fit in while being a Canadian? I suppose the easiest way is to be a 42 year old, Caucasian, married woman with a high school diploma who is a Catholic living in Toronto and speaks English.

What are the rest of us to do?

Related articles

• Oldlantic Canada and the aboriginal tsunami: What surprises to expect from census data on age and gender (news.nationalpost.com)
• Census data reveals under-40 population flight (blogs.windsorstar.com)