In her annual report to Parliament on the Privacy Act last week, the federal Privacy Commissioner expressed concerns about several issues. The Privacy Act deals with privacy issues for the Federal government.
Issues included the way surplus equipment and paper is disposed, and improper and unauthorized access to documents. Highlights from the press release include:
- Wireless audit: Of five federal entities examined, none had fully assessed the threats and risks inherent in wireless communications. Gaps in policies and/or practices resulted in weak password protection for smart phones and inadequate encryption for Wi-Fi networks and data stored on mobile devices. Shortcomings were also noted in the disposal of surplus handheld devices and the use of PIN-to-PIN messaging, a form of direct communication between two smart phones that is vulnerable to interception.
- Disposal audit: Satisfactory policies and procedural rules were in place for paper shredding and the disposal of surplus computer equipment among the federal institutions audited. There were, however, disturbing deficiencies in practice. For example, tests on a sample of computers donated to a recycling program for schools revealed that 90 percent of the donating institutions had not properly wiped their computers’ hard drives, leaving behind data that was confidential, highly sensitive and, in some cases, even classified.
- Unauthorized access to tax records: An OPC investigation confirmed that a former Canada Revenue Agency worker had posted to an Internet chat group some personal tax information of high-profile sports figures, which he appears to have gleaned while working at the agency. The investigation further found that other staff still with the agency had similarly accessed tax records without authorization. They were subsequently suspended or fired and new measures were introduced to safeguard the data
The press release is worth a read – both to see what the issues are – and to consider that the same issues could apply to any government or commercial enterprise – including our clients, and our law firms.