Privacy breaches are often caused by simple things that should be easy to avoid. Take, for instance, the Elections Ontario lost USB keys. The Ontario Privacy Commissioner’s recent news release points to “systemic failures“, and failure to build privacy into their routine information management practices. The details point to a series of simple failures, including failure to follow a policy that required encryption, a lack of understanding of front line staff of how to encrypt or what that meant, and a continuation of the same practices after the loss. The Commissioner recomended that Elections Ontario retain a third party privacy auditor to look at their policies and procedures, develop a staff training program, and create accountability through a Privacy Officer.
Privacy is something that we all have to take some ownership of. Lost or stolen media is a common problem. Take, for example, this excerpt from a recent neighbourhood watch report about several cars being broken into where stolenitems included “Oakley sunglasses, Maui Jim sunglasses, an ipod, gps, … various other items including a external hard drive with important business info on it.” It would seem to be an easy matter to just not leave anything visible in your car – and to never leave hard drives or other devices in a car even if they are hidden. But nobody thinks it will happen to them.