OTTAWA – The federal privacy czar says a portable hard drive containing personal information on more than half a million people who took out student loans was left unsecured for extended periods and lacked password protection and encryption.
READ MORE: We need to bring privacy law into the 21st century: privacy watchdog
The report from interim privacy commissioner Chantal Bernier also says employees handling the device were not aware of the sensitivity of the information it contained.
Get daily National news
MORE: HRSDC sends wrong letters to people affected by student loan privacy breach
Human Resources and Skills Development Canada acknowledged last year the drive held data on 583,000 Canada Student Loans Program borrowers from 2000 to 2006.
The missing files included student names, social insurance numbers, dates of birth, contact information and loan balances, as well as the personal contact information of 250 department employees.
- Penticton residents displaced due to safety risk from compromised crane following fire
- Late spring start, dry conditions to blame for intense Edmonton allergy season
- Lightning sparks out-of-control Saskatchewan wildfire, community on evacuation alert
- Marigold fined $120K for injury on Valley Line West LRT construction site in 2023
READ MORE: Federal government faces third class-action lawsuit over privacy breach
Bernier’s report, tabled in Parliament, says a gap between policies and practices at the department – now known as Employment and Social Development Canada – led to weaknesses in information management, physical security controls and employee awareness.
She says information security cannot be assured by having policies on paper – they must be put into practice every day.
Reblogged this on Imarashed.