OTTAWA – The federal privacy czar says a portable hard drive containing personal information on more than half a million people who took out student loans was left unsecured for extended periods and lacked password protection and encryption.
READ MORE: We need to bring privacy law into the 21st century: privacy watchdog
The report from interim privacy commissioner Chantal Bernier also says employees handling the device were not aware of the sensitivity of the information it contained.
MORE: HRSDC sends wrong letters to people affected by student loan privacy breach
Human Resources and Skills Development Canada acknowledged last year the drive held data on 583,000 Canada Student Loans Program borrowers from 2000 to 2006.
The missing files included student names, social insurance numbers, dates of birth, contact information and loan balances, as well as the personal contact information of 250 department employees.
READ MORE: Federal government faces third class-action lawsuit over privacy breach
Bernier’s report, tabled in Parliament, says a gap between policies and practices at the department – now known as Employment and Social Development Canada – led to weaknesses in information management, physical security controls and employee awareness.
She says information security cannot be assured by having policies on paper – they must be put into practice every day.
Comments