Student loan data on half a million people left unsecured: watchdog

Chantal Bernier file
In this FILE photo, interim privacy commissioner Chantal Bernier (left) makes a statement during a press conference at the National Press Theatre in Ottawa, Ont., on Nov. 17, 2009. The Canadian Press/Sean Kilpatrick

OTTAWA – The federal privacy czar says a portable hard drive containing personal information on more than half a million people who took out student loans was left unsecured for extended periods and lacked password protection and encryption.

READ MORE: We need to bring privacy law into the 21st century: privacy watchdog

The report from interim privacy commissioner Chantal Bernier also says employees handling the device were not aware of the sensitivity of the information it contained.

MORE: HRSDC sends wrong letters to people affected by student loan privacy breach

Human Resources and Skills Development Canada acknowledged last year the drive held data on 583,000 Canada Student Loans Program borrowers from 2000 to 2006.

The missing files included student names, social insurance numbers, dates of birth, contact information and loan balances, as well as the personal contact information of 250 department employees.

Story continues below advertisement

READ MORE: Federal government faces third class-action lawsuit over privacy breach

Bernier’s report, tabled in Parliament, says a gap between policies and practices at the department – now known as Employment and Social Development Canada – led to weaknesses in information management, physical security controls and employee awareness.

She says information security cannot be assured by having policies on paper – they must be put into practice every day.