April 13, 2018 12:19 pm
Updated: April 13, 2018 4:52 pm

Stephen McNeil rejects N.S. Opposition’s call for minister’s resignation over data breach

WATCH: Nova Scotia Premier Stephen McNeil said Friday that Minister Patricia Arab acted “professionally” following a breach to the province’s freedom-of-information portal, and he still has full confidence in his minister. Steve Silva explains.


Nova Scotia’s Opposition Tories called Friday for the resignation of Internal Services minister Patricia Arab over a breach of the province’s freedom-of-information internet portal – a demand swiftly rejected by Premier Stephen McNeil.

Karla MacFarlane, the party’s interim leader, asked Arab in the legislature whether she would resign given her department had failed to ensure the protection of the public’s personal information.

Story continues below

“It wasn’t an elaborate hack that exposed this information,” said MacFarlane. “The minister chose to protect her government rather than Nova Scotians . . . will she resign today?”

Arab replied that she “serves at the pleasure of the premier.”

“Right now, my focus is on contacting the individuals who have been impacted by this breach,” she said.

READ MORE: N.S. opposition ‘strongly considering’ calling for minister’s resignation over information breach

McNeil said he had “all confidence” in Arab. It was a phrase he repeated again for reporters following question period.

“The minister has handled this very professionally,” he said. “Immediately upon being notified she put her department to work and we are now in a position where somebody has been in custody and we are now reaching out to those individuals whose information has been breached.”

When asked whether he thought the situation approached the threshold for a resignation McNeil simply replied, “No.”

Halifax police arrested a 19-year-old man on Wednesday, who faces the seldom laid charge of unauthorized use of a computer.

The government says about 7,000 documents were inappropriately accessed between March 3 and March 5, with about 250 containing highly sensitive personal information such as birth dates, social insurance numbers, addresses and government services’ client information.

The admission came nearly a week after the problem was first noticed by a provincial employee who entered a mistaken keystroke while doing research. The portal was shut down on April 5.

WATCH: Halifax police make arrest after Nova Scotia FOI website breached, personal information exposed

Arab said proper protocol was followed, but that was disputed by MacFarlane who noted the official protocol calls for the notification of those affected as soon as possible and as long as it doesn’t affect a police investigation. Halifax police have confirmed that they didn’t ask for a delay.

MacFarlane also said Arab’s department had ignored past warnings from the province’s auditor general that the government’s computer systems aren’t secure enough.

“Obviously they have not met the criteria that was needed to secure this site,” she said. “There is a lot of vulnerability and it is the minister’s responsibility.”

The government has said the documents were accessed through a “vulnerability in its system” and not through a hack. Officials said someone changed the URL and wrote a script of computer code that allowed them to sequentially access “every document available on the portal.”

In an interview Thursday, privacy lawyer David Fraser said if the same function used to access public documents can be used to get at confidential information then the current portal is the “wrong tool for the job.”

WATCH: Nova Scotia’s new FOIPOP website welcome but ‘systemic problems’ persist

He also questioned whether the incident was a security breach at all, saying the ease of accessing the private information raised questions about whether a security system was present, “in the first place.”

But McNeil said he doesn’t believe the door to the portal was wide open as suggested.

“Someone had to make changes to go get that information and steal it, and the reality of it is it (the portal) wasn’t strong enough. We are trying to get to the bottom of the case as to why that was . . . we know that portal needs to change.”

Meanwhile, Arab said her department is sending out registered letters to those who had the most vulnerability in terms of the information accessed. Another series of letters will be going out by the middle of next week she said.

The government still can’t say how many letters are going out.

It has already said it will offer to pay for third party credit checks where costs are involved.

© 2018 The Canadian Press

Report an error


Want to discuss? Please read our Commenting Policy first.