Upwards of 700 former participants, volunteers and youth leaders of Camp fYrefly may have had their personal information compromised, according to the University of Alberta.
An internal investigation found a former employee with the for Sexual Minority Studies and Services (iSMSS) Camp fYrefly downloaded and shared personal information about some camp participants, volunteers, youth leaders and facilitators in violation of university policy, the U of A said in a media release on Thursday.
“We are deeply dismayed about this occurrence, and we recognize that this news will be troubling to many members of our Camp fYrefly community,” Steven Dew, provost and academic vice-president, said.
Camp fYrefly is a summer camp for lesbian, gay, trans-identified, two-spirited, intersexed, queer, questioning and allied youth. Earlier this year, a decision was made to consolidate the Edmonton leadership camp with the Calgary camp at a provincial retreat in Canmore this summer.
The U of A said the employee had access to electronic files containing the personal information, which is gathered when people apply for the camp. The U of A believes the employee downloaded the personal information of about 700 people onto a personal computer. The information was downloaded prior to and after the end of the employee’s employment in March 2018, the U of A said.
Dew said the reasons for the download were still unclear.
“I don’t want to speculate on the motivations here, but clearly the information was downloaded after their employment had ended, so they should have fully understood that that was contrary to our policies and inappropriate.”
Camp fYrefly participants who may have had their information compromised include:
· Adult volunteers between 2015-2017
· Campers between 2014-2017
· Facilitators between 2014-2017
· Youth leaders between 2015-2018
The university’s investigation also found the same employee previously shared four Camp fYrefly documents containing the personal information of approximately 200 people with members of a youth advisory group in February 2018.
The former employee is co-operating with the university, and has assured the institute that the information was not used or distributed, and all records have been deleted.
The university said it reported the incidents to the Office of the Information & Privacy Commissioner of Alberta and directly notified affected individuals where possible. It’s hoped that anyone else who may have been affected will reach out to the university.
Dew said the university’s next steps will be to look at current information security policies, and if they should be improved.
“That’s still something that we’re going to be doing some analysis around,” said Dew. “We’re relieved that we were able to very quickly realize the breach occurred and do effective analysis of it, but there’s no doubt that we’ll spend some time looking over our procedures and making sure they are as strong as they can be given the sensitivity of the information and how important this is to us to make sure that this information is protected appropriately.”
Anyone who has questions about whether their information was compromised can call 780-492-4400 between 8:30 a.m. and 5 p.m.
– With files from Morgan Smith, 630 CHED.