Nova Scotia set to replace system behind compromised FOIPOP website
Nova Scotia is set to replace a program behind a data breach that exposed personal information such as social insurance numbers, birth dates and personal addresses to the general public.
The Freedom of Information and Protection of Privacy Portal (FOIPOP) website, which was originally breached between March 3 and March 5, was taken down on April 5 when officials with the Department of Internal Services — which is responsible for the FOIPOP website — were first informed by a provincial employee that it was possible to inadvertently access documents through the portal.
More than 7,000 documents were inappropriately downloaded as a result of the breach, and 369 of the documents contained “highly sensitive” personal information such as social insurance numbers, birth dates and personal addresses.
While a portion of Nova Scotia’s FOIPOP system was brought back online on Sept. 5 — 152 days after being taken offline — it only included the ability to download previously completed FOI requests.
Requests, which are used by journalists, academics, businesses and activists to obtain government information that is normally withheld from the public, have needed to be filed the old-fashioned way — by pen, paper and snail mail.
But that will change in the coming months, as the province attempts to move on from a program known as AMANDA 7 which was used to administer applications on its still-disabled website.
WATCH: Police will not charge 19-year-old involved in Nova Scotia data breach, close investigation
The provincial government says it expects to issue a Request for Procurement (RFP) in the first quarter of 2019 for an AMANDA 7 replacement.
“In separating the public disclosure component from the original site, it became apparent that to restore functionality properly to the application, it would be better to replace it with a new system,” Brian Taylor said in a statement to Global News.
As Global News reported in May, internal emails between the government and Unisys, the company company tasked with maintaining the government’s online services, indicated that extensive changes were needed to fix the core code of AMANDA 7 and remove the possibility of another security breach.
Unisys currently has a one-year contract with the province to provide AMANDA 7 and Taylor says the company will be able to apply for the RFP when it becomes public.
Taylor says that the province is looking for a program that will manage the intake of requests online and the processing of requests by the staff.
The disclosure website will “likely” continue to remain separate.
© 2018 Global News, a division of Corus Entertainment Inc.