The Edmonton Humane Society issued an apology on Tuesday after it says the personal financial information of at least five participants in one of its programs was “accidentally posted on the organization’s corporate website for a short period of time.”
“A preliminary investigation has found that a software malfunction led to the unintentional disclosure that included addresses and other personal information, including proof of income,” the EHS said in a news release.
“The Edmonton Humane Society has notified the Alberta Office of the Information and Privacy Commissioner about an unintentional disclosure of personal information that occurred at the not-for-profit organization.”
The privacy breach occurred between October 2017 and February 2018, according to the non-profit organization. It said the information it accidentally disclosed belongs to people who signed up for its PALS (Prevent Another Litter Subsidy) program, which is aimed at helping low-income Edmontonians to get their pets spayed or neutered.
“EHS PALS clients are required to provide proof of income to be eligible for the financial subsidy, either in-person or online,” the organization said. “Individuals that uploaded their financial information online between October 2017 (and) February 2018 may have been impacted. That practice was halted on Feb. 28… until the new EHS website was launched and a secure process could be implemented.
“At no time was the information of EHS donors, customers, volunteers, employees or adoption clients ever jeopardized because those details are stored on a separate server that wasn’t affected by the software malfunction.”
Summer Bradko, the EHS’ board chair, said the incident constitutes a “serious violation of our clients’ privacy.”
“I want to personally apologize,” Bradko said. “We are also in the process of hiring an independent IT firm to review all of our systems and to ensure it never occurs again.”
The EHS said that while to date it is only aware of five people impacted by the privacy breach, it is currently contacting 389 clients whose data was stored on the affected server as a precaution.
The EHS said people who could potentially have been impacted will be contacted by mail courier via FedEx, “for security reasons.”
“To support those clients, EHS has set up a dedicated website and phone line to field questions,” the organization said. “EHS will also be providing these individuals with a free credit check and one-year of credit monitoring services.
“EHS regrets not informing the Privacy Commissioner and affected individuals sooner. Because the RCMP contacted EHS when the unintentional disclosure occurred in early February after receiving a call from an impacted client, there was a misunderstanding by senior leadership at the time that EHS had no further legal disclosure obligations.”
Bradko said the organization’s new interim CEO “realized the serious mistake had been made and immediately notified the EHS’ board of directors” last month.
Watch below: (from September 2018) The Edmonton Humane Society has confirmed that its CEO has resigned from her position. Sarah Kraus has the latest.
The EHS deals with animal welfare issues through a variety of programs, services and community engagement.