April 5, 2019 6:53 pm
Updated: April 6, 2019 12:33 am

VIU professor concerned over B.C. Pension Corp. delay in notification of privacy breach

WATCH: The move of the B.C. Pension Corporation office might have compromised the personal information of thousands of British Columbians, due to the loss of an outdated technology. Kylie Stanton reports.

A A

A Vancouver Island University history professor wants to know why it took two months for the B.C. Pension Corporation to tell him they’d lost his — and 8,000 other people’s — personal and financial information.

Stephen Davies said he got a letter in the mail this week, telling him a privacy breach was declared in January.

Global News has obtained a copy of the letter that was sent out to affected members. Dated March 29, 2019, the letter from the B.C. Pension Corporation says the breach was reported during a recent office move when an employee noticed a box of microfiche was missing.

“The microfiche contained the personal information of College Pension Plan members with service from 1982 to 1997. We immediately undertook an extensive search,” reads the letter.

“Regrettably, we were unable to locate the missing microfiche and, on January 28, 2019, declared a privacy breach.”

This letter was sent out to 8,000 affected members of the College Pension Plan.


Story continues below

The letter said information contained on the microfiche includes the full name, social insurance number, date of birth, pensionable service and salary information, and employer and employee contributions of those affected.

READ MORE: Companies will now have to tell Canadian consumers when their privacy is breached — and do it quickly

Davies said he wants to know why the letter was sent out at the end of March when the breach was declared in January.

“It took two months for me to get a letter from them. So in the meantime, I don’t know what’s happened to my information.”

B.C. Pension Corporation spokesperson Sherrie Sheffman said the data involved, dating from 1982 to 1997, was so old that it took two months to make sure they’d tracked all 8,000 people down.

“We had to pull back up copies of our previous systems in order to make sure we identified all members. The process was complex,” said Sheffman.

“But we were committed to taking the time to make sure that we were able to notify all members, per privacy best practices.”

READ MORE: Over 600,000 Canadians’ Facebook data shared with Cambridge Analytica in data leak

And although the breach was declared in January, there’s no word on when it actually might have happened.

“The employee reported that it was missing prior to us declaring the privacy breach, during our move, which took place prior to us declaring the privacy breach.”

Sheffman said the breach was reported sometime late last year during the office move. She said it’s “very possible” the microfiche was destroyed in the move, but it couldn’t be conclusively determined whether that’s what happened.

READ MORE: Canada’s privacy watchdog raises ‘serious’ concerns over Facebook data scandal

Sheffman said there’s little risk of identity theft for the affected members because the data was stored on microfiche.

“We consider this breach to be lower risk because of the microfiche format of the data. It’s very difficult to read without special equipment and very difficult to convert to a medium that could be used online.”

Davies disagreed.

“That’s actually laughable. Historians, we have microfiche readers in our offices. They’re still in the library. The technology is certainly out there, it’s really very basic.”

Global News was able to locate microfiche readers for sale online for as little as $42.

Sheffman said if affected members are concerned about identity theft, they should request a free credit report and keep an eye on their credit score for any suspicious activity.

 

© 2019 Global News, a division of Corus Entertainment Inc.

Report an error

Comments

Want to discuss? Please read our Commenting Policy first.