VIU professor concerned over B.C. Pension Corp. delay in notification of privacy breach
A Vancouver Island University history professor wants to know why it took two months for the B.C. Pension Corporation to tell him they’d lost his — and 8,000 other people’s — personal and financial information.
Stephen Davies said he got a letter in the mail this week, telling him a privacy breach was declared in January.
Global News has obtained a copy of the letter that was sent out to affected members. Dated March 29, 2019, the letter from the B.C. Pension Corporation says the breach was reported during a recent office move when an employee noticed a box of microfiche was missing.
“The microfiche contained the personal information of College Pension Plan members with service from 1982 to 1997. We immediately undertook an extensive search,” reads the letter.
“Regrettably, we were unable to locate the missing microfiche and, on January 28, 2019, declared a privacy breach.”
The letter said information contained on the microfiche includes the full name, social insurance number, date of birth, pensionable service and salary information, and employer and employee contributions of those affected.
Davies said he wants to know why the letter was sent out at the end of March when the breach was declared in January.
“It took two months for me to get a letter from them. So in the meantime, I don’t know what’s happened to my information.”
B.C. Pension Corporation spokesperson Sherrie Sheffman said the data involved, dating from 1982 to 1997, was so old that it took two months to make sure they’d tracked all 8,000 people down.
“We had to pull back up copies of our previous systems in order to make sure we identified all members. The process was complex,” said Sheffman.
“But we were committed to taking the time to make sure that we were able to notify all members, per privacy best practices.”
And although the breach was declared in January, there’s no word on when it actually might have happened.
“The employee reported that it was missing prior to us declaring the privacy breach, during our move, which took place prior to us declaring the privacy breach.”
Sheffman said the breach was reported sometime late last year during the office move. She said it’s “very possible” the microfiche was destroyed in the move, but it couldn’t be conclusively determined whether that’s what happened.
Sheffman said there’s little risk of identity theft for the affected members because the data was stored on microfiche.
“We consider this breach to be lower risk because of the microfiche format of the data. It’s very difficult to read without special equipment and very difficult to convert to a medium that could be used online.”
“That’s actually laughable. Historians, we have microfiche readers in our offices. They’re still in the library. The technology is certainly out there, it’s really very basic.”
Global News was able to locate microfiche readers for sale online for as little as $42.
Sheffman said if affected members are concerned about identity theft, they should request a free credit report and keep an eye on their credit score for any suspicious activity.
© 2019 Global News, a division of Corus Entertainment Inc.