Nova Scotia will launch a website that facilitates online requests under the province’s Freedom of Information and Protection of Privacy Act (FOIPOP) later this year.
If that sounds a bit familiar to Nova Scotians, it’s because the province announced a similar tool at the beginning of January 2017.
But on April 5, 2018, 651 days ago, the tool was yanked down after it was revealed that a data breach on the website had exposed 7,000 documents containing personal information such as social insurance numbers, personal addresses, child custody documents, medical information and proprietary business information.
The province stresses that the new website will allow Nova Scotians to “safely and securely” submit FOIPOP requests, which are used by journalists, academics, businesses and activists to obtain government information that is normally withheld from the public.
The province partially restored its online FOIPOP system on Sept. 5, 2019, allowing Nova Scotians to once again download previously completed FOI requests. However, since the website was pulled down FOIPOP, requests have had to be filed the old-fashioned way by pen, paper and snail mail.
The data breach of the original FOIPOP website was first detected by a worker at the Nova Scotia archives.
In an email sent on the evening of April 4, the employee attempted to re-enter a URL that linked to a released and redacted document he had previously accessed through the FOIPOP portal but mistyped the address.
“Rather than going to another redacted, released document, I ended up seeing an incoming FOIPOP request … It seems that rather than being inside the government system, which in itself is a bit of a shaky practice, the materials are out there, seemingly unprotected, on the web,” the employee said.
“This isn’t what should be happening. I think you need to do something about this.”
Provincial officials quickly jumped into action, scrambling through April 5 to find a solution.
One official wrote that the government should shut down the website “until we get a grip on things.”
With no immediate solution available, the government yanked down the website at 8:15 a.m.
It remained offline until it was partially restored 152 days later.
Reports from a pair oversight bodies would later take the departments that oversee Nova Scotia’s IT infrastructure to task after determining “poor overall project management” and a “serious failure of due diligence” helped cause the data breach.
The new system, developed by AINS Inc., was the successful bidder in a tender issued in May 2019.
Nova Scotia says the new system will go live sometime in the spring and will allow for applicants to pay for and receive documents.
Nearly 2,000 requests are filed annually in Nova Scotia.