An online platform that facilitates online requests under Nova Scotia’s Freedom of Information and Protection of Privacy Act (FOIPOP) is still in the works, the province confirmed to Global News this week.
“We still anticipate having the new system go live this year,” said Krista Higdon, in an email.
The province once had a similar system in place but it was pulled after it was revealed that a data breach on the website had exposed 7,000 documents containing personal information such as social insurance numbers, personal addresses, child custody documents, medical information and proprietary business information.
Friday marks the 800th day since the online platform was taken down.
The new site is supposed to allow Nova Scotians to “safely and securely” submit requests under the province’s access to information act.
Those requests are a useful tool for journalists and are routinely employed by academics, businesses and activists to obtain government information that is normally withheld from the public.
The province partially restored its online FOIPOP system on Sept. 5, 2019, allowing Nova Scotians to once again download previously completed FOI requests.
However, since the website was pulled down FOIPOP, requests have had to be filed the old-fashioned way by pen, paper and Canada Post mail.
In a statement, Nova Scotia’s privacy commissioner said there is no requirement under the province’s access to information law to provide an “electronic avenue” to submit requests.
“We do encourage the use of technology that makes access to information easier but only if it properly protects the personal information it contains pursuant to the rules under the Freedom of Information and Protection of Privacy Act,” said Tricia Ralph.
The data breach of the original FOIPOP website was first detected by a worker at the Nova Scotia archives.
In an email sent on the evening of April 4, 2018, the employee attempted to re-enter a URL that linked to a released and redacted document he had previously accessed through the FOIPOP portal but mistyped the address.
“Rather than going to another redacted, released document, I ended up seeing an incoming FOIPOP request … It seems that rather than being inside the government system, which in itself is a bit of a shaky practice, the materials are out there, seemingly unprotected, on the web,” the employee said.
Provincial officials quickly jumped into action, scrambling through April 5 to find a solution.
One official wrote that the government should shut down the website “until we get a grip on things.”
With no immediate solution available, the government yanked down the website at 8:15 a.m. and it remained offline until it was partially restored 152 days later.
Reports from a pair of oversight bodies would later take the departments that oversee Nova Scotia’s IT infrastructure to task after determining “poor overall project management” and a “serious failure of due diligence” helped cause the data breach.
The new website, developed by AINS Imc., was meant to go live this spring, but a date on when it will be up and running has not been provided by the provincial government.
The province said that COVID-19 has affected their ability to bring the website online.
Nearly 2,000 requests are filed annually in Nova Scotia.