#CyberFLASH: Privacy commissioner to investigate data breach of public servants’ personal info

hi-istock-computers-852Canada’s privacy commissioner is launching a formal investigation into one of two data breaches linked to the federal government’s troubled computerized payroll program, called Phoenix.

The decision comes as new details are made public about the scope of both incidents involving sensitive information belonging to federal government employees.

The commissioner will probe the second breach, which took place earlier this year, and involved managers having access to information belonging to employees who did not work for them.

The number of employees who had their data exposed during this incident is not known.

“The information that could be seen included an employee’s name and personal record identifier (PRI) — the employee number assigned under the federal government’s human resources management system,” said Valerie Lawton, a spokesperson for the privacy commissioner’s office. “According to PSPC [Public Services and Procurement Canada], no other personal information could be viewed.”

In an email to CBC News, Lawton said news coverage of the breach led to a number of complaints, which prompted the commissioner to investigate.

The first breach involves highly sensitive data for 10,000 public servants that was “inadvertently transmitted” to the private contractor building the federal government’s Phoenix payroll system, according to the department responsible for the troubled program.

That incident happened sometime between March and July of 2015, when Phoenix was in the testing phase, and the department was not aware of the transfer of personal data until IBM alerted the government.

“The contractor alerted PSPC of the breach in June of 2015 and subsequently removed all of the sensitive data from its database,” Lawton said.

Read more here

#CyberFLASH: Government knew of Phoenix privacy breach issue more than a year ago

national-capital-commission-ceo-marie-lemay-announces-detaIn an open letter to public servants posted online Thursday afternoon, Public Services and Procurement Canada deputy minister Marie Lemay said that in both instances, “There was no evidence that employee personal information ever left the hands of federal employees or government contractors.”

The first privacy breach issues surfaced between March and July 2015. The latest, as widely reported earlier this week, occurred between February and April of this year.

Lemay said the privacy breach situations arose during the testing and early implementation of Phoenix, and that “system adjustments and fixes were quickly implemented to prevent further breaches.”

The open letter was published in the wake of media reports outlining the latest privacy breach, in which personal information of all 300,000 civil servants enrolled in the Phoenix pay system could be accessed by as many as 70,000 federal employees.

“I understand that employees may be concerned about this, and I want to assure you that we take the safeguarding of employee personal information very seriously,” Lemay wrote, saying the government followed a “systematic approach … to assess and address causes and consequences.”

According to a CBC News report, documents released this week show officials were warned as early as Jan. 18 of the flaw that allowed the privacy breach.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.