A break
and enter at one location of Accenture Business Services
for Utilities has resulted in the loss of thousands of payroll
records for employees of BC Hydro. The records included
names, employee identification numbers, salary and bank
account information. BC Hydro president Bob Elton advised
employees to contact their financial institutions to discuss
steps to safeguard against the misuse of the stolen information.
Hydro and Accenture notified their employees on March 24th,
the
same day that the government's chief information officer
issued an investigative
report on the loss of custody of 41 computer data tapes
containing personal and sensitive information.
On March
25th an article by Lindsay Kines in the Times Colonist
quoted Richard Neufeld, Minister responsible for BC Hydro,
as saying: "I'd rather not have it happen, but the
fact they broke into a business and stole some computer
information -- that could almost happen anywhere. You can't
control the thieves that want to do these kinds of things."
If that happened anywhere, you would probably hear about
it from time to time in the news media. Responsible organizations
don't have confidential personal information in a form that
can easily be stolen; their payroll files are encrypted.
Andy
Ross, President of the Canadian Office & Professional
Employees Union (COPE), Local 378, said: "We understand
BC Hydro and Accenture have contacted the Privacy Commissioner
about this security breach and this leads us to believe
there was something irregular about how the information
was stored."
The
10 recommendations included in the March 24th report from
the Chief Information Officer included the following:
"It
is recommended that government consider the feasibility
of encrypting government data on portable storage devices
(e.g., Blackberrys, laptops, etc.) and on backup storage
devices."
"It
is recommended that government issue policy that all computer
files containing personal information be stored on the
government network and not on "non-encrypted"
personal computing devices or data storage media (e.g.,
personal computer hard drives, laptops, PDAs, etc.)."
It is
a good guess that the Chief Information Officer would advise
Accenture not to store sensitive payroll information on
non-encrypted devices that can be stolen. In the days ahead
British Columbians will have an opportunity to see whether
the government accepts its responsibility and accountability
for the lapse in security by the private contractor. If
government could learn to treat your private information
the way it treats policy documents that should be public
but aren't, there would be fewer violations of privacy.
About
Me |
Mail Me | Links