UVic failed in privacy breach commissioner rules - Action News
Home WebMail Saturday, November 23, 2024, 09:57 AM | Calgary | -12.0°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
British Columbia

UVic failed in privacy breach commissioner rules

The University of Victoria failed in its legal obligation to protect the privacy of thousands of employees stored on a stolen computer memory card, B.C.'s privacy commissioner has ruled.

The University of Victoria failed in its legal obligation to protect the privacy of thousands of employees stored on a stolen computer memory card, B.C.'s privacy commissioner has ruled.

Information and Privacy Commissioner Elizabeth Denham said when the USB flash drive containing the names, social insurance numbers, and banking information of nearly12,000 current and former employees was stolen, the information on it was not even encrypted.

"Encryption is the minimum standard for devices like laptops and USB drives," Denham said in a statement issued on Thursday morning.

B.C.'s privacy commissioner is recommending UVic upgrade its security policies for laptops and mobile devices and reassess the security of key buildings. (CBC)

"What is very unfortunate is that this privacy breach was both foreseeable and preventable. Instead of a simple theft of a mobile device, the incident resulted in enormous costs and stress for those affected and for the University," said Denham.

"The university was aware of their obligation to safeguard sensitive personal information using a range of protective measures including readily available and widely used encryption solutions."

Thieves broke into the university's administration building on Jan. 7 and stolethe device holdingthe personal and banking information. It was never recovered.

"Since our investigation was launched, my office has heard from current and former university employees, who are deeply worried about their exposure to bank fraud, identity theft and other harms.

Denham said the university acted quickly and warned those who might be affected to change their bank accounts and alert credit bureaus to possible fraud, but she made several recommendations for UVic to tighten its security including:

  • Reviewing privacy and security policies every three years.
  • Re-assessing the physical security of campus buildings.
  • Developing acomprehensive policy and training program on laptop and mobile device security.