UCP members 'at risk for identity theft' after laptop stolen, expert says - Action News
Home WebMail Saturday, November 23, 2024, 01:51 PM | Calgary | -11.9°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Calgary

UCP members 'at risk for identity theft' after laptop stolen, expert says

The United Conservative Party's privacy policies are being questioned after a party laptop was stolen out of an employee's car in a parkade.

Party says computer had addresses, names and phone numbers for tens of thousands of members

The United Conservative Party says no financial information was compromised when the laptop was stolen. (The Associated Press)

The United Conservative Party's privacy policies are being questioned after a party laptop was stolen out of an employee's car in a parkade.

The laptopcontains the names, addresses and contact information of 40,000 UCPmembers.

Experts say the language used in the memo to inform members was confusing and didn't answer important questions.

"This is clearly a matter that the party needs to improve their information protection practices," said Sharon Polsky, president of the Privacy and Access Council of Canada,adding the party will have to regain public trust.

"The only way of garnering and maintaining public trust is if you can genuinely assure people that you are properly taking care of their personal information."

Sharon Polsky is with the Privacy and Access Council of Canada. (Anis Heydari/CBC)

Polsky said in generalany organization needs to first look at all the information it's collecting.

"And not collect more information than they actually have need or reason to," she said. "The more you collect, the bigger the risk, because the more attractive a packof information it is."

Letter sent to members

The party informed members of the theftin an email Wednesday.

"The laptop in question did not contain any personal financial data," reads the letter in part. "Rest assured that we take the integrity of your financial information seriously and under no circumstances does the party store that kind of information."

Emily Laidlaw, anassociate law professor at the University of Calgary, saidthe party's email didn't give enough detail to members.

The law professor said it wasn't clear in reading the message what standards and protocols the party has in place.

UCP privacy policies

When asked what their policies surrounding protecting personal information of members is andif there was training, the party did not respond directly.

"Staff are informed about privacy requirements regarding membership data. This was unfortunately a criminal incident outside of staff's direct control," read the response. "That said, we are undertaking additional measures and protocols going forward following this experience."

They did not elaborate on what those additional measure and protocols would be.

Emily Laidlaw is an associate law professor at the University of Calgary. (Submitted by Emily Laidlaw)

Laidlaw said the fact that the laptop was left in a car at all speaks volumes about what those standards are.

"It is quite commonly advised that you should not be keeping any laptops in your car with sensitive information,"said Laidlaw, who specializes in privacy issues.

'At risk for identity theft'

Laidlawsaid it's lucky there was no financial information on the computer, but noted there is enough for concern.

"It certainly puts the individuals at risk for identity theft," she said.

"If whoever stole it actually gains access to this information,I mean, you could figure out who the people are, what their home addresses are. These are the people donating to the party and this is where they live."

Training key to prevention

Polsky said the key to preventing these things is training and education.

"They need to train people, and this isn't unique to us. It is commonplace," she said.

"There is remarkably little valid information and public awareness about how to properly protect information personal, health, political, corporate."

And according to Laidlaw, one-time training isn't sufficient.

"Not just at the beginning," she said.

"Followup with that training to ensure that everyone still recalls what the particular rules are, that they're aware of certain updates, that systems and practices are audited, so that we have a clear sense on the kind of A toZ about information security, where the vulnerabilities are and often those vulnerabilities are human."

The UCP said thatalthough they are not required to,they've informed the privacy commissioner of the incident and an additional 20,000 members whose information was not compromised.