Canada Personal information belonging to 144,000 Canadians breached by federal departments and agencies

11:45  14 february  2020
11:45  14 february  2020 Source:   cbc.ca

Sen. Oh breached Senate ethics code repeatedly with expenses-paid China trip

  Sen. Oh breached Senate ethics code repeatedly with expenses-paid China trip The Senate's ethics officer says Conservative Sen. Victor Oh breached the upper house's ethics code four times when he accepted an all-expenses paid trip to China in 2017. Moreover, Pierre Legault says Oh withheld information and deliberately misled the investigation into the trip, raising questions about his integrity.At issue is a delegation Oh led on a visit to Beijing and Fujian province in April 2017; the delegation included Chinese-Canadian community leaders, as well as two fellow Conservative senators, Leo Housakos and Don Plett.

Departments and agencies . Enter a department name or abbreviation to find current Government of Canada departments , agencies , crown corporations and special operating agencies .

Departments and agencies in the core public administration are named in schedules I and IV of the Financial Administration Act. Population counts for the following separate agencies are not included because their employee information is not available in the Pay System

a close up of a computer keyboard: The estimate tabled in the House of Commons of the number of federal privacy breaches could fall short of the real number.© PabloLagarto/Shutterstock The estimate tabled in the House of Commons of the number of federal privacy breaches could fall short of the real number.

Federal departments or agencies have mishandled personal information belonging to 144,000 Canadians over the past two years, according to new figures tabled in the House of Commons — and not everyone who was swept up in a privacy breach was told about it.

The new figures were included in the federal government's answer to an order paper question filed by Conservative MP Dean Allison late last month. The nearly 800-page response didn't offer an explanation for the errors, which range in seriousness from minor hiccups to serious breaches involving sensitive personal information.

Feds spent $118K on event tickets in 6 months including $10K for Cirque du Soleil, Bryan Adams

  Feds spent $118K on event tickets in 6 months including $10K for Cirque du Soleil, Bryan Adams Global Affairs Canada spent more than $8,000 to take 'current and potential foreign investor' to Cirque du Soleil.That included nearly $10,000 on tickets to bring 35 foreign investors to see Cirque du Soleil in Toronto and for the Canadian ambassador to Serbia to bring guests to see Bryan Adams in concert there in November.

sensitive personal information of 4, 000 FBI agents after infiltrating three chapters of the FBI several federal law enforcement agencies , and is planning to package the information for sale. The information posted online included data belonging to 4, 000 FBI employees, Secret Service agents

Get contact information for U.S. federal government agencies that begin with the letter A. Find the website, email, phone numbers, addresses, and more. Federal government websites often end in .gov or .mil. Before sharing sensitive information , make sure you're on a federal government site.

"There's a significant problem with the way that the government protects personal information," said David Fraser, a privacy lawyer at McInnes Cooper in Halifax.

"The numbers that we're consistently seeing reported out of the federal government are higher than they should be and significantly higher in my view."

a close up of text on a white background© CBC News

The Canada Revenue Agency leads the pack in breaches, with more than 3,005 separate incidents affecting close to 60,000 Canadians between Jan. 1, 2018 and Dec. 10, 2019.

The department blames the breaches on misdirected mail, security incidents and employee misconduct.

"We consider a single privacy breach to be one too many," said CRA spokesperson Etienne Biram. "Two-thirds of the total individuals affected were as a result of three unfortunate but isolated incidents."

Officials try to head off Cornwall, Ont., coronavirus concerns

  Officials try to head off Cornwall, Ont., coronavirus concerns Federal and provincial public health officials spoke in Cornwall, Ont., on Monday in an attempt to quell any concerns about the use of a local facility as a quarantine zone.On Saturday, the Canadian government announced it had chartered a plane to bring home Canadians from the Diamond Princess cruise ship, which has been docked in Japan since Feb. 3 over concerns about COVID-19, the new coronavirus.

When you travel to Canada , bring official documents that state what vaccinations you and your family have already had. If you or your child hasn’t been vaccinated, call your doctor or local public health clinic right away. In Canada , your children need immunization or vaccination records to enrol in school.

This category includes departments , agencies , and crown corporations created by the government or Parliament of Canada by statute or regulation. It does not include the Governor General of Canada , the Parliament of Canada , or the federal courts of Canada (see Court system of Canada ).

In one of those cases, a protected hard drive containing personal information belonging to 11,780 individuals was inadvertently made accessible to some CRA employees in January 2019. There's no evidence that any of the exposed files were accessed by people who weren't entitled to see them, said Biram.

In another case, a CRA employee accessed accounts belonging to two individuals and briefly viewed information belonging to another 11,745 individuals.

"These individuals are not notified since the risk to them is deemed to be extremely low," Biram said.

Health Canada reported 122 breaches affecting close to 24,000 people over the same time period. Health Canada did not respond to CBC's request for more information.

More than 20,000 Canadian Broadcasting Corporation employees saw their information breached in 17 separate instances — the most serious involving the theft of computer equipment containing confidential information in May, 2018.

Federal government requests extension before tabling new assisted dying law

  Federal government requests extension before tabling new assisted dying law The federal government is asking for an extension on a looming court deadline requiring it to update the country's medical assistance in dying (MAID) law.Attorney General David Lametti filed a motion asking for a four-month extension of the Superior Court of Quebec's September 2019 Truchon ruling, which said the current law is too restrictive.

While mega- breaches of high-profile private companies provideheadline fodder, the federal access, configuration management, segregation of duties, contingency planning, and agency -wide security A server belonging to the auditing firm Deloitte was compromised by a cyber attack ongoing since A breach of the Kansas Department of Commerce exposing 5.5 million social security numbers;[REF]

Canadian police, military agencies (see Canadian Forces Intelligence Branch), and numerous other government departments may maintain their own Under the post–World War II Quadripartite (UKUSA) Agreement, intelligence information is shared between the intelligence agencies of these

A handful of departments holding confidential information, like Employment and Social Development Canada and Immigration, Refugees and Citizenship Canada, also saw more than 2,000 breaches.

Employment and Social Development Canada said some of its own information breaches involved lost or misdirected passports and birth certificates.

Even the keepers of Canada's official secrets aren't immune. The Canadian Security Intelligence Service, the Communications Security Establishment and the RCMP all reported missteps as well.

The Department of National Defence said most of its 170 breaches, which affected more than 2,000 people, were due to inappropriate access to, or use or disclosure of, personal information.

The numbers tabled in the House aren't precise, so the 144,000 figure could fall short of the real number.

Many departments reported they didn't know how many people were affected by individual information breaches, or how many were subsequently contacted and warned.

For example, the Correctional Service of Canada, which holds personal information on federal inmates, was responsible for more than 300 breaches — but didn't provide statistics on how many individuals were affected.

Watchdog wants federal court to declare Facebook broke privacy law

  Watchdog wants federal court to declare Facebook broke privacy law Canada’s privacy commissioner is escalating a battle with Facebook Inc. by asking a court to declare the social media network broke federal privacy law and by seeking to force the firm to implement new personal-data practices. The commissioner’s office said Thursday it had filed a notice of application in federal court seeking a declaration Facebook contravened the Personal Information Protection and Electronic Documents Act by, among other things, failing to obtain “meaningful consent” from users to provide their personal data to third-party apps.

IMM 5722 — Document checklist – Permanent residence – Federal and Quebec selected business class applicants – June 2019. IMM 5741 — Return of Processing Fee, Right of Permanent Residence Fee or Right of Landing Fee – September 2017.

The following list outlines the structure of the federal government of Canada . Cabinet-level departments , agencies , and other units are denoted in bold with the corresponding Minister listed

Figures likely higher

Fraser said the government's standards for protecting personal information and reporting breaches should be higher than those in private sector firms, which have to follow strict reporting rules under the Personal Information Protection and Electronic Documents Act.

"In the private sector, individuals can choose what businesses they do business with. If they don't like the privacy practices of a bank, they can go to another," he said.

"But we don't get to choose as citizens what governments we deal with, and governments are custodians of a significant amount of highly sensitive personal information."

A spokesperson for the Office of the Privacy Commissioner said it's still reviewing the order paper question, adding the office has highlighted gaps with the reporting system in the past.

"We have raised concerns about strong indications of systemic under-reporting of certain types of breaches across government," said Vito Pilieci in an email to CBC.

Privacy Commissioner Daniel Therrien has been pushing for changes to the Privacy Act to make breach reporting mandatory. As it stands, federal departments only have to alert affected individuals in the event of "material" breaches — cases involving sensitive personal information which reasonably could be expected to cause serious injury or harm to an individual, or ones affecting large numbers of people.

Police suspect woman involved in multiple identity scams

  Police suspect woman involved in multiple identity scams Police suspect woman involved in multiple identity scams A complaint that a Calgary woman had filed a loan application after stealing the identity of a local business owner led to a fraud investigation.

Services and information . My application. Apply for or extend a work permit, learn about International Experience Canada and being a caregiver, get your credentials recognized, and hire foreign workers.

State and federal government agencies had relatively few data breaches this year compared to private sector companies. Both the State Department and the White House said the attacks only affected The breach prompted several questions over the inadequate measures used by federal agencies to

Teresa Scassa, Canada Research Chair in Information Law and Policy at the University of Ottawa, said that while there's a risk involved in warning Canadians too often of information breaches, government departments can't always be trusted to come clean when they make mistakes.

"That is the classic conundrum. On the one hand, you don't want to get people so used to data breaches ... so that every time they get a notification they think, 'Whatever, doesn't matter.' You want people to pay attention when it's necessary to pay attention," she said.

"At the same time, you don't want the discretion being exercised on the side of avoiding embarrassment, so that internally the nature of the severity of the breaches is played down because an organization really just doesn't want to have to own up to the fact that they've had a significant data breach."

Victims have limited options

There's not much in the way of recourse available to victims. They can file complaints under the Privacy Act with the commissioner, who can investigate and make recommendations.

"But in terms of actual recourse that compensates an individual for whatever harm they might have suffered, or for any lost time, frustration, anxiety that they may have suffered ... that's not provided for in the legislation," said Scassa.

She said more people are turning to class-action lawsuits for financial satisfaction in these cases. In 2017, the government agreed to pay at least $17.5 million to settle a class action lawsuit filed after a major privacy breach involving about 583,000 student loan recipients.

Scassa said that while lawsuits can be the only option for information breach victims "frustrated with government," fighting those lawsuits in court ends up costing taxpayers money.

"The ideal is for the government to find and implement measures that substantially improve data protection within government without making it ... a financial money pit," she said.

All the departments that responded to CBC's requests for comment insisted that they take security seriously and offer their staff training to prevent breaches.

Cyberspies mistakenly eyed Canadian for five years, watchdog report says .
OTTAWA — The national cyberspying agency monitored a Canadian citizen, contrary to policy, for several years due to a series of internal mistakes, a newly released watchdog report says. The Ottawa-based Communications Security Establishment collects a wide array of foreign communications, including phone calls and emails, in search of information of interest to Canada. The CSE is forbidden by law from directing its activities against Canadians anywhere in the world and must try to protect their privacy when using or keeping intercepted information.

—   Share news in the SOC. Networks

Topical videos:

usr: 6
This is interesting!