Content
Skip to Main ContentAccessibility Help
British Columbia

Government violated its privacy policy: watchdog

The B.C. government failed to follow its own guidelines and notify the public following a privacy breach last spring, according to David Loukidelis, the province's privacy commissioner.
CBC News ·

The B.C. government failed to follow its own guidelines and notify the public following a privacy breach last spring, according to David Loukidelis, the province's privacy commissioner.

In April, the RCMP found files on 1,400 social assistance clients in the home of a government worker, but it took the government seven months to notify those whose confidential files were involved.

Loukidelis's investigation is one of several taking place into the security breach that has already led to the firing of two civil servants, one of whom reportedly had a criminal record for credit card fraud and counterfeiting at the time he was hired.

'What happened here that nothing got done for seven months?' —Privacy commissioner David Loukidelis

The police told the government about the privacy breach, but no one told Loukidelis or the cabinet ministers responsible until late October, he said.

"A really key question is, why did it take so long for the higher-ups to find out about this and take action?" said Loukidelis.

Furthermore, no one told the people whose files were involved until November, even though the government has a written policy to notify the individuals affected by a privacy breach as soon as possible.

"I want to know why it is that the government's breach response plan didn't get triggered right away," said Loukidelis.  

The government's policy for privacy breaches, which is published on the commissioner's website, says individuals affected by a breach should be notified as soon as possible, told the date of the breach, given a description of the information disclosed, and told what to do to reduce the risk of further problems.

"Even if you've got a good plan in your policy binder, what happened here that nothing got done for seven months?" he said.

In addition to the privacy commissioners' investigation, the RCMP and government are also conducting their own investigations.

One investigation by the Public Service Agency will look at the actions of the employees involved and at the government's human resources policies.

Another probe, by the chief information officer, will look at how the privacy breach occurred and why it took the government so long to react.

CBC's Journalistic Standards and Practices|About CBC News
Corrections and clarifications|Submit a news tip|

Related Stories