Privacy watchdog slams Yukon gov't for sharing personal employee records too widely

The territory's privacy watchdog has slammed the Yukon Government for widely disclosing the personal information of thousands of government and public sector employees, across multiple government departments.

In a report delivered to the Public Service Commission in October and released to the public on Tuesday, Diane McLeod-McKay, Yukon's information and privacy commissioner, also found the government failed to properly secure employee information. 

McLeod-McKay's investigation was triggered by a complaint filed by a government employee in November 2016. The employee expressed concern that too many employees were able to access the information of all government employees through the Public Service Commission's human resources records system.

The information includes names, contact information, marital and family status, as well as education, financial and employment history. It spans the course of an employee's career, from the start of employment to termination or retirement.

"Mismanagement of this information can cause significant breaches of privacy that can negatively impact large numbers of individuals," wrote McLeod-McKay in a statement.

"Individuals expect that it will be managed in accordance to their rights under Yukon's privacy laws."

17 Recommendations

McLeod-McKay found the government had the authority to collect the information, but was making it simultaneously available to 18 different human resource departments and public bodies across the government.

She determined only departments relevant to the specific employee should have access to that employee's information. In her report, she concludes that in most cases "direct consent from the employees concerned" is needed to share information beyond departments, and the government failed to hold itself to that standard.

McLeod-McKay also found the Public Service Commission didn't have the proper safeguards in place to protect the personal information it gathered from employees, and didn't clearly communicate to employees that the information gathered would be used in this way.

The commissioner issued 17 recommendations to the government, which range from immediately revoking access to a wide swathe of employees, hiring a third party expert to evaluate the corporate records system, and rewriting forms to clearly communicate the scope and purpose of its information gathering to its employees.

According to Tuesday's news release, the Public Service Commission has accepted the recommendations and has been working toward their implementation.

The government has until the end of April to either deliver a progress report or provide a timeframe for when the work will be completed.