The federal government says it's going to tighten its security after an external hard drive with personal information on 583,000 Canadians was either lost, stolen, dumped in the garbage or whatever.
All that's known for sure is the data contained sensitive information on student loans, such as names, dates of birth, social insurance numbers, addresses and other facts that could cause serious problems, such as identity theft, if it ended up in the wrong hands.
The fact the hard drive was missing was only discovered during an investigation into the loss of a USB key late last year. That device held information on some 5,000 Canadians.
The government's response was glacial. It took 23 days from the time the disappearance (theft?) was noticed on Nov. 5 until the security office was notified, and another nine days before the nature of the missing information was identified.
Eight days later, the privacy commissioner was notified, but another 24 days went by before the RCMP were told. The public was informed on Jan. 11, more than two months after the problem was discovered.
The government says portable hard drives will no longer be used and unapproved USB keys are not to be connected to the network. Risk assessments are being conducted and all employees will receive mandatory training on the handling of sensitive information.
Human Resources and Skills Development Canada, the department that lost the information, says the barn door has been closed, but it is disturbing that it was left open for so long.
Private information has always been vulnerable to neglect or misuse, but the advent of computer technology has greatly expanded the potential damage of unauthorized leaks because of the sheer volume of information that can be disseminated. In the days of paper files, it was a lot harder to lose 600,000 documents, unless they were old files that were dumped in the garbage, which is still occasionally a problem with companies that have old paper records.
Law societies and medical colleges have strict rules on the disposal of old records, but stories continue to pop up from time to time of sensitive files discovered in the garbage or recycling binds of law firms and doctors' offices.
After what happened in the Human Resources Department, it is worth reminding the private sector and governments at all levels of the need for heightened security.