August 17, 2019

Winnipeg
18° C, A few clouds

Full Forecast

U of M alerts volunteers of data breach

Health study participant angered research trashed after 'time and effort' put in  

A breach of personal health data collected by the University of Manitoba for a 2017 research study – once led by suspended professor Peter Jones – has enraged volunteer participants and raised questions about the university's information security standards.

About 420 participants in The Manitoba Personalized Lifestyle Research Program study, also called the TMPLR Study, received emailed letters on Wednesday from the U of M giving a brief overview of the data breach, apologizing to participants and informing them that the data they provided would simply be destroyed as it no longer has research value.

"The breach of privacy is disconcerting, definitely, but I think what upsets me more is that all the time and effort I put into completing the study was for nothing. I chose to participate mostly because I thought the long-term goals of the TMPLR program — to collect information that could provide valuable data for researchers and make an impact on the future medical treatment of Manitobans — were worthwhile," said one volunteer participant who asked for anonymity.

"To find out that all my data, and the data of probably hundreds of others, is now being trashed because of a foolish mistake is very upsetting."

Get the full story:

Already have an account? Log in here »

Keep reading free:

Already have an account? Log in here »

Subscribers Log in below to continue reading,
not a subscriber? Create an account to start a 30 day free trial.

Log in Create your account

Your free trial has come to an end.

We hope you have enjoyed your trial! To continue reading, we recommend our Read Now Pay Later membership. Simply add a form of payment and pay only 27¢ per article.

For unlimited access to the best local, national, and international news and much more, try an All Access Digital subscription:

Thank you for supporting the journalism that our community needs!

Your free trial has come to an end.

We hope you have enjoyed your trial! To continue reading, we recommend our Read Now Pay Later membership. Simply add a form of payment and pay only 27¢ per article.

For unlimited access to the best local, national, and international news and much more, try an All Access Digital subscription:

Thank you for supporting the journalism that our community needs!

We hope you have enjoyed your free trial!

To continue reading, select a plan below:

All Access Digital

Introductory pricing*

99¢

per month

  • Unlimited online reading and commenting
  • Daily newspaper replica e-Edition
  • News Break - our award-winning iOS app
  • Exclusive perks & discounts
Continue

Read Now Pay Later

Pay

27¢

per article

  • Commitment-free
  • Cancel anytime
  • Only pay for what you read
  • Refunds available
Continue

*Introductory pricing schedule for 12 month: $0.99/month plus tax for first 3 months, $5.99/month for months 4 - 6, $10.99/month for months 7 - 9, $13.99/month for months 10 - 12. Standard All Access Digital rate of $16.99/month begins after first year.

We hope you have enjoyed your free trial!

To continue reading, select a plan below:

Read Now Pay Later

Pay

27¢

per article

  • Commitment-free
  • Cancel anytime
  • Only pay for what you read
  • Refunds available
Continue

All Access Digital

Introductory pricing*

99¢

per month

  • Unlimited online reading and commenting
  • Daily newspaper replica e-Edition
  • News Break - our award-winning iOS app
  • Exclusive perks & discounts
Continue

Mon to Sat Delivery

Pay

$34.36

per month

  • Includes all benefits of All Access Digital
  • 6-day delivery of our award-winning newspaper
Continue

*Introductory pricing schedule for 12 month: $0.99/month plus tax for first 3 months, $5.99/month for months 4 - 6, $10.99/month for months 7 - 9, $13.99/month for months 10 - 12. Standard All Access Digital rate of $16.99/month begins after first year.

We hope you have enjoyed your free trial!

To continue reading, select a plan below:

All Access Digital

Introductory pricing*

99¢

per month

  • Unlimited online reading and commenting
  • Daily newspaper replica e-Edition
  • News Break - our award-winning iOS app
  • Exclusive perks & discounts
Continue

Read Now Pay Later

Pay

27¢

per article

  • Commitment-free
  • Cancel anytime
  • Only pay for what you read
  • Refunds available
Continue

*Introductory pricing schedule for 12 month: $0.99/month plus tax for first 3 months, $5.99/month for months 4 - 6, $10.99/month for months 7 - 9, $13.99/month for months 10 - 12. Standard All Access Digital rate of $16.99/month begins after first year.

We hope you have enjoyed your free trial!

To continue reading, select a plan below:

Read Now Pay Later

Pay

27¢

per article

  • Commitment-free
  • Cancel anytime
  • Only pay for what you read
  • Refunds available
Continue

All Access Digital

Introductory pricing*

99¢

per month

  • Unlimited online reading and commenting
  • Daily newspaper replica e-Edition
  • News Break - our award-winning iOS app
  • Exclusive perks & discounts
Continue

*Introductory pricing schedule for 12 month: $0.99/month plus tax for first 3 months, $5.99/month for months 4 - 6, $10.99/month for months 7 - 9, $13.99/month for months 10 - 12. Standard All Access Digital rate of $16.99/month begins after first year.

A breach of personal health data collected by the University of Manitoba for a 2017 research study – once led by suspended professor Peter Jones – has enraged volunteer participants and raised questions about the university's information security standards.

About 420 participants in The Manitoba Personalized Lifestyle Research Program study, also called the TMPLR Study, received emailed letters on Wednesday from the U of M giving a brief overview of the data breach, apologizing to participants and informing them that the data they provided would simply be destroyed as it no longer has research value.

The study was conducted in 2017 through the Richardson Centre for Functional Foods and Nutraceuticals.

BORIS MINKEVICH / WINNIPEG FREE PRESS FILES

The study was conducted in 2017 through the Richardson Centre for Functional Foods and Nutraceuticals.

"The breach of privacy is disconcerting, definitely, but I think what upsets me more is that all the time and effort I put into completing the study was for nothing. I chose to participate mostly because I thought the long-term goals of the TMPLR program — to collect information that could provide valuable data for researchers and make an impact on the future medical treatment of Manitobans — were worthwhile," said one volunteer participant who asked for anonymity.

"To find out that all my data, and the data of probably hundreds of others, is now being trashed because of a foolish mistake is very upsetting."

Jones, who led the study at its inception, was a star professor at the university who served as director of the Richardson Centre for Functional Foods and Nutraceuticals. He was suspended by the university in December 2018 after the Free Press published an investigation that detailed a litany of allegations of bullying and misconduct.

The breach occurred when data collected from "some participants was not handled, stored, or secured properly." This violates the university's research data management protocols and information security standards. Because the data breach also constituted a violation of the provincial Personal Health Information Act, it is now unusable.

"There's no reason to believe that any private information has been inappropriately accessed," said John Danakas, U of M executive director of public affairs. "The likelihood that personal information was accessed or viewed inappropriately is very, very low and there's no evidence of that."

However, the data was not encrypted, it was stored somewhere off U of M property in a place where unauthorized people could have accessed it and there was no contractual agreement with the third-party company storing the data, the letter stated.

The situation is also a breach of trust, the participant said, as some of the material provided to the researchers by the participants was extremely personal in nature.

"It’s not nice to think of strangers having access to information we were assured many times would be kept entirely secure, and entirely unconnected to our names," the participant said.

"It’s quite shocking to find out that a respected research institution has such shoddy PHIA compliance."

The study was conducted in 2017 through the Richardson Centre for Functional Foods and Nutraceuticals and involved myriad resources, months of data collection and involved a mobile unit with specialized equipment that travelled throughout the province to find volunteer participants and collect their health information.

Participants went through a pair of two-hour on-site sessions that included physical testing, and filled out the questionnaires about personal and family health history, completed food diaries and wore an activity monitor for a week to measure sleep patterns.

While the letter outlined that the U of M provides training sessions on PHIA, all researchers are required to sign a PHIA Pledge of Confidentiality and there are "policies and procedures in place relating to the collection, use, disclosure, storage and destruction of personal health information," the volunteer noted those protocols were lacking or ignored in relation to the TMPLR Study data.

"The university takes the protection of private information very seriously. If a breach is suspected, an investigation occurs, identifying the individual responsible for the breach and holding that individual accountable," Danakas said, noting any disciplinary action will be based on the severity of the breach and carried out under rules of any collective agreement.

The U of M notified the Manitoba Ombudsman of the PHIA breach on Jan. 15. People affected by the data breach can lodge a complaint with the ombudsman.

"The likelihood that your data was accessed or viewed inappropriately is very low. However, we understand that this situation may cause you concern and we sincerely apologize for that," the letter to participants stated.

ashley.prest@freepress.mb.ca

– With files from Ryan Thorpe

Ashley Prest

Ashley Prest
Reporter

Ashley works the general assignment beat.

Read full biography

History

Updated on Wednesday, March 6, 2019 at 9:02 PM CST: Full write through

You can comment on most stories on The Winnipeg Free Press website. You can also agree or disagree with other comments. All you need to do is be a Winnipeg Free Press print or digital subscriber to join the conversation and give your feedback.

Have Your Say

Have Your Say

Comments are open to The Winnipeg Free Press print or digital subscribers only. why?

Have Your Say

Comments are open to The Winnipeg Free Press Subscribers only. why?

By submitting your comment, you agree to abide by our Community Standards and Moderation Policy. These guidelines were revised effective February 27, 2019. Have a question about our comment forum? Check our frequently asked questions.