Table of Contents Table of Contents
Previous Page  11 / 89 Next Page
Show Menu
Previous Page 11 / 89 Next Page
Page Background

Commissioner’s Message

mail or overly large envelope windows despite

years and years of similar episodes. Relatively

simple steps can and must be taken to curtail

these types of breaches. It is my hope that this

year’s annual report will serve as a reminder of

the need for greater vigilance.


The consequences of a data breach, however

unintentional, can be significant.

In one example, detailed in chapter four, the

Canada Revenue Agency (CRA) accidentally

delivered the personal information belonging

to more than 1,000 individuals and businesses

to a CBC journalist. The CBC subsequently

released a story in which it identified several of

the individuals affected by the breach.

Another case detailed an incident where Health

Canada sent letters to more than 41,000

people across Canada in envelopes that showed

the letters were from the Marihuana Medical

Access Program. The fact that an individual

is enrolled, or has an interest, in a program

that allows access to marihuana for medical

purposes is clearly very sensitive information

which should not be disclosed without explicit


In a further case, the names of individuals

requesting records under the

Access to

Information Act

related to a former Aboriginal

Affairs and Northern Development Minister’s

expenses were revealed to departmental

personnel who had no need to know such


Each of these three cases—along with

others featured in this report—called upon

institutions to further improve and follow

procedures to strengthen their protection of

personal information and get results needed to

maintain Canadians’ trust.


Our audit completed in 2014-2015 also called

upon many institutions to adopt or improve

procedures to safeguard personal information

held on portable storage devices. These

range from small hard drives to even smaller

devices—such as USB keys or memory sticks.

Their small size and portability, coupled with

their capacity to store large amounts of data,

make them a valuable tool. Unfortunately,

these same characteristics mean they can also

be easily lost or stolen.

Following a number of breaches involving

portable storage devices affecting thousands of

Canadians, our Office initiated a horizontal

audit of the management of these devices

within federal institutions during 2014.

Our audit, described in chapter five, found

that while progress has been made in

reducing the risk, there are opportunities for

improvement. I encourage all institutions to

examine our findings to seek ways to improve

their management of portable devices so they