Personal information leaked from DFAIT database

In the spring of 2008, the media reported on the leak of personal information of a Canadian citizen being held in a foreign jail, prompting the government to apologize in Parliament for this violation of the Privacy Act.

Our investigation confirmed that the information in question had been held in the official consular record that is housed in the computer system of the Department of Foreign Affairs and International Trade (DFAIT).

Disturbingly, a total of 1,231 DFAIT employees had access to the files on this computer system, and the investigation could not determine which of them might have leaked the information to the media. There was no audit trail capability to show who accessed which records, or any mechanism to restrict access to particular files.

The complaint was determined to be well-founded.

As a result of our investigation, DFAIT agreed to:

  • prepare better guidance on the sharing of personal information between departmental and ministerial officials, along with better documentation of requests for information and responses to those requests, and
  • explore changes to its computer system to enable audit trails and restrict access to files.
Date modified: