Software glitch at border services agency triggers data breach

In response to an Access to Information Act (ATIA) request, the Canada Border Services Agency (CBSA) in March 2007 released a 52-page document that included one page containing personal information belonging to other individuals.

Due to a software problem, the personal information appeared on the computer printout, even though it had been severed in the electronic version. The individual who had requested the information returned the page.

A similar software problem had been reported in our 2007-2008 Annual Report, and CBSA was aware of the Treasury Board Secretariat’s security policy alerts, issued in October 2007, with respect to vulnerabilities in the electronic release of information under ATIA and the Privacy Act. The agency had been working with the software vendor to try to address its information technology problems.

CBSA pledged to continue to work with the software vendor and review procedures to ensure that information severed pursuant to the ATIA or the Privacy Act is permanently removed. The agency also undertook to implement a manual quality assurance process of all information to be released under the two laws.

Date modified: