People need to be fired.
It took more than two months for a federal government agency to alert 32,000 farmers, including 7,000 Manitobans, that their private information was in unknown hands after a laptop was stolen.
The news comes on the heels of an annual report released this week by Canada’s privacy commissioner, which blasted the private sector for failing to protect personal information.
Although the theft happened March 30, Canadians weren’t sent letters until last week informing them their social insurance numbers, bank account numbers and other data had been stored on a laptop stolen from the Canadian Canola Growers Association (CCGA).
Start with the one who allowed sensitive files on a laptop, and finish with the ones who failed to notify producers.
h/t to reader Carl.
thanks for the hat tip…
Snarky little twerp, aren’t you Carl. 😉
Farmers… always complaining.
(added now)
It is totally inexcusable for *any* government department or agency to not have a laptop that contains sensitive information encrypted.
well Kate, as i was saying, i haven’t been to town for a couple days, so i haven’t been picking up my ‘cheques’…you know!
YAH, i made the “big time”, Thanks!
SOP for government agencies that screw up.
Information security in general is crap .. that applies for commercial enterprise as well as government.
I see failures like this to be reckless exposure of the public to criminal threats.
It would be nice if they could be prosecuted for this.
If you want to have your personal information disseminated for all to see just fill out a few government forms. It will be out in the open faster than if you posted it on UTube or Facebook.
I’m sure all that personal information is in the capable hands of Monsanto.
I can’t figure out why anyone would need this info on a laptop – it’s not like your going to visit 32,000 farmers that day.
The questions I would have are:
1) How many more laptops have that data (or similar data) on them? Why?
2) How many employees have access to that data (or similar data)? I would assume most laptops have DVD burners.
It really doesn’t matter how secure your front door is if you leave the back door unlocked.
Good news – GPS systems are the #1 item thieves will steal from your car.
IN this Country no one takes responsibility for their actions. It would be folly to think any Leadership would. They will find a scapegoat to pretend punishment, than promote them 2 years latter for taking the bullet. Trust me. I have worked in civic government for 24 years now. If they find a normal worker to blame like a labor, its instant job death for them. There not the elite or have protection. The Unions are cheek to cheek with the upper echelons of power.
IN this Country no one takes responsibility for their actions. It would be folly to think any Leadership would. They will find a scapegoat to pretend punishment, than promote them 2 years latter for taking the bullet. Trust me. I have worked in civic government for 24 years now. If they find a normal worker to blame like a labor, its instant job death for them. There not the elite or have protection. The Unions are cheek to cheek with the upper echelons of power.
sorry first post said I had an error, so i posted again . My appologies.
Is CCGA a government org.? It looks like they were doing something on behalf of a gov’t program which required the collection of this data. If not a gov’t org. then it appears the media coverage is not pointing this out and making it appear that the gov’t is reponsible.
Anybody who carries sensitive information on a laptop should encrypt the entire hard disk with TrueCrypt.
When you boot the machine, you enter a password. For the duration of your current session, that’s the only inconvenience; otherwise you use the machine as normal.
The upside is that if the machine is stolen the entire drive is encrypted with AES, which has yet to be cracked.
It works like a charm; it’s a five-year-old open source project currently on release 5.1, so it’s been widely and thoroughly tested.
If you travel with sensitive data, I highly recommend this.
Is CCGA a government org.? No it’s an umbrella association representing all of the provincial canola grower organizations in Canada on national and international issues that affect canola growers.
There is absolutely NO reason or excuse for one of their staff to be carrying around private data of members on an unsecured device.
Their behaviour is much like that of a government org. in the way they’ve responded to this screwup.
The msm will be all over this – they already have their pre written lines from their witch hunt in Mr. Bernier’s case – leaving files at his girlfriend’s house. Count on the msm to be screaming bloody murder about this much more serious outrage!! The msm are on the Puffin payola so the Dippers will be fair game I presume.
This kills me because it happens ALL the TIME, in all sorts of countries, corporate and government with all sorts of data.
I agree losing information of this nature should be subject to criminal negligence proceedings with damages presumed, with potential serious jail time and stiff fines. That would concentrate people’s minds.
I agree losing information of this nature should be subject to criminal negligence proceedings with damages presumed, with potential serious jail time and stiff fines. That would concentrate people’s minds.
I have a feeling you’ve never had a job in a large organization where you were actually responsible for protecting sensitive information. It is extremely hard to prevent data leakage completely short of using military techniques, and those render an organization largely ineffective.
If you have a mobile workforce or even just people who often work from home then sensitive data will be traveling over networks, left on home computers, PDAs, iPods, DVDs and laptops. That’s as true in the government as it is in private companies or hospitals, financial institutions or non-profits. They aren’t by nature paranoid spy organizations and people will bend rules regardless of what policies you try to put in place.
It’s true that laptop encryption would have been useful in this case. Try implementing it for a workforce of 1000 people or more and you’ll find a dozen people a week can’t work or have lost critical data because they’ve screwed up or forgotten their password. And a couple dozen others have the password written down and kept with the laptop, essentially rendering the encryption useless.
So yeah, go ahead and try jailing people. Good luck with that.
Kevin Jaeger – “I have a feeling you’ve never had a job in a large organization where you were actually responsible for protecting sensitive information. It is extremely hard to prevent data leakage completely short of using military techniques, and those render an organization largely ineffective.”
Give it a rest. The most protected stuff in any organization tends to be the kind of data that interests no one but the organization.
Clients confidential information is the one thing that must be protected. Again, what could anyone be doing that requires the SIN, banking info, name, address of 32,000 farmers on a laptop? SINs and banking account info doesn’t help anyone analyze anything legal. In even the most simplistic databases access on the fields can be limited.
I do believe that someone must be held accountable … a lot of folks don’t measure an organization “effectiveness” by its carelessness with client data.
Wonder what the employees would say if all their confidential data was toted around by an unknown number of other employees for effectiveness? … so what?
BTW: I have worked in a few large organizations … none of them seriously impacted by me not having SINs, banking information, etc on my laptop.