Data breach reveals gaps in training for provincial staff, New Democrat MPP says

Data breach reveals gaps in training for provincial staff, New Democrat MPP says

The remedy to a pre-Christmas privacy breach that compromised the personal data of 45,000 people on provincial disability support payments shows there are “a lot of gaps in the system,” says New Democrat MPP Lisa Gretzky.

Her comment Tuesday came as Ontario’s information and privacy commissioner closed an investigation into the incident last Dec. 20 in which a spreadsheet with names, client identification numbers, and email addresses were mistakenly emailed to 103 of the disability payment recipients by a Ministry of Community and Social Services employee.

A new “comprehensive privacy training plan” is being developed for 1,600 staff who handle personal information at the ministry, along with a password access system for spreadsheets and encryption for any now being sent by email, the commissioner’s office said, calling the measures “satisfactory.”

A spokeswoman for new Community and Social Services Minister Todd Smith would not specify the expense of the changes in the wake of the breach, which was reported to the commissioner’s office on Dec. 24.

“The costs you’ve inquired about are minimal and well within the ministry’s operating budget,” Christine Wood said in an email. “The steps taken were within the scope of the regular allocated operating budget, and utilized existing resources.”

No home addresses or financial details of Ontario Disability Support Plan clients were revealed as a result of the error.

The breach of information from the ODSP could be the subject of a class-action lawsuit against the province, for which Toronto lawyer Ron Podolny of Rochon Genova LLP is now seeking certification.

“It’s working its way through the courts,” Podolny told the Star. “We’ve had inquiries from hundreds of people.”

Gretzky (Windsor West) said “there are still people out there who are very concerned about their personal data” revealed in the breach, which occurred when cabinet minister Lisa MacLeod was in charge of the portfolio. She apologized at the time, describing the problem as a “clerical error.” MacLeod was moved to the tourism ministry in a recent shuffle by Premier Doug Ford.

The New Democrat said she was shocked that the sensitive information was so easily emailed out in error.

“You would think all along they way they would have been training staff,” Gretzky said. “There should always be standard policies and procedures in place … so that something like this doesn’t happen again.”

The December email was sent to notify recipients of improvements to online information about ODSP’s “MyBenefits” portal. ODSP recipients later received letters notifying them of the privacy breach, and ministry staff contacted those who received the spreadsheet and asked them to confirm they had deleted the email that contained it.

Rob Ferguson is a Toronto-based reporter covering Ontario politics. Follow him on Twitter: @robferguson1

Source link