Cyber and data losses continue to raise major concerns among organizations. Beefing up security procedures should remain a top priority for organizations. However, no matter how stringent one’s procedures are, the weak link continues to be the human aspect within the process. Personnel failures in following security procedures can compromise even the best protocols and security systems. More companies and our own Canadian governmental departments are learning this lesson the hard way.
Human Resources and Skills Development Canada (HRSDC) has announced it is still looking for the missing hard drive that contains the personal data of 583,000 Canadians. Good luck with that! The announcement comes on the heels of class action suits being filed against them.
It’s somewhat alarming that the good people of HRSDC seem to believe that a hard drive got itself lost and can still be found. What is more alarming is the timeline of events that HRSDC has released:
Nov. 5, 2012: Employee discovers an external hard drive is missing.
Nov. 28: Departmental security officer is notified.
Dec. 6: Officials learn the personal information of more than 583,000 Canada Student Loans program clients are on the missing hard drive.
Dec. 14: The Office of the Privacy Commissioner is notified.
Jan. 7, 2013: The incident is referred to the RCMP.
Jan. 11: The public is informed of the incident, and all portable hard drives and unencrypted USB keys are banned at HRSDC.
This timeline spans over two months! In my mind it should have spanned November 5, 2012! All except for the ban on portable hard drives and USB keys which should have been in place years ago!
On January 25th HRSDC has said it will pay for six years of credit monitoring for the 583,000 Canadians whose files are missing. Unhappily, those files contained the personal information not only of the applicants but their parents as well! The true number of affected Canadians is probably closer to 2 million.
This unprecedented data breach is going to be costly — not just to the Canadian taxpayers who are on the hook for the credit checks, but to the 2 million Canadians who have to be vigilant and protect their identities for the rest of their lives.