UVic had policies in place to secure confidential data

Greater Victoria employers using data breach as a learning opportunity

Stolen information affecting the bank accounts of thousands of people would never have ended up in the hands of thieves if an existing policy was followed at the University of Victoria.

Before assigning blame, the school wants to wait for two reviews looking into whether an employee failed to follow policy by backing up confidential employee information to a device stolen 10 days ago.

According to UVic’s Information Security Policy, data such as social insurance numbers and financial information must be stored within a controlled-access system with the file being password protected or encrypted. The device must also be locked away.

The university has said the information on the stolen device was not encrypted or password protected, though it was locked up.

Regardless, UVic’s vice-president of finance and operations says she’s waiting on the reviews before determining if policy was breached.

“I think what we’re going to be looking at is: what’s in the policy? What are the specific procedures? And to what extent did this fit in with what was in that policy?” said Gayle Gorrill.

Employees at the university receive periodic training on how to properly handle private information, she added.

In 2009, more than 400 employees that have access to secure information went through a three-hour session on information security and privacy.

“We’ll be re-looking at this and asking, ‘do we need to do a refresher?’ I expect we will,” Gorrill said.

Ryan Berger, an executive in the Canadian Bar Association’s freedom of information and privacy subsection, says he anticipates UVic isn’t the only employer reviewing its security policies.

“When you see significant breaches that affect so many people, and it’s a well known public institution, it will raise the privacy profile and the importance of encrypting sensitive information and ensuring that organizations are appropriately protecting privacy,” said Berger, a partner with the Vancouver law firm Bull, Housser & Tupper.

That’s exactly what’s happening at the Vancouver Island Health Authority, which has nearly 18,000 employees and almost 2,000 physicians on its payroll.

“We’re really using this unfortunate situation as an opportunity for learning,” said Cathy Yaskow, director of information access and privacy.

Yaskow, whose department focuses much of its work on the protection of confidential patient information, said VIHA’s current system to protect its employees is secure and thorough.

“The majority of our information, including employee and banking information, is stored (in an encrypted network),” she said.

Any data that is saved to an external device is fully encrypted and stored in a locked safe, she said.

Camosun College, with slightly more than 1,000 employees, is also taking heed of the UVic breach.

“We have a database where this (similar type of) information is and it’s encrypted. We are not feeling like we’re in jeopardy,” said Denis Powers, executive director of human resources.

“We have not stored anybody’s personal, confidential information on devices or in modems that could be easily stolen.”

Unlike at UVic, there doesn’t exist any unencrypted (or encrypted, for that matter) file at Camosun that contains employee banking information and social insurance numbers.

Each individual piece of confidential information at Camosun is encrypted and stored separately on large, internal servers, Powers said.

Saanich police are continuing an investigation into a fraud, which stems from a break-in and theft at UVic on either Jan. 7 or 8.

The university is also conducting internal and external reviews into its policies. Additionally, the Office of the Information and Privacy Commissioner is looking into the release of information.

kslavin@saanichnews.com

Just Posted

PHOTOS: City of Colwood hosts a ‘heartwarming start’ to the holidays

Colwood Christmas Light Up Celebration sees surge in attendance

Trauma sufferers support group takes shape on West Shore

Aaron’s Society open to more peer support groups with certified trauma practitioners

Mental health call temporarily shuts down Trans Canada Highway in View Royal

West Shore RCMP cite 14 percent increase in calls concerning mental health in 2019

B.C. Transit saves $300,000, scores 28 used fareboxes idle in California

‘Someone joked maybe we can buy used fareboxes on eBay,’ CEO says

Tenants above Wellburns uncertain after ‘nightmare’ sewage flood ousts them indefinitely

Tenants evacuated after sewage flooded basement of century-old building

VIDEO: John Lennon’s iconic Rolls Royce rolls into Camosun College for checkup

Royal BC Museum, Camosun College and Coachwerks Restorations come together to care for car

POLL: Will you be donating to charities over the holiday season?

Many here in Victoria joined others around the world to take part… Continue reading

Greater Victoria Crime Stoppers wanted list for the week of Dec. 3

Greater Victoria Crime Stoppers is seeking the public’s help in locating the… Continue reading

VIDEO: Rockslide closes part of Highway 93 in Fairmont Hot Springs

Geotechnical team called in to do an assessment after rocks fell from hoodoos

Petition calls for appeal of ex-Burns Lake mayor’s sentence for sex assault

Prosecution service says Luke Strimbold’s case is under review

Northwest B.C. wildlife shelter rescues particularly tiny bear cub

Shelter co-founder says the cub weighs less than a third of what it should at this time of year

BC firefighters to help battle Australian bushfires

Canada sent 22 people, including 7 from B.C.

B.C. NDP touts the end of MSP premiums

Horgan, James held news conference to reiterate that people will get their last bill this month

Oscar Hickes: Longest running hockey tournament on Vancouver Island cancelled

Patrick Murray, one of the organizers for the tournament, broke the sad news on social media.

Most Read