UVic had policies in place to secure confidential data

Greater Victoria employers using data breach as a learning opportunity

Stolen information affecting the bank accounts of thousands of people would never have ended up in the hands of thieves if an existing policy was followed at the University of Victoria.

Before assigning blame, the school wants to wait for two reviews looking into whether an employee failed to follow policy by backing up confidential employee information to a device stolen 10 days ago.

According to UVic’s Information Security Policy, data such as social insurance numbers and financial information must be stored within a controlled-access system with the file being password protected or encrypted. The device must also be locked away.

The university has said the information on the stolen device was not encrypted or password protected, though it was locked up.

Regardless, UVic’s vice-president of finance and operations says she’s waiting on the reviews before determining if policy was breached.

“I think what we’re going to be looking at is: what’s in the policy? What are the specific procedures? And to what extent did this fit in with what was in that policy?” said Gayle Gorrill.

Employees at the university receive periodic training on how to properly handle private information, she added.

In 2009, more than 400 employees that have access to secure information went through a three-hour session on information security and privacy.

“We’ll be re-looking at this and asking, ‘do we need to do a refresher?’ I expect we will,” Gorrill said.

Ryan Berger, an executive in the Canadian Bar Association’s freedom of information and privacy subsection, says he anticipates UVic isn’t the only employer reviewing its security policies.

“When you see significant breaches that affect so many people, and it’s a well known public institution, it will raise the privacy profile and the importance of encrypting sensitive information and ensuring that organizations are appropriately protecting privacy,” said Berger, a partner with the Vancouver law firm Bull, Housser & Tupper.

That’s exactly what’s happening at the Vancouver Island Health Authority, which has nearly 18,000 employees and almost 2,000 physicians on its payroll.

“We’re really using this unfortunate situation as an opportunity for learning,” said Cathy Yaskow, director of information access and privacy.

Yaskow, whose department focuses much of its work on the protection of confidential patient information, said VIHA’s current system to protect its employees is secure and thorough.

“The majority of our information, including employee and banking information, is stored (in an encrypted network),” she said.

Any data that is saved to an external device is fully encrypted and stored in a locked safe, she said.

Camosun College, with slightly more than 1,000 employees, is also taking heed of the UVic breach.

“We have a database where this (similar type of) information is and it’s encrypted. We are not feeling like we’re in jeopardy,” said Denis Powers, executive director of human resources.

“We have not stored anybody’s personal, confidential information on devices or in modems that could be easily stolen.”

Unlike at UVic, there doesn’t exist any unencrypted (or encrypted, for that matter) file at Camosun that contains employee banking information and social insurance numbers.

Each individual piece of confidential information at Camosun is encrypted and stored separately on large, internal servers, Powers said.

Saanich police are continuing an investigation into a fraud, which stems from a break-in and theft at UVic on either Jan. 7 or 8.

The university is also conducting internal and external reviews into its policies. Additionally, the Office of the Information and Privacy Commissioner is looking into the release of information.


Just Posted

No charges for three West Shore RCMP officers after woman’s jaw broken while in custody

After IIO investigation, B.C. Prosecution Service determined case did not meet its charge standard

Giants draw first blood in WHL playoff series vs. Victoria

Home ice advantage non-existent for Royals against arch-rival Vancouver

All-female taxi service eyed for the West Shore

The goal is to help women feel comfortable

Elizabeth May arrested at Kinder Morgan protest

Randall Garrison, MP for Esquimalt-Saanich-Sooke, speaks out against pipeline

New Galloping Goose overpass at McKenzie could open next week

Drivers reminded to watch the road in McKenzie construction zone

Vancouver Island’s Best Videos of the Week

A look at some of the best video stories from the past week ending March 23, 2018

Canucks sing the Blues as they fall to St. Louis 4-1

Berglund nets two, including the game-winner, to lift St. Louis over Vancouver

Calving season brings hope for Cariboo ranchers

Still a lot of work ahead to recover from the wildfires

Canada’s Kaetlyn Osmond wins figure skating world title

The 22-year-old fwon the women’s singles crown with her Black Swan routine

Vancouver Island pooches celebrate National Puppy Day

Check out some of the submissions we received from around the region

MLA Report: Lowering the voting age to 16 in BC

By Andrew Weaver On March 13, I introduced for a third time… Continue reading

Alberta tells B.C. to stop opposing pipelines if it doesn’t like gas prices

John Horgan said he would like to see the federal government step in to deal with high gas prices.

Comox Valley hospital operating above patient capacity

The new healthcare facility averaged a 110 per cent patient volume between October and February

B.C. mother hit in truck rampage dies

Family confirms mother of four Kelly Sandoval dies almost two months after being hit.

Most Read