UVic had policies in place to secure confidential data

Greater Victoria employers using data breach as a learning opportunity

Stolen information affecting the bank accounts of thousands of people would never have ended up in the hands of thieves if an existing policy was followed at the University of Victoria.

Before assigning blame, the school wants to wait for two reviews looking into whether an employee failed to follow policy by backing up confidential employee information to a device stolen 10 days ago.

According to UVic’s Information Security Policy, data such as social insurance numbers and financial information must be stored within a controlled-access system with the file being password protected or encrypted. The device must also be locked away.

The university has said the information on the stolen device was not encrypted or password protected, though it was locked up.

Regardless, UVic’s vice-president of finance and operations says she’s waiting on the reviews before determining if policy was breached.

“I think what we’re going to be looking at is: what’s in the policy? What are the specific procedures? And to what extent did this fit in with what was in that policy?” said Gayle Gorrill.

Employees at the university receive periodic training on how to properly handle private information, she added.

In 2009, more than 400 employees that have access to secure information went through a three-hour session on information security and privacy.

“We’ll be re-looking at this and asking, ‘do we need to do a refresher?’ I expect we will,” Gorrill said.

Ryan Berger, an executive in the Canadian Bar Association’s freedom of information and privacy subsection, says he anticipates UVic isn’t the only employer reviewing its security policies.

“When you see significant breaches that affect so many people, and it’s a well known public institution, it will raise the privacy profile and the importance of encrypting sensitive information and ensuring that organizations are appropriately protecting privacy,” said Berger, a partner with the Vancouver law firm Bull, Housser & Tupper.

That’s exactly what’s happening at the Vancouver Island Health Authority, which has nearly 18,000 employees and almost 2,000 physicians on its payroll.

“We’re really using this unfortunate situation as an opportunity for learning,” said Cathy Yaskow, director of information access and privacy.

Yaskow, whose department focuses much of its work on the protection of confidential patient information, said VIHA’s current system to protect its employees is secure and thorough.

“The majority of our information, including employee and banking information, is stored (in an encrypted network),” she said.

Any data that is saved to an external device is fully encrypted and stored in a locked safe, she said.

Camosun College, with slightly more than 1,000 employees, is also taking heed of the UVic breach.

“We have a database where this (similar type of) information is and it’s encrypted. We are not feeling like we’re in jeopardy,” said Denis Powers, executive director of human resources.

“We have not stored anybody’s personal, confidential information on devices or in modems that could be easily stolen.”

Unlike at UVic, there doesn’t exist any unencrypted (or encrypted, for that matter) file at Camosun that contains employee banking information and social insurance numbers.

Each individual piece of confidential information at Camosun is encrypted and stored separately on large, internal servers, Powers said.

Saanich police are continuing an investigation into a fraud, which stems from a break-in and theft at UVic on either Jan. 7 or 8.

The university is also conducting internal and external reviews into its policies. Additionally, the Office of the Information and Privacy Commissioner is looking into the release of information.

kslavin@saanichnews.com

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Comments are closed

Just Posted

Victoria man collects 28 bags of trash along two-kilometre stretch of highway

20-year-old spent 12 hours collecting garbage near Thetis Lake

Greater Victoria infrastructure get millions in investments to help with economic recovery

New community spaces, health centre, turf fields coming for region

Ryan Reynolds matching fundraising dollars for B.C.’s Great Bear Rainforest

Vancouver-born actor appeals to the public with Make Ryan Pay! campaign

Sidney neighbours host miniature Dinner en Rouge after COVID-19 cancellation

Group came together to celebrate Canada Day safely

Victoria International Airport rolls out health and safety initiative

YYJ limits who can enter terminal along with other added safety measures

13 new B.C. COVID-19 cases, Langley Lodge outbreak ends

Health care outbreaks down to four, 162 cases active

Alberta health minister orders review into response after noose found in hospital in 2016

A piece of rope tied into a noose was found taped to the door of an operating room at the Grande Prairie Hospital in 2016

B.C.’s major rivers surge, sparking flood warnings

A persistent low pressure system over Alberta has led to several days of heavy rain

B.C.’s Indigenous rights law faces 2020 implementation deadline

Pipeline projects carry on as B.C. works on UN goals

‘Mind boggling’: B.C. man $1 million richer after winning Lotto 6/49 a second time

David O’Brien hopes to use his winnings to travel and of course keep playing the lottery

B.C. teacher loses licence after sexual relationships with two recently-graduated students

The teacher won’t be allowed to apply for a teaching certificate until 2035

Lower Mainland teacher facing child pornography charges

Elazar Reshef, 52, has worked in the Delta School District

All community COVID-19 outbreaks declared over in B.C.

Abbotsford manufacturer cleared by Dr. Bonnie Henry

Most Read