An employee of Human Resources and Skills Development Canada (HRSDC) recently misplaced an unencrypted USB drive containing sensitive data on approximately 5,000 Canadian citizens.
"The lost data, which was reported to the HRSDC on Nov. 17, included names, Social Insurance Numbers (similar to Social Security numbers) and other information criminals could use to defraud victims," writes TechNewsDaily's Ben Weitzenkorn.
"The department, which handles a variety of files including pensions, old age security, employment insurance and childcare tax credits, says all those affected have been contacted. ... HRSDC said it has seen no evidence that any of the information contained on the missing USB key has been used for fraudulent purposes," The Canadian Press reports.
"According to Anne-Marie Hayden, spokeswoman for the federal privacy commissioner, the office has received about 90 calls from affected individuals since HRSDC reported the breach on Dec. 21," writes The Toronto Star's Rachel Mendleson. "'There was clearly quite sensitive personal information involved and that’s clearly why individuals are expressing their concern to us,' Hayden said."
"The Treasury Board of Canada sets the rules for how federal departments handle private information of Canadians and breaches of privacy," write The London Free Press' Scott Taylor and Randy Richmond. "For example, the board recommends mobile-computer devices be encrypted to protect the private information they carry. That’s a policy Human Resources and Skills Development Canada generally follows, but did not in this case, spokesperson Christian Plouffe said in an e-mail."