Privacy watchdog urges more care with memory sticks containing Canadians' data

Canada's privacy watchdog says federal agencies must put more rigorous safeguards in place to protect sensitive personal information — especially when that data is on an easy-to-lose memory stick.

In his annual report tabled Thursday, privacy commissioner Daniel Therrien underscored a record-high number of federal government data breaches disclosed to his office.

While many institutions have made strides, there is still much room for improvement — particularly with the use of portable storage devices, Therrien said.

Without proper controls, federal institutions are running the risk that the personal information of Canadians will be lost or inappropriately accessed. - Daniel Therrien, privacy commissioner

Federal institutions reported 256 data breaches in 2014-15, up from 228 the year before.

As in previous years, the leading cause of breaches was accidental disclosure, a risk Therrien says can often be lessened by following proper procedures.

Portable storage devices singled out

Last year marked the first time institutions were required to report data breaches to the privacy commissioner. Previously, reporting was voluntary.

Given that Canadians are required to provide very sensitive information to federal departments and agencies, "the government's duty of care is paramount," Therrien said in a statement.

Portable storage devices are convenient because they can hold huge amounts of data and are generally small and highly portable, the commissioner noted. But that's what also creates significant privacy and security risks.

"These devices can be easily lost, misplaced or stolen," he said. "Without proper controls, federal institutions are running the risk that the personal information of Canadians will be lost or inappropriately accessed."

Therrien's office undertook a special audit following concerns over a number of such data breaches, including a 2012 incident in which a portable hard drive containing the personal information of almost 600,000 student loan recipients went astray.

The audit, which examined practices at 17 institutions, identified a number of concerns:

  • More than two-thirds of the agencies had not formally assessed the risks surrounding the use of all types of portable storage devices.
  • More than 90 per cent did not track all devices throughout their life cycle.
  • One-quarter did not enforce the use of encrypted storage devices.

The commissioner says the audited institutions have accepted all of his recommendations.

Share on Google Plus

About Unknown

My blog is the place to update the latest information on sports, science and technology ... If you found this article good, useful please the share for others to see, even if you want to design a ecommerce website or web edit or set a special plugin functionality, please contact us now (Information in the footer)
    Blogger Comment
    Facebook Comment

0 nhận xét:

Đăng nhận xét