Friday, November 27, 2009

Minister looks clued out on privacy breach

Poor Ben Stewart. Up until the last days of the legislative session, most people didn’t even know he was in cabinet.
Now he’s a symbol of bungling.
Stewart, Westside-Kelowna MLA, is the minister of citizens’ services. He’s responsible, among other things, for the protection of the huge amounts of personal information citizens share — often involuntarily — with government.
And right now, it appears he isn’t doing a good job.
This all starts back in April, which is the root of the government’s problem.
The RCMP commercial crime squad got a search warrant for a government employee’s home. They were working with ICBC’s special investigation unit, which handles cases of fraudulent drivers’ licences and identity cards.
In the home, they found government files on 1,400 British Columbians that the employee had taken home from work. Names, addresses, birth dates, social insurance numbers, health numbers and information on income. As Privacy Commissioner David Loukidelis noted, the kind of information that makes it easy for criminals to get fake credit cards or commit identity frauds.
The RCMP notified the government right away (before, it’s worth noting, the election).
Up to this point, the only concern was whether safeguards were adequate. A minister can’t be held accountable if an employee steps out of bounds.
But from then on, the government acted incompetently.
It wasn’t until this month — seven months after being notified that peoples’ privacy had been breached and that they were vulnerable to fraud — that the government sent letters notifying the people that they should be on guard. (That was bungled too; some letters were misaddressed and sent to the wrong people, adding a second privacy breach.)
It was also not until this month that the employee was fired.
And the government never did voluntarily reveal the breach. Reporters from the Times Colonist learned of the letters and broke the story.
Even then, Stewart was less than open and, in fact, misleading. He said he had learned of the breach about two weeks earlier, omitting the fact the government had known since May.
And he said the RCMP discovered the files as part of an “unrelated investigation.”
But an investigation into fraud hardly seems unrelated to a trove of confidential information.
Stewart also failed to reveal that a second employee had been fired in connection with the breach. The Times Colonist reporters uncovered that fact as well. Stewart would not say what job the person had, but she apparently worked in the Public Service Agency — the lead human resources service for 30,000 government employees.
Stewart continued to flounder. He couldn’t, or wouldn’t, provide basic information about the events to reporters or in response to MLAs’ questions.
And while he said he had ordered a complete investigation weeks ago, on Thursday he said there were still no terms of reference for the review. That is simply not competent management.
It was an apt way for the Liberals to finish a difficult legislative session.
It raises three questions.
Why did the government wait seven months to notify 1,400 people their privacy had been compromised and they were at risk of credit fraud and identity theft? (The RCMP checked about 10 per cent of the files and concluded no fraud had yet taken place; but the information could have been sold or passed on long before then.)
Why was Stewart kept in the dark for seven months?
And why do ministers put up with this? Stewart is no dolt. He founded and grew Quails’ Gate Winery and has an impressive resumé, but he’s been left looking like a bungler.
One clue lies in how Stewart was advised, belatedly, of the breach. It wasn’t his deputy, or security officials. It was the Public Affairs Bureau staff, the governments’ PR arm, which finally told the minister. No one is saying how long the PAB staffers had the information.
It’s part of a pattern. Take the wildly inaccurate pre-election budget deficit and the broken promise on the HST. Look back on a session where cabinet ministers refused to answer basic questions about everything from health care to Olympic tickets.
When spin triumphs over openness and substance, bad things ultimately happen.
Perhaps Stewart, and other ministers, will decide it’s time to change course.


DPL said...

On Voice of BC Coelman was asked just when he found out about the files. well it seems that he and Mary P wern't told till around a month ago. Shock all over the place. So if the Cabinet Members who's ministires were involved knew nothing, why are they staying on as Cabinet Ministers? Might be something to do with the salary and perks. They have no shame. That makes three who should be out of a job

BC Liberals Suck said...

Citizens would be absolutely horrified if they knew how their information was collected, stored and disclosed by govt. agencies. There are essentially no checks, no balances, zero accountability, or training for employees, including those in positions of responsibility. This leaves a wide space for abuse of citizen's information, as this story highlights.

Each Ministry has individuals in charge of FOI, who are likely PAB employees, reporting to the Premier's office (not the Ministers). It is a highly politicized process, set up to protect the Ministry, the employees of said Ministry and probably lastly Ministers, who really are not kept informed the way they should be.

As previous media stories have pointed out, government keeps track of and stalls certain people (often journalists, or activists) from accessing sensitive govt. info. They manipulate the legislation and force people to jump through hoops, or try to charge exorbitant fees to access info that is in the public's interest to know, or info about an individual who has had involvement with that Ministry.

The bigger issue, which most citizens have no idea about, is how this government has privatized much of the info collected by the BC govt. MSP, Provincial Revenue, all privatized. Where is our info now and how would we even know if it was disclosed and released to anyone? Answer: we don't and never will.

We don't even know if it is solely kept on servers in Canada, because most of the corporations who get the contracts are Canadian subsidiaries of American mega-corps. Think about that next time you cross the border. They probably know WAY more about you than you will ever know and you never even had the opportunity to give permission for your personal and private info to be disclosed in the first place.

Unfortunately the Office of the Information & Privacy Commissioner has proven less than effective, or efficient in handling investigations and complaints too. They can blame it on staffing levels, but this is a highly politicized office too and it is a real disappointment to examine this office's performance compared to other independent officers, such as the Auditor General, the Representative for Children & Youth and even the Comptroller General (who isn't independent).
Those officers have done their best to hold govt. to account where it was due. I don't think anyone could say the same of the OIPC which really just seems to sit on its hands and say, oops, we're hampered by legislation, too few staff, sorry, can't do anything. One should have a look to see how many of the Commissioner's decisions have been taken for Judicial Review. That is very telling too about how this office is working in the best interests of the people.

Anonymous said...

interesting how no names have been released. different policies for different people.

Anonymous said...

there`s lots of money to be stolen through identity theft, i`ve contended from the beginning that campbells regime is totally and completely involved in white collar crime. these latest revelations certainly don`t surprise me in the slightest and i just have to chuckle at all the indignation. the people of bc are just getting what they voted for.