A recent report by B.C.’s privacy commissioner claims that there is room for improvement in the provincial government’s approach to reporting privacy violations and suspected data breaches. In her report, Elizabeth Denham said “the government system of managing privacy breaches is solid.” The government has a firm foundation for addressing privacy violations, and breaches are corrected relatively quickly and effectively.
However, recent reporting numbers indicate that there is progress to be made by the province in the area of openly reporting both breaches and suspected violations. Of the nearly 3,000 breaches documented from April 2010 to December 2013 (an average of three breaches per business day), only one per cent were relayed to the Office of the Information and Privacy Commissioner. In the report, Denham recommended that the government “raise the threshold of when to report to [her] office.” Denham also commented on the possibility of recommending changes to the Freedom of Information and Protection of Privacy Act “to notify individuals and her office when significant privacy breaches occur.”
The report noted that most of the disclosed breaches were preventable, occurred due to human error, and affected only one or two persons. The recommendations in the report proposed that the government implement a continuous improvement process, conduct internal auditing, and provide training for staff.
The Commissioner’s insight also raises the question of whether the reporting of such breaches (both to appropriate authorities and to those affected) should be mandatory.
To access the full report of the B.C. Privacy Commissioner, click here.