Post-breach, federal staff ban portable data devices
OTTAWA — The federal department at the centre of amassive data breach says it is banning the use of portable data devices in its offices, using new technology to prevent information from being easily removed from the network and warning any staff that violation of the new rules could mean the loss of their job.
Human Resources and Skills Development Canada (HRSDC) said Monday that it will start using “data loss technology,” which would allow the department to restrict when, where and which staff can remove information from government systems. Reviews have already started to see what risks the use of secured, portable data devices, such as USB memory sticks, carry in the department’s work and whether there are enough safeguards to prevent another massive breach of personal information from happening again.
Should the “strict codes of privacy and security” not be followed, the department said, staff will face “disciplinary measures … up to and including termination.”
However, HRSDC wouldn’t say what has happened to the staff Human Resources Minister Diane Finley has said are facing disciplinary measures for their involvement in the loss of an external hard drive that contained the personal information of 583,000 Canada Student Loan borrowers.
Staff noticed the hard drive was missing on Nov. 5 but didn’t alert the department’s security officer until Nov. 28. It took until Jan. 11 before the public was made aware of the loss of personal information, including names, birth dates and social insurance numbers of those who received student loans between 2000 and 2006.
The data breach, which observers say is one of the worst in Canadian history, is the subject of at least four class-action lawsuits, with actions underway in Ontario, Alberta and Manitoba. A fourth has been filed in Federal Court.