Private data improperly sent to councillor
Copies of 7,000 residents’ names, addresses, more destroyed by office staff
More than 7,000 Torontonians are being told their personal information was improperly disclosed to a city councillors’ office, the Star has learned.
In a March 17 letter to 7,227 people in a program for senior citizens and disabled people who receive free sidewalk snow clearing, Vincent Sferrazza, a city transportation director, tells them of an “inadvertent disclosure,” which included their names, addresses and their status as either a senior citizen or disabled person.
The data was “provided in error” to a councillor’s office, Sferrazza wrote, apologizing and saying his department is working with the city clerk’s office to stop it from happening again.
After the Star obtained the letter, the city released a report on the incident.
The report says on Oct. 17, Coun. Josh Matlow asked transportation for a list of locations in Ward12, by street, and if the division had information about an area covered by a proposed pilot project to expand sidewalk snow clearing services.
“The councillor at no time requested personal information for those receiving this service,” the report states.
But a transportation employee emailed Matlow’s office an
Excel spreadsheet with the personal information — a breach of the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA).
“The disclosure of the information is attributed to a lack of understanding of both basic privacy principles as well as the role of elected officials and their right of access to personal information in relation to the City of Toronto as an institution under MFIPPA,” the report states.
“Ward councillors operating as constituency representatives do not have a special right of access to records containing personal information.”
The privacy breach was reported Dec.10 by another transportation employee. Matlow’s staff confirmed to the department that the spreadsheet had been deleted.
Inadequate privacy training for staff appears to be behind the incident, which wasn’t the first such breach, according to the report, which recommends education sessions and other steps to fix the problem.
“Disclosure of over seven thousand individuals’ personal information to fulfil a request that did not ask for that information demonstrates a fundamental lack of understanding of privacy and the relationship between the city and the offices of elected officials,” the report states.
“Moreover, it should be noted that a very similar privacy breach occurred with Transportation Services Division in 2009. That breach resulted in mandatory privacy training for all divisional staff.”
Matlow was not aware of the incident when contacted this week by the Star.
The councillor said he was happy to hear from his staff that the data had been destroyed after it was received in error.