As you consider next year’s business plan, you should also evaluate your company’s internet security practices. Recognizing the weaknesses of your privacy protection strategy is the first step toward fixing it. This is a review of the privacy breaches of 2015 may help you in that analysis.
Healthcare breaches and mishaps
In 2015, Canadian healthcare providers felt the impact of recent and old privacy breaches. Here are just a few:
- In June, Newfoundland and Labrador’s largest health authority, Eastern Health, lost a hard drive containing the names and social insurance numbers of 9,000 employees.
- Medical marijuana users filed a class-action lawsuit against Health Canada for a privacy breach that resulted in their private information being mailed to the wrong recipients.
- The Privacy Commissioner of New Brunswick reprimanded the Department of Health for a 2013 privacy breach that led to 114 Medicare cards being sent to the wrong addresses.
The high value of healthcare data to criminals is obvious. These breaches demonstrate the need for hospitals, clinics and patient service providers to have strong data protection systems in place.
Recently, someone found the private information of over 200 people on the computer of a former employee of a former contractor of a major Canadian communications provider. A thief could easily have stolen their names, credit card numbers, and social insurance numbers. The chain of information can become quite convoluted, but the consequences of a break in privacy remain the same.
Not all of 2015’s data breaches involved internet theft and hacking. This year, British Columbia’s Ministry of Education misplaced an unencrypted hard drive, putting the personal information of millions of students at risk. The Ministry had used this unsecured hard drive to back up files, but apparently it had not been properly tracked or secures.
A business can easily prevent this sort of incident with a professional media storage and rotation service, which offers continuous tracking of backup hard drives and media.
This summer, a Canadian doctor pled guilty to two counts of failing to protect personal health information. Someone had found ten thousand unprotected patient health files in the basement of a former Manitoba health clinic. As demonstrated in this case, improper storage of records can create huge legal problems for individuals and organizations alike by putting private data at risk.
In another alarming breach this year, a school district in British Columbia accidentally sent a personal student information printout to the wrong parents. A similar event occurred last year in the Surrey school district.
In Newfoundland and Labrador, the Department of Health and Community Services inadvertently mailed beneficiaries information that had been intended for other people. Each of these privacy breaches points to a need for strict chain of custody protocols when handling confidential personal information.
Negligent document disposal
Negligent document disposal continues to be a problem for many organisations. Earlier this year in Victoria, police investigated a privacy breach when several boxes of personal records were found in a downtown cardboard recycling bin. Employee payroll files were discovered along with other items.
Fortunately, when businesses take advantage of a professional paper shredding solution, these appalling events can be prevented.
Privacy protection begins with awareness. Reviewing these security breaches of 2015 should give you an idea of how to be better prepared for next year’s security challenges.
Docu-Dépôt provides records and information management services for businesses in Montréal and throughout Québec. For more information, please contact us by phone or complete the form on this page.
HOURS OF OPERATION
Open to the public during the following hours:
Mon-Fri from 8:00-17:00
After 17:00 Dial (514) 271-3223 ext 299 and leave a message. We will contact you within 5 minutes.
© Copyright 2017 Docu-Dépôt. All Rights Reserved.