麻豆影视

The privacy commissioner鈥檚 office is considering an audit of select government departments after a federal agency lost personal information of more than half a million student-loan borrowers.

Assistant privacy commissioner Chantal Bernier says her office may audit departments that have large volumes of sensitive data after conducting an investigation into the loss of a portable hard drive containing files of 583,000 people who held student loans from 2000 to 2006.

Human Resources and Skills Development Canada said last week that the missing device contains student names, social insurance numbers, birth dates, loan balances and contact details, but not the borrowers鈥� banking information. Personal contact information of 250 department employees was also on the hard drive.

Student-loan borrowers from Quebec, Nunavut and the Northwest Territories are not affected.

The RCMP is also looking into the matter.

Meanwhile, a Newfoundland lawyer said this week he plans to file a class-action lawsuit against the federal government on behalf of students wishing to pursue legal action.

In an interview with CTV Atlantic, Bernier said she hopes the hard drive has not fallen into the wrong hands.

鈥淭hat is what everyone hopes, of course,鈥� she said.

She said a possible audit of other government departments will look at how sensitive data is stored on portable hard drives, USB keys and mobile devices.

鈥淒o they have the right policies to ensure their safety? That鈥檚 another angle to look at the systemic issues at hand here,鈥� Bernier said.

Bernier said the national privacy watchdog is trying to determine 鈥渆xactly what happened and why it happened鈥� when the hard drive went missing from HRSDC鈥檚 Gatineau, Que. office.

Even when strict data-storage policies are in place, human error is the main cause of privacy breaches, she said.

Bernier said it鈥檚 difficult to assess the risk to affected student-loan borrowers because no one knows what happened to the data.

鈥淲e don鈥檛 know where that hard drive is. Is it in the wrong hands, or is it just in the wrong place? So when we have more on that, then we鈥檒l be able to see exactly the risk that鈥檚 been created.鈥�

Human Resources Minister Diane Finley has called the privacy breach 鈥渟erious鈥� and 鈥渦nacceptable.鈥�

She requested last week that all departmental employees participate in mandatory training on a new security policy, which bans portable hard drives and unapproved USB keys.

HRSDC said it will send out letters to all those affected -- if the department has their current contact information.

Others can call a toll-free number, 1-866-885-1866 (or 1-416-572-1113 for those outside North America) to find out if their files were on the missing hard drive.

鈥淚 think, already, a big consequence has been loss of trust,鈥� Bernier said. 鈥淚 think if you look at the reaction of Canadians, they are shaken in their trust. That, of course, is a huge consequence for the department.鈥�

One digital security expert says the Canadian government has a lot of catching up to do when it comes to safeguarding sensitive information.

鈥淲hat I can comfortably say is that Canada is five-plus years behind our U.S. colleagues,鈥� Tony Busseri, CEO of Route1 Inc., told CTV鈥檚 Power Play.

He said data security in the private sector is not much better.

鈥淐anada as a whole, whether it be a Fortune 100 (company), whether it be our federal or provincial governments, we鈥檙e just flat-out behind what best practices are,鈥� Busseri said.

With a report from CTV Atlantic