Democracy Gone Astray

Democracy, being a human construct, needs to be thought of as directionality rather than an object. As such, to understand it requires not so much a description of existing structures and/or other related phenomena but a declaration of intentionality.
This blog aims at creating labeled lists of published infringements of such intentionality, of points in time where democracy strays from its intended directionality. In addition to outright infringements, this blog also collects important contemporary information and/or discussions that impact our socio-political landscape.

All the posts here were published in the electronic media – main-stream as well as fringe, and maintain links to the original texts.

[NOTE: Due to changes I haven't caught on time in the blogging software, all of the 'Original Article' links were nullified between September 11, 2012 and December 11, 2012. My apologies.]

Thursday, December 12, 2013

NDP urge investigation of privacy breaches at Canada Revenue Agency

OTTAWA – The Opposition New Democrats want an investigation of new privacy concerns at the Canada Revenue Agency after the agency was unable to tell the NDP just how many privacy breaches it had sustained in the last 10 years.

The agency was asked by the NDP for information on how many data, information and privacy breaches had been recorded in each year between 2002 and 2012. Some other departments were able to provide data on privacy breaches, with the results showing more than 3,000 recorded breaches with almost 87 per cent of those breaches not reported to the privacy commissioner.

The NDP asked CRA twice for that date, only to be told both times that the CRA couldn’t provide any details because a search of records would be too cumbersome and time-consuming.

The NDP asked for the number of breaches per year, the number of affected people per breach, the number of breaches reported to the privacy commissioner and how many breaches led to criminal activity — only to be told this week that the agency “does not capture the information by breach.” The agency said a “manual search of records would have to be undertaken to extract the data.”

The NDP’s ethics critic, Charlie Angus, sent two letters this week, the first to the privacy commissioner’s office requesting a deeper probe into the CRA, weeks after the commissioner’s office released a critical audit of agency practices. The second letter went to the minister in charge of the CRA, asking her to conduct an internal investigation given the agency apparently “did not have a proper system of quality control or checks in place.”

In the letter to Minister of National Revenue Kerry-Lynne Findlay, Angus argued the agency’s response to NDP questions essentially told Canadians the CRA “did not have a proper system of quality control or checks in place” to protect taxpayers’ sensitive personal information.

“It is concerning that the Canada Revenue Agency compels our senior citizens to go online and do their taxes and yet you cannot guarantee them they won’t lose their often sensitive data,” Angus wrote.

“The Canada Revenue Agency is a governmental department that handles some of the most sensitive personal information that Canadians are compelled by force of law to provide to the government. One would hope therefore that it would be more advanced in data breach management — not entirely incapable of tracking and reporting.”

A spokeswoman for Findlay didn’t say if the government would launch any review, but that it would work closely with the privacy commissioner’s office.

“Our government takes the privacy of Canadians very seriously, especially the proper handling of sensitive personal information,” Julie Carmichael said in an email. “We will continue to work closely with the privacy commissioner to ensure that the privacy of Canadians is protected.”

The CRA has drawn the attention of the privacy commissioner before. The commissioner released a special audit in late November that suggested the agency still had work to do to ensure its employees weren’t snooping around in taxpayers’ files without anyone at the agency knowing.

The CRA has launched projects to better track which files employees access, and to have a better password management system to ensure the person logging in is the actual employee entitled to do so, and not an impostor. In 2016, the agency plans better oversight of who has access to its system, and how much access they can receive.

Original Article
Source: canada.com/
Author:  Jordan Press

No comments:

Post a Comment