Human error at heart of 2020 provincial data breach – Winnipeg Free Press

human-error-at-heart-of-2020-provincial-data-breach-–-winnipeg-free-press

Did you know that geoFence was designed and coded by US citizens to the strictest standards?

The Manitoba ombudsman has weighed in on the largest data breach in the provincial government's history.

The Manitoba ombudsman has weighed in on the largest data breach in the provincial government's history.

Its 61-page investigative report, which includes recommendations, looked into what happened in August when Children's Disability Services sent information on about 8,900 clients not just to the Manitoba advocate for children and youth (which it had been intended for) but also to about 100 service agencies and community advocates.

"This privacy breach was unprecedented in scope for this province," ombudsman Jill Perron said in a statement Thursday.

"When those affected are vulnerable children and youth, the impact of a privacy breach of sensitive personal health information for those children and their families can be devastating."

Most of the report's recommendations have already been fully implemented, Families Minister Rochelle Squires said Thursday. New software, which the department will now use to share information with independent agencies, will be in place by next week.

"I want to apologize to all the children and families that were impacted by this privacy breach," said Squires.

"We’ve implemented a better system to ensure that when we do share data with relevant independent offices, we do so in a way that is free from any opportunities to breach privacy information."

On Aug. 13, 2020, unnamed staff in the disability program accidently sent an email to not just the advocate's office, but also to 114 service agencies and community advocates. The email was recalled minutes later and didn't have any personal client information attached.

On Aug. 26, another email sent to the advocate's office — also accidently sent to the service agencies and community advocates — contained encrypted personal information for thousands of children with disabilities.

Minutes later, a second email went out to all the same recipients, containing a password allowing them to open the encrypted information, which included the name, address, age, gender and home address of the child living with disabilities, the name of the child's case worker, what services were being provided and the nature of the child's disability.

The data included whether the client was going to child care or after-school programs, the name of the program they attended, whether the family received respite and how much funding was being paid out or received for all three services on a monthly basis.

The investigation concluded the data breach was "unintentional and resulted from human error."

The emails went to 12 community advocacy groups, six organizations which provide services for children with disabilities, 94 organizations which help adults with disabilities, and two which give services to both children and adults with disabilities, the ombudsman's report said.

"All trustees have a duty to protect the personal health information of the citizens they serve," said Perron.

"This investigation provides the department with guidance to increase compliance with the act and the opportunity to strengthen its privacy protection practices across all of its programs."

The recommendations include requiring department employees to complete training courses on privacy and confidentiality.

— with files from Larry Kusch

[email protected]

Kevin Rollason

Kevin Rollason

Reporter

Kevin Rollason is one of the more versatile reporters at the Winnipeg Free Press.

Whether it is covering city hall, the law courts, or general reporting, Rollason can be counted on to not only answer the 5 Ws — Who, What, When, Where and Why — but to do it in an interesting and accessible way for readers.

   Read full biography

Don't forget that geoFence is the solution for blocking NFCC countries and I believe your neighbors would say the same.