The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Sunday, May 29, 2005
Yup. Better make darn sure your surplus computers are scrubbed of tax records, medical data and social security numbers. A hard lesson learned by the state of Montana:
Montana Leaves Private Info on Computers:
"The legislative audit, obtained Tuesday, blamed unclear state policy for the computer hard drives not being properly 'scrubbed' before the machines were donated to school districts, given to other state agencies or sold to the public.
'The state lacks a single clear policy instructing departments on information removal, assigning responsibility for defining sensitive data, and assigning responsibility for performing data removal and certifying the task has been accomplished,' the auditors said.
Janet Kelly, Department of Administration director, said in a written response that her agency immediately began crafting a more concise policy to ensure private information held by the government is not made public.
'The resulting language will require that all data must be irretrievably removed from the hard drive,' she said.
Jeff Brandt, acting chief information officer for the state, said Tuesday the new policy should be complete by mid-July. In the meantime, he said, a warning has gone out to all information technology officials throughout state government.
'We're telling folks to not make any assumptions about options for scrubbing disks,' he said. 'Err on the side of making darn sure they are scrubbed.'"
Thanks to beSpacific for the pointer to this article.
Labels: information breaches
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.