The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Wednesday, September 21, 2005
Thanks to Mathew Englander for pointing me to the following press release, from a school board in Saanich, a suburb of Victoria, British Columbia:
As a result of a break-in at the Saanich School Board Office on Monday, September 19, 2005, a number of items were stolen including a small safe. Damage was also done to the two buildings affected as the thieves broke into locked and secured areas.
The contents of the safe included back-up computer tapes that contained employee, financial and student information records. All information was saved in a secure manner which would require significant technical expertise and the use of specialized computer equipment and software to access. While the potential for the data to be accessed in a usable format is small, the School District is now taking steps to inform employees and parents of the theft of these backup tapes. Releasing this information sooner had the potential of compromising the police investigation.
Employees will be advised to take precautionary steps to address potential identity theft. Parents will be advised that the backup tapes included student information such as names, addresses, phone numbers, courses and grades.
Superintendent Keven Elder said, “We regret that this incident occurred, and have been assured by the police and our insurance providers that appropriate procedures for safeguarding this information were in place. We are working closely with the Central Saanich Police Department to support the ongoing investigation and retrieve the stolen goods.”
From the carefully worded release, it's apparent that the data was not encrypted. The tapes may require a "specialized" reader and specific backup/restore software, but I don't think this will be of any comfort to a sophisticated person whose information was on the tape.
All together now: "Encrypt your data."
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.