Classified data left on old government computers donated to schools was one of the security lapses cited by Canada's privacy watchdog Tuesday in a report warning that careless federal agencies put sensitive personal information at risk.
Some government agencies were not adequately protecting information on their smartphones and not all paperwork being sent to contractors for disposal was properly shredded, Privacy Commissioner Jennifer Stoddart also said in her annual report to Parliament.
"Our audits turned up some disturbing gaps in the privacy policies and practices of government institutions," Stoddart warned in a statement.
Tests on computers that federal agencies routinely donate to schools found that many had hard drives that were not properly erased to remove old data, including classified information.
"The information on several hard drives was so sensitive that we took immediate steps to have them returned to their originating department," the report said.
Inspectors checking on five government agencies that handle large amounts of private data found they lacked adequate password protection on cellphones, and laptop computers had unencrypted data that could have been intercepted.
Investigators also confirmed media reports last year that a former employee of Canada Revenue Agency posted the personal tax information of several high-profile athletes on an Internet chat group.
At least three workers also improperly checked on the tax files of well-known people, although their motivation appeared to be personal curiosity rather than malice, and they did not leak any information, the report said.
Two workers were fired and one suspended, the report said.
The report gave good marks to agencies that oversaw security for the 2010 Winter Olympics in Vancouver, saying they did a good job balancing the need to protect the event and protecting the privacy of athletes and spectators.