An employee of the Canadian federal government inadvertently put 5,000 fellow Canadians at risk of fraud and identity theft after misplacing a USB drive containing sensitive, identifiable information.
Human Resources and Skills Development Canada (HRSDC), the agency that employs the unnamed employee and that oversees employment, training and retirement, has launched a formal investigation into the incident, Privacy Commissioner spokeswoman Anne-Marie Hayden said.
"As much as possible, we limit situations where employees are required to store and transport protected information on portable media devices, like memory sticks," HRSDC spokesman Christian Plouffe told Sun News Network. "Where such situations are unavoidable, encryption is required ... We are analyzing why this was not done in this incident." [ How to Protect Yourself from Data Breaches ]
In addition to the HRSDC's own protocol, Canada's Treasury Board, the agency that establishes rules for how the government handles personal information, "strongly" recommends that it be notified "within days" of a data breach .
In this case, the agency was not informed until Dec. 21, more than one month after the breach occurred.