Investigations highlight need for stronger measures to protect privacy at federal departments and agencies

Summary:

The Privacy Commissioner of Canada (OPC) has released two Special Reports to Parliament highlighting privacy concerns and security breaches at federal government departments and agencies. The reports detail two investigations:

1. A cyber-breach at Employment and Social Development Canada (ESDC) and the Canada Revenue Agency (CRA), resulting in the fraudulent access and use of sensitive personal information, leading to numerous cases of fraud and identity theft.
2. The Royal Canadian Mounted Police's (RCMP) use of private-sector surveillance and monitoring services, including a contract with a US company for its Babel X service, which raises concerns about the RCMP's compliance with Canadian privacy laws.

The OPC recommends improved security safeguards, due diligence, and incident-response processes to prevent and mitigate future breaches. Additionally, the OPC calls for more transparency from the RCMP about its collection of personal information and stricter vetting of third-party services to ensure compliance with privacy laws.

Key Takeaways:

Cyber breaches and inadequate security safeguards pose significant risks to privacy
Federal government departments and agencies must improve their incident-response processes and due diligence
* The RCMP must be more transparent about its collection of personal information from open-source intelligence gathering and implement stricter vetting of third-party services