|
||
Research and retrieval of news articles by: SPECIAL NOTE TO ALL VISITORS: |
EMAIL MISTAKES BREACHING CONFIDENTIALITY AT THE CLICK OF A BUTTONSource: The Vancouver SunPosted on August 13, 2009 Last month, an employee at Coast Capital Savings picked the wrong distribution list when sending an e-mail, and in the blink of an eye information about more than 450 insurance clients was sent to 75 local media outlets. The information included names of individuals and companies, insurance policy account numbers, postal codes and information about claims made on the insurance. Whether the information is enough to lead to identity theft is one of the things the Office of the Information and Privacy Commissioner will be looking into. Names and phone numbers, for example, are common pieces of information and not that sensitive, OIPC's acting executive director Catherine Tully said in an interview. But the OIPC will have to look at what, if anything, can be done with a name and insurance policy number. These days, hitting the wrong button "is not uncommon," Tully said. "We've had a few breaches with a variety of organizations and public bodies, and it's a very similar thing. It's so easy." B.C. Civil Liberties Association policy director Micheal Vonn said e-mail mistakes are "increasingly the kinds of privacy breach we're seeing." "New technology - although it's not very new what's involved here - allows the dissemination of information instantaneously with the push of a button on a scale we never saw before in the paper-based world," Vonn said. "What the current problem illustrates is just how quickly, in a blink of an eye, a press of a button, something can happen. And you can't get it back. "Once your privacy is breached, all you can do is mitigate the breach, you can't actually restore your position." While businesses and governments will tell everyone repeatedly that these systems are secure, "the simple fact is that the minute you collate data electronically you have created a risk," Vonn said. "And the risk we are accumulating in terms of these electronic systems is vastly outstripping our ability to safeguard the information." When Vaclav Vincalek, president of Vancouver's Pacific Coast Information Systems, first started his blog two years ago, one of his first topics was titled E-mail is for losers. The problem with e-mail is that no one knows how to store it and there are no processes in place on how to use it, Vincalek said. It's the latter problem that arose in the Coast Capital case. Before e-mail, there were checks in place, where documents were reviewed before being sent. The same should be true with e-mails - there should be a vetting process, Vincalek said. "Right now with e-mail you have no work flow, you have no process," he said. Vincalek doesn't blame the sender, because e-mail makes that type of mistake easy. "How many organizations can say with a straight face that can never happen in our organization?" he asked. Coast Capital is reworking its e-mail distribution lists to ensure such a mistake won't occur again, the company's chief risk officer Philippe Sarfati said in an interview. All media contacts have now been removed from its global address book, which is accessible to all Coast Capital employees. In addition, the credit union is now in the process of removing all other external contacts from the address book. "We do have processes in place to deal with the protection of our data and our client information, but this is a classic case of human error which is an integral part of operational risk in any institution," Sarfati said. His job is to mitigate those risks, though they can't be avoided entirely. "You can't avoid these human errors," he said. "They happen."
E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes. |
ALERT WebTrust Is Your Best Defense Against Privacy Breaches. Get WebTrust Working For Your Site. |