Canada Border Services Agency’s Unauthorized Disclosure of Employee Personal Information Extracted from the Corporate Administrative Software Portal
This report details an investigation into the unauthorized disclosure of personal information of over 18,000 Canada Border Services Agency (CBSA) employees due to improperly shared spreadsheets. While the CBSA contravened section 8 of the Privacy Act by disclosing information beyond what was necessary for the stated purposes, the agency took appropriate steps to notify affected individuals, contain the breaches, and implement measures to prevent recurrence. These measures included new data request procedures and the development of a new information management system.
- Whether the CBSA contravened section 8 of the Privacy Act by disclosing personal information.
- Whether the CBSA took adequate steps to notify affected individuals.
- Whether the CBSA took adequate steps to contain the impact of the breaches.
- Whether the CBSA took adequate steps to reduce the risk of future breaches.
Complaints found well-founded and resolved.
The CBSA contravened section 8 of the Privacy Act through over-disclosure of personal information. However, the agency's subsequent actions to notify, contain the breaches, and implement robust measures to prevent future incidents were deemed appropriate and satisfactory, leading to the resolution of the complaints.
AI-generated summary for reference only. Always verify against the official decision ↗
The CBSA was required to notify affected individuals, contain the breaches, and implement measures to reduce the risk of future occurrences, which included new data request procedures and the development of a new information management system.
- s. 8 Privacy Act
This summary is informational only and not legal advice.