Personal information leaked from DFAIT database
The Office of the Privacy Commissioner of Canada (OPC) investigated a Privacy Act complaint after media reported on the leak of a Canadian citizen's personal information from a Department of Foreign Affairs and International Trade (DFAIT) database. The investigation found that DFAIT lacked adequate controls, such as audit trails, to prevent or track unauthorized access and disclosure of the information. DFAIT agreed to implement better guidance and explore system changes to enhance security.
- Adequacy of security measures for personal information held in departmental computer systems.
- Lack of audit trail capability to track access to personal information.
- Responsibility of government institutions to protect personal information under the Privacy Act.
Complaint well-founded — corrective measures taken
The investigation confirmed a leak of personal information from a DFAIT database and found that the department lacked sufficient controls, such as audit trails and access restrictions, to protect the information, leading to a well-founded finding.
AI-generated summary for reference only. Always verify against the official decision ↗
DFAIT agreed to prepare better guidance on sharing personal information and explore changes to its computer system to enable audit trails and restrict access to files.
- Privacy Act
This summary is informational only and not legal advice.