Mr. Speaker, on November 23, I asked a question regarding the theft of a government computer from the home of a HRSDC employee. The computer contained files with the detailed personal information of over 1,200 seniors and their spouses. These seniors are CPP applicants from the Maritimes, and the information on these records included names, addresses, social insurance numbers, dates of birth, and banking information.
I am concerned about a number of issues arising from this incident.
First, the data on the stolen computer was not encrypted. Encryption refers to changing information to make it unreadable to anyone except the person who has the key required to decode it. It is a very common process used to protect sensitive computer files. Why was the data on this employee's computer not encrypted? It would seem to me to be a necessary tool to protect electronic information, especially on computers, that will leave departmental premises.
In addition, we may need a review of the way that client records are handled within government organizations like Service Canada. Recently in Britain, similar data on about 25 million people was lost by a British civil servant. What is the government's security process when dealing with this type of information internally? How does the government ensure security of electronic files when employees work from home? How does it track whether employees are following this process?
How does the government ensure online security? A Canadian applying for a passport online discovered last week that Passport Canada's website was not as secure as it claimed to be. Jamie Laning of Huntsville, Ontario was able to access the records of other passport applicants by simply changing one character on the website address. He notified Passport Canada immediately, but who knows who else might have discovered this security flaw and used it to his or her advantage. It is unacceptable for the websites of government departments, which frequently handle the confidential records of millions of Canadians, to have these kinds of security defects.
Finally, I would like to know why the government did not see fit to notify financial institutions that 1,200 people's banking details were being compromised?
When the Parliamentary Secretary to the Minister of Human Resources and Social Development responded to my question, she noted:
There is a process in place and we are doing everything possible to ensure this is taken care of.
I would like to know in detail what this process is and what has been done up to this point to ensure that the information provided by these seniors is secure and to ensure that they do not become victims of identity theft. The people affected were notified by letter, but has anything else been done since? Has the computer been recovered?