By Lindsay Wiebe
Winnipeg Free Press
June 4, 2008
It took more than two months for a federal government agency to alert
32,000 farmers, including 7,000 Manitobans, that their private
information was in unknown hands after a laptop was stolen.
The news comes on the heels of an annual report released this week by
Canada's privacy commissioner, which blasted the private sector for
failing to protect personal information.
Although the theft happened March 30, Canadians weren't sent letters
until last week informing them their social insurance numbers, bank
account numbers and other data had been stored on a laptop stolen from
the Canadian Canola Growers Association (CCGA).
No details about the theft have been released by the association or by
Agriculture and Agri-Food Canada, the government department that used
the private data for canola payment programs, and wrote the roughly
"If they're devilish enough to steal a computer, maybe they're devilish
enough to do something with the information," said Cindy Kellendonk, a
Lac du Bonnet-area farmer who received a letter Tuesday stating that her
private information was on the stolen laptop.
Kellendonk is furious it took two months to hear about the theft, and
unhappy with the response she got from the agriculture department when
she called with her concerns. "What frustrates me is that they've
treated this like it's no skin off their back," she said.
Agriculture and Agri-Food Canada spokesman Sean Malone said the delay in
contacting farmers was necessary while the department consulted with the
privacy commissioner and the CCGA, and worked out logistics of sending
"The government takes any loss of personal information very seriously,"
said Malone, adding the agency felt the risk of the information being
misused was "relatively low."
The laptop was password-protected and secured with biometric
fingerprinting, said CCGA general manager Rick White, but the data was
not encrypted. He said the organization is now encrypting computer data
in light of the theft.
Pitblado LLP privacy lawyer Brian Bowman said the CCGA and agriculture
department deserve credit for notifying people of the breach -- a move
not required by Manitoba law.
However, he said those affected should take measures to protect
themselves. Situations can worsen in cases where thieves find more data
by dumpster diving, he said, pointing to a case in Winnipeg in recent
years where a crime ring compiled thousands of credit card statements
for identity theft.
Federal privacy commissioner spokeswoman Anne-Marie Hayden said her
office is aware of the incident and has received "a number of inquiries"
Earlier this week, privacy commissioner Jennifer Stoddart tabled her
annual report on whether companies are complying with Canada's Personal
Information Protection and Electronic Documents Act (PIPEDA).
She found many companies are failing to implement "elementary security
measures," such as using encryption on laptops. As a result, these
unprotected or stolen laptops, often containing customer information,
remain a "huge issue" for the private sector.
Copyright 2008 Winnipeg Free Press. All Rights Reserved.
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com