dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1706
share rss forum feed


Rifleman
Premium
join:2004-02-09
p1a
reply to lugnut

Re: [Serious] HRSDC does it again!!!

What probably happened is the data was kept on that one stick for various people who needed that data to use. Someone either lost it or misplaced it.

peterboro
Avatars are for posers
Premium
join:2006-11-03
Peterborough, ON
reply to Mike2009
said by Mike2009:

I've heard from several people who have been notified and they're not happy.

Class action like one being initiated in Peterborough against the hospital.

MichelR

join:2011-07-03
Ottawa, ON
Reviews:
·Start Communicat..
·voip.ms
·Rogers Hi-Speed
reply to Rifleman
said by Rifleman:

What probably happened is the data was kept on that one stick for various people who needed that data to use. Someone either lost it or misplaced it.

You keep that kind of stuff on secure servers, not on a USB stick or portable drive. Confidential data should not leave the office anyway.


Mike2009

join:2009-01-13
Ottawa, ON
kudos:3
Reviews:
·TekSavvy DSL
said by MichelR:

said by Rifleman:

What probably happened is the data was kept on that one stick for various people who needed that data to use. Someone either lost it or misplaced it.

You keep that kind of stuff on secure servers, not on a USB stick or portable drive. Confidential data should not leave the office anyway.

Exactly. We're not allowed to leave the office with confidential documents containing personal information.


urbanriot
Premium
join:2004-10-18
Canada
kudos:3
Reviews:
·Cogeco Cable
reply to MichelR
said by MichelR:

You keep that kind of stuff on secure servers, not on a USB stick or portable drive.

And even backed up onto a removable media, like tape, it should be encrypted.

MichelR

join:2011-07-03
Ottawa, ON
Reviews:
·Start Communicat..
·voip.ms
·Rogers Hi-Speed
said by urbanriot:

said by MichelR:

You keep that kind of stuff on secure servers, not on a USB stick or portable drive.

And even backed up onto a removable media, like tape, it should be encrypted.

Always. Hell, even my own personal stuff at home is encrypted. It's not like it's hard.


Styvas
Go Canucks Go
Premium
join:2004-09-15
Hamilton, ON
reply to peterboro
said by peterboro:

They are obligated to notify her.

I doubt she's updated her address since she paid it off. They might not be able to reach her.
--
"Moving your Tylenol to the low shelf in your medicine cabinet is not the way to prevent children from falling off a stool when reaching for the top shelf." (said by Savant, May 2008)

peterboro
Avatars are for posers
Premium
join:2006-11-03
Peterborough, ON
said by Styvas:

said by peterboro:

They are obligated to notify her.

I doubt she's updated her address since she paid it off. They might not be able to reach her.

I have a relative who meets the criteria and hasn't changed his address so we'll see if something hows up.

NefCanuck

join:2007-06-26
Mississauga, ON
Reviews:
·voip.ms
reply to lugnut
Here's the problem with everyone saying "This shouldn't happen" you all want government workers to "work for their money" guess what that means?

It means that they have to have access to that data, whether by remote access or downloading files onto another medium to work elsewhere with them.

Remote access to be blunt is a right royal pain in the ass because the connections drop randomly causing work to be lost or worse yet data to be destroyed. Imagine the uproar if by remotely accessing an original file and a connection was lost, personal data was damaged / destroyed?

Should the copied data have been unencrypted? Hell no, if anything it should have been loaded onto a USB key that required a password and if the password check failed the data would automatically be destroyed (there are USB keys that offer that level of security)

But ultimately that type of security costs money, are you willing to pay for that?

NefCanuck


lugnut

@communications.com
Considering every low life government weasel working for the federal government starts off with pretty close to a 6 figure salary PLUS gold plated benefits and pension, I'd have to say WE ARE ALREADY PAYING for surgical precision when it comes to handling our data.

Besides, hardware is always the cheapest part of any IT budget. It's administrators and analysts and programmers and software licenses that cost the big bux.

I don't think it's outrageous to feel violated when one hears that half a million people were identity raped by a $5 USB key you can buy at any Staples outlet.

Besides, administering an IT system is MORE than just buying hardware and software and praying that it works together. It's up to the analysts and the PhD department heads to DESIGN AND IMPLEMENT PROCEDURES as well as hardware and software to insure that cockups like this and too many others like it SHOULD NEVER HAPPEN!

Frankly I'd have to say this justifies firing anyone who was responsible for setting up the procedures that allowed this to happen in the first place. The only things that should plug into the USB port of a government computer and be granted permission to work are a mouse, a keyboard and a printer. Granting file system access to a government networked computer's USB port is just sloppy administration and system design. Pure and simple.

And trust me, we're already paying these department heads quarter million dollar salaries.

No wonder we're pissed that we're not getting our money's worth.


urbanriot
Premium
join:2004-10-18
Canada
kudos:3
Reviews:
·Cogeco Cable
reply to lugnut
said by NefCanuck:

Remote access to be blunt is a right royal pain in the ass because the connections drop randomly causing work to be lost or worse yet data to be destroyed.

Whoever's responsible for your IT should probably be fired as well if that's the expectation you have. Citrix and Terminal Services have existed since the 90's and provided reliable connections over dial-up.

said by lugnut :

It's up to the analysts and the PhD department heads to DESIGN AND IMPLEMENT PROCEDURES as well as hardware and software to insure that cockups like this and too many others like it SHOULD NEVER HAPPEN!

Hah! Analysts and PhD department heads! Does a mechanic handle your dental hygiene too?

Really, it doesn't take a degree for someone to tell everyone else, "don't take sensitive data off site!"


lugnut

@communications.com
said by urbanriot:

said by NefCanuck:

Remote access to be blunt is a right royal pain in the ass because the connections drop randomly causing work to be lost or worse yet data to be destroyed.

Whoever's responsible for your IT should probably be fired as well if that's the expectation you have. Citrix and Terminal Services have existed since the 90's and provided reliable connections over dial-up.

said by lugnut :

It's up to the analysts and the PhD department heads to DESIGN AND IMPLEMENT PROCEDURES as well as hardware and software to insure that cockups like this and too many others like it SHOULD NEVER HAPPEN!

Hah! Analysts and PhD department heads! Does a mechanic handle your dental hygiene too?

Really, it doesn't take a degree for someone to tell everyone else, "don't take sensitive data off site!"

Actually have you ever looked at job postings for civil service management positions? Top department heads often, if not always, have advanced degrees in their fields.


loosedobbs

join:2006-06-13
Toronto
reply to lugnut
Sbrook where are you now? Remember when Bell started outsourcing and you were pissed with the possibility of the data loss/compromise, identity theft? Sbrooks should be more worried about the lazy Canadians than outsourced call centre data theft.

NefCanuck

join:2007-06-26
Mississauga, ON
Reviews:
·voip.ms
reply to urbanriot
said by urbanriot:

said by NefCanuck:

Remote access to be blunt is a right royal pain in the ass because the connections drop randomly causing work to be lost or worse yet data to be destroyed.

Whoever's responsible for your IT should probably be fired as well if that's the expectation you have. Citrix and Terminal Services have existed since the 90's and provided reliable connections over dial-up.

Believe me, I have no love for our funders IT department, but some of the problems to be fair, do come down to money. Buying licenses for updated versions of Citrix that can better manage users expectations and internet experience don't come free (even maintenance of the current version costs money now as I understand it)

Hell, we're still using a patched to hades & back version of Microsoft Office 2003

NefCanuck

IamGimli

join:2004-02-28
Canada
kudos:2

1 edit
reply to HoboJ
said by HoboJ:

It's mind boggling to think that my personal information can be moved around and/or stored on portable hard drives and usb keys. Such sensitive information should never be allowed to be put on portable digital media like on secure DND networks.

You mean those same "secure DND networks" whose workstations ALL have removable hard drives?

It is standard procedure for hard drives of classified or protected C desktops to be removable so that they are locked-up in appropriate secure filing cabinets/safes while not in use.

BTW there's absolutely no indication whatsoever that this was a USB drive. The only reference to USB in the referenced article refers to a PREVIOUS incident.

Don't let me interrupt the crazy-fest though, you guys are mildly entertaining.

peterboro
Avatars are for posers
Premium
join:2006-11-03
Peterborough, ON

1 recommendation

said by IamGimli:

Don't let me interrupt the crazy-fest though, you guys are mildly entertaining.

No problem, we'll continue on discussing privacy issues in relation to systems protocol and ignore your little superfluous post.

donaldk
Premium
join:2000-10-19
Halifax, NS
reply to lugnut
meh.. it's only Protected B info

when doesn't HSRDC screw up?


hm

@videotron.ca
reply to lugnut
Class action starting on this one. See:

Class action lawsuit launched against government over missing student loan info
»www.thestar.com/news/canada/arti···oan-info

By his estimation, nearly 1,600 student loan borrowers from across Canada have contacted him by phone, e-mail and their Facebook page.

Human Resources and Skills Development announced Friday that the external hard drive contained the private details of borrowers from 2000 to 2006. ...

Think you might be affected? The government has set up a toll-free number for inquiries about the lost data: 1-866-885-1866 (or 416-572-1113 for those outside of North America).

MichelR

join:2011-07-03
Ottawa, ON
Great. Guess who'll be paying for that.


hm

@videotron.ca
3 class actions!

Ottawa faces third class-action lawsuit over student-loan privacy breach
»www.theglobeandmail.com/news/pol···7531526/

I think a 4th may be in the works. Read Merchant Law (Tony Merchant) is also going in.

zod5000

join:2003-10-21
Victoria, BC
Reviews:
·Shaw
reply to lugnut
I might join in on these class action lawsuits.

I called HRSDC today and my info was compromised. The best they seemed to do was offer and apology and offer to send me a letter on how I could protect my info. They also informed me my SIN # would be flagged for a year, so any requests would require additional authentication.

It kind of sucks. At least when PSN (sony) was compromised they offered of constant credit report monitoring. IE one of those services that lets you get updates on you credit report so you can see if any new credit apps popped up that didn't originate from you.

I felt pretty let down that all I got was an apology. I signed up today for equifax's 30 day free credit report trail. So far so good.. no credit products that I didn't apply for myself.

The government should be held accountable, but it complete sucks that we back the government, so its really the people who pay because the government sucks at privacy protection.


hm

@videotron.ca
Four lawsuits now confirmed over this.

»www.cbc.ca/news/canada/windsor/s···its.html

Meanwhile, a kid who prevented a similar privacy breach was expelled by Dawson College.

Laidback

join:2001-09-30
Woodstock, ON
Reviews:
·Start Communicat..
reply to Mike2009
said by Mike2009:

People need to be fired for this. There's no excuse.

They will get a fucking gold plated termination package and then file a grievance with the union to get rehired. Win win situation.

peterboro
Avatars are for posers
Premium
join:2006-11-03
Peterborough, ON
said by Laidback:

said by Mike2009:

People need to be fired for this. There's no excuse.

They will get a fucking gold plated termination package and then file a grievance with the union to get rehired. Win win situation.

That's not what happens in the real world though.