Heartbleed bug shows government has work to do protecting privacy

Privacy concerns never leave the headlines for long anymore.   It seems the price we pay for digital convenience is that many details of our lives are more exposed to both accidental and criminal risk.   While we may accept the idea that criminal elements will attempt to obtain and potentially make use of our private information, we have every right to expect our government will do everything it can to protect what sensitive information it controls.  That is why it is so disappointing when we learn that the government has fumbled on that front, again.

Most recently we have seen governments and the business community scrambling after revelations that the Heartbleed bug exposed sensitive information from internet activity that was believed to be secure.  News stories have circulated with revelations of what sites have been compromised and which have proven secure against the programming glich.  One of the sites compromised is that of the Canada Revenue Agency (CRA).

What we know is that the personal information of 900 Canadians was stolen from CRA’s website due to the Heartbleed security breach.   What we don’t know is how the government plans to deal with this breach.  Let’s be clear, this isn’t a trial run for the government when it comes to security breaches related to the personal and sensitive information of Canadians.

It wasn’t that long ago we learned how an external hard drive that contained personal information related to 583,000 Canada Student Loan recipients was lost by Employment and Social Development Canada.   A report tabled in Parliament this March outlined how that agency had not even followed its own security protocols with all manner of portable storage devices.  It shows that even when best practices are determined, if they are not implemented, they won’t work.

The government needs to be proactive and honest with Canadians, especially those whose data has been compromised.   With the latest breech at CRA we don’t know what kind of data the hackers accessed, what the government’s plan is to protect people who filed their taxes online, or how they will ensure that this does not happen again.

 This is not the first security breach with the CRA, either.   In 2011 it was revealed that a CRA employee had snooped in the personal files of hundreds of Canadians, accessing over 37,000 emails and nearly 800 documents.   Also, just four years ago, a CRA employee lost a laptop with 2,700 Canadians’ tax information. 

The lack of transparency from the government on these incidents simply isn’t good enough.   Increasingly, Canadians are being asked to interact with their government digitally.  To do so they need to be confident that the information they are sharing will be vigorously protected.