Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Notification Delayed Months after SSNs and birthdates of 40,000 stolen in Hawaii | Main | New Privacy Director At the TSA »

Health Information On Computer Stolen From Vancouver Office

Today The Chilliwack Progress reported that a computer disk containing confidential information about Vancouver’s Fraser Health Authority (FHA) employees and their participation in counseling services was stolen in March along with the computer it was in from the Vancouver office of the Employee and Family Assistance Program (EFAP) run by the Vancouver Coastal Health Authority.

"Fraser Health Authority (FHA) employees have been warned that some of them who used an ultra-confidential counselling service may have had their privacy breached as a result of a theft of a computer.  The computer with a disk inside it went missing in March from the Vancouver office of the Employee and Family Assistance Program (EFAP) run by the Vancouver Coastal Health Authority.  The disk contained the names, birth dates, contact information and referral reasons for thousands of Lower Mainland health workers who sought help for intensely personal problems.  The service offers help with relationship counselling, drug or alcohol addictions, sexuality questions, abuse, loss and grief, and stress or emotional traumas - among other issues.  "People who use the EFAP program are often going through a crisis of some kind," said Hospital Employees' Union spokesman Mike Old. "The theft of that information is of great concern to the union and its members."  Fraser Health Authority spokesman Paul Harris said the authority doesn't know how many of its employees are affected.  "Because it's a confidential service we have no idea who has used it," he said.  Old said the HEU is troubled that health authority employees weren't notified of the theft until April 6 - 10 days after it happened.  The notification from EFAP indicated the data had some degree of encryption and might not be readily viewable.  "We have no reason to believe that the individual who stole the equipment is even aware or has any plans to use the information," it says.  EFAP says it is reviewing its security measures.  B.C.'s Information and Privacy Commissioner is investigating the theft and monitoring the response."

I wonder what "some degree of encryption" means?  Since it then goes on to say "and might not be readily viewable" I wonder if this really means the data was scrambled if viewed as a raw data file, but actually viewable through the software it is used with?

It will be interesting to see what actions the British Columbia Information and Privacy Commissioner takes.  Would this be a possible violation of PIPEDA?

Technorati Tags





 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on April 16, 2006 7:39 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/55

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.