32,000 farmers' data on stolen laptop

June 4, 2008

By Lindsay Wiebe

http://www.winnipegfreepress.com/breakingnews/story/4182176p-4771903c.html



It took more than two months for a federal government agency to alert 32,000 farmers, including 7,000 Manitobans, that their private information was in unknown hands after a laptop was stolen.

The news comes on the heels of an annual report released this week by Canada's privacy commissioner, which blasted the private sector for failing to protect personal information.

Although the theft happened March 30, Canadians weren't sent letters until last week informing them their social insurance numbers, bank account numbers and other data had been stored on a laptop stolen from the Canadian Canola Growers Association (CCGA).

No details about the theft have been released by the association or by Agriculture and Agri-Food Canada, the government department that used the private data for canola payment programs, and wrote the roughly 32,000 letters.

"If they're devilish enough to steal a computer, maybe they're devilish enough to do something with the information," said Cindy Kellendonk, a Lac du Bonnet-area farmer who received a letter Tuesday stating that her private information was on the stolen laptop.

Kellendonk is furious it took two months to hear about the theft, and unhappy with the response she got from the agriculture department when she called with her concerns. "What frustrates me is that they've treated this like it's no skin off their back," she said.

Agriculture and Agri-Food Canada spokesman Sean Malone said the delay in contacting farmers was necessary while the department consulted with the privacy commissioner and the CCGA, and worked out logistics of sending the letters.

"The government takes any loss of personal information very seriously," said Malone, adding the agency felt the risk of the information being misused was "relatively low."

The laptop was password-protected and secured with biometric fingerprinting, said CCGA general manager Rick White, but the data was not encrypted. He said the organization is now encrypting computer data in light of the theft.

Pitblado LLP privacy lawyer Brian Bowman said the CCGA and agriculture department deserve credit for notifying people of the breach -- a move not required by Manitoba law.

However, he said those affected should take measures to protect themselves. Situations can worsen in cases where thieves find more data by dumpster diving, he said, pointing to a case in Winnipeg in recent years where a crime ring compiled thousands of credit card statements for identity theft.

Federal privacy commissioner spokeswoman Anne-Marie Hayden said her office is aware of the incident and has received "a number of inquiries" from individuals.

Earlier this week, privacy commissioner Jennifer Stoddart tabled her annual report on whether companies are complying with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

She found many companies are failing to implement "elementary security measures," such as using encryption on laptops. As a result, these unprotected or stolen laptops, often containing customer information, remain a "huge issue" for the private sector.


main page ATTRITION feedback