From: AlanBaggett@volcanomail.com   
      
   Canada Revenue Agency logs 2,338 privacy breaches in just under 2 years  :CRA   
   SOTW    
      
   By Monique Scotti    
      
    The personal, confidential information of over 80,000 individual Canadians   
   held by the Canada Revenue Agency may have been accessed without authorization   
   over the last 21 months, according to government documents made public last   
   week.    
      
   But while the number of potential privacy breaches may be eye-popping, the CRA   
   is downplaying the seriousness of most of them.    
      
   Government documents tabled last Friday in the House of Commons outline   
   privacy breaches across all government departments and agencies since   
   mid-September 2016.    
      
   While almost every department has had problems (from stolen laptops to   
   misfiled victim impact statements to employees accessing vacation schedules   
   without permission), the CRA has experienced the most privacy breaches,   
   recording a total of 2,338 in the    
   21-month time span.    
      
   The most recent major breach at the agency occurred just two months ago, on   
   April 14, when an employee conducted an unauthorized search of the CRA’s   
   database. No individual personal accounts were actually opened, Biram said,   
   but the results did include    
   two taxpayers “known to the employee.”    
      
   For that reason, those two taxpayers will be notified by the CRA of the   
   breach, he added. The 11,744 other people who were included in the search   
   results will not.    
      
   There have been dozens of cases involving unauthorized access over the last 21   
   months, and 24 of them were considered serious enough to notify the Office of   
   the Privacy Commissioner.    
      
   But only a handful affected a large number of Canadians. On May 12, 2017, for   
   example, nearly 6,000 people were affected by an unauthorized database search   
   by an employee. According to Biram, 17 individual files were actually opened   
   during that incident.    
      
   Then, on Nov 8, 2017, about 3,700 more Canadians were affected by another   
   unauthorized search, with 124 files accessed.    
      
   The CRA would not provide any information about the possible motivations   
   behind these searches. This type of forbidden accessing of files is not a new   
   problem at the agency, however.    
      
   Between the start of 2016 and the end of 2017, a total of 25 CRA employees   
   lost their jobs “due to failure to secure personal information or due to   
   unauthorized access or disclosure of personal information.”    
      
   As recently reported by CBC News, hundreds more have been disciplined in other   
   ways. It’s unclear if there have been any firings so far in 2018. About   
   44,000 people work for the agency, and they all receive mandatory and ongoing   
   security training.    
      
   That may not be enough, said Pat Kelly, Conservative critic for national   
   revenue.    
      
   Kelly said he doesn’t think more funding is the answer, and “it’s   
   probably more a matter of culture.”    
      
   “Canadians need to have confidence that information at the agency is held in   
   the strictest confidence, and that no information is accessed in   
   ppropriately,” he said. “If there are instances of unauthorized accessing   
   of information, they must be    
   dealt with seriously.”    
      
   Thefts and losses on the rise    
   The types of privacy breaches the CRA sees has also been shifting since 2015.    
      
   The number of “security incidents” (theft or loss of information) has gone   
   up slightly, for example, rising to 183 in 2017-18 from 158 in the 2015-2016   
   fiscal year. The number of internal investigations has doubled in the same   
   span, to 168 from 79.    
      
   In March 2017, the CRA completed a $10.2-million technology upgrade that was   
   designed, in part, to monitor workers more carefully.    
      
   Overall, however, over 80 per cent of the potential privacy breaches over the   
   last two years may not have involved the digital realm at all. They are what   
   the CRA classifies as “misdirected mail.”    
      
   The number of wayward CRA letters or other documents ending up in the wrong   
   homes has been dropping steadily since 2015, although it’s important to note   
   that many Canadians have moved to online correspondence with the agency, which   
   could account for    
   some of that reduction.    
      
   Misdirected mail incidents represent a tiny fraction, just 0.003 per cent, of   
   all mail sent by the CRA in a given year, Biram said.    
      
   Any privacy breaches that involve a large number of people or involve   
   sensitive personal information that “could reasonably be expected to cause   
   serious injury or harm to the individual” must be reported to the Office of   
   the Privacy Commissioner.    
      
   Of the 2,338 potential privacy breaches at the CRA since late 2016, 33   
   incidents met that threshold.    
      
   © 2018 Global News, a division of Corus Entertainment Inc.    
      
   -----------------------------------------------------------    
   Miss a Tax Tale Miss a lot!    
   Pop the link below into your browser to view the entire CRA SOTW    
   Library!    
   http://canada.revenue.agency.angelfire.com    
   ------------------------------------------------------------    
   Alan Baggett - http://www.taxcollectorsbible.com/ - Tax Collector's Bible    
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)