From: AlanBaggett@volcanomail.com   
      
   Tax worker fired after biggest privacy breach at Revenue Canada :CRA SOTW   
      
   Agency says $10.2M computer upgrade will catch snooping employees   
      
   By Dean Beeby, CBC News   
      
   The Canada Revenue Agency has fired an employee for the biggest single privacy   
   breach ever detected involving confidential taxpayer accounts.   
      
   The employee improperly accessed the accounts of 38 taxpayers in detail, and   
   briefly accessed another 1,264 accounts using a search function to find   
   surnames and postal codes.   
      
   The incident happened in an agency office in the Prairie region before March   
   23, 2016, when an investigation was launched, says an internal report.   
      
   "No changes were made to any of the accounts," says the document, obtained by   
   CBC News under the Access to Information Act.   
      
   "The type of personal information included: name, contact information, social   
   insurance number, income and deductions, and employment information. … Law   
   enforcement will not be notified."   
      
   The document does not identify the worker or the precise date and location of   
   the breach.   
      
   A spokesman for the CRA acknowledged the incident, but played down the impact.   
      
   "This represents the largest such breach at the CRA when measured by numbers   
   of accounts," Patrick Samson said in an email.   
      
   "However, it's important to note that these (1,264) accounts were viewed for   
   approximately two seconds per account. … The employee in question was   
   terminated for their actions."   
      
   The internal investigation into the breach concluded Nov. 16, 2016, with a   
   decision to notify the 38 individuals that their accounts had been improperly   
   scrutinized.   
      
   'Possibility of media attention'   
   "Regional management has indicated that there is a possibility of media   
   attention," says the report to the office of the federal privacy commissioner,   
   which is mandatory when there is a material privacy breach.   
      
   The disclosure follows the CRA's acknowledgment in February that one of its   
   couriers lost a DVD containing the confidential tax information of 28,000   
   taxpayers in Yukon — about three-quarters of the entire population in the   
   territory.   
      
   The information — referring to the 2014 filing year, and destined for the   
   territorial government — was encrypted and organized in a way to resist   
   unauthorized access.   
      
   "At this time, we have not been made aware that the data has been accessed or   
   used in any way," said Samson. "There is no evidence in this instance that the   
   personal information on the DVD has been compromised."   
      
   "The investigation is still ongoing in this case and no charges have been   
   laid."   
      
   The CRA reported nine material privacy breaches in the year that ended March   
   31, eight of which involved employees improperly accessing taxpayer   
   information. All the workers involved were fired, said Samson.   
      
   The CRA has come under scrutiny for lax controls. Canada's privacy   
   commissioner investigated the problem in 2009 and 2013, and the agency is   
   typically among the top five privacy offenders of some 240 federal   
   institutions subject to the Privacy Act.   
      
   Snooping workers   
   Unlike in other departments, the culprits are usually snooping employees   
   rather than inadvertent breaches such as lost memory sticks. About 40,000   
   people work for the agency.   
      
   CBC News has obtained details of other previously unreported incidents through   
   the Access to Information Act, including one in the Ontario region last June   
   in which a worker improperly accessed 11 accounts, changing two of them; and   
   another Ontario    
   incident, where an employee got into 25 accounts, disclosing information about   
   six of them outside the agency.   
      
    On March 31, the CRA completed a $10.2-million technology project that it   
   says will more closely check on worker snooping. The system "will monitor   
   employee accesses to taxpayer information and will flag accesses that appear   
   inconsistent with the    
   employees' assigned workloads or duties," said Samson.   
      
   He added that the annual number of CRA-reported breaches has been falling,   
   from 34 in 2014 to 27 in 2015 and to 10 since Jan. 1, 2016.   
      
   Among the 2014 incidents was one in which a mailroom mix-up sent a CD full of   
   confidential taxpayer information to CBC News, including personal information   
   about more than 1,000 people, many of them celebrities.   
      
   Follow @DeanBeeby on Twitter   
      
   ----------------------------------------------------------    
   Miss a Tax Tale Miss a lot!    
   Visit the CRA SOTW Library at http://canada.revenue.agency.angelfire.com    
      
   ------------------------------------------------------------    
   Alan Baggett - http://www.taxcollectorsbible.com/ - Tax Collector's Bible   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)