Advertisement

Elections Ontario blasted for lost, unencrypted USB keys – goes right back to using unencrypted USB keys

Growing up we're often told to learn from our mistakes.

Unfortunately, that's a concept that the folks at Elections Ontario haven't seemed to grasp.

On July 17, Elections Ontario announced that two memory sticks with unencrypted personal information about Ontario voters went missing in April. The two USB keys contained names, addresses, genders and birth dates of 2.4 million voters living in 20-25 electoral districts.

Mistakes happen; things get lost or stolen — you learn from your error and move on.

But Elections Ontario didn't fix its error.

According to an article by The Canadian Press, the agency went right back to using USB keys without enabling the encryption software.

"Remarkably, despite the experience of the previous week and the resulting anxiety over lost data, the replacement USB keys were unencrypted," privacy commissioner Ann Cavoukian said Tuesday.

"And no thought was given to encrypting the laptops which also contained portions of the voters' data."

Because Elections Ontario could not determine which of 20 to 25 electoral districts out of a possible 49 were impacted, the privacy breach affects potentially four million voters, Cavoukian said. According to the Toronto Sun, she's advising that those four million people monitor their bank accounts and credit card statements for suspicious activity as a means to guard against identity theft.

Moreover, Cavoukian is recommending that Elections Ontario hire an independent third party to audit personal information managment polices, practices and procedures and develop a mandatory privacy training program for staff.

That's probably a good idea.