An investigation into an information leak on the City of Corner Brook's website is in the hands of the province's privacy commissioner.
An analyst with the provincial office is looking into the report of the breach, and will help determine what the next steps will be for the city.
"We have the breach notification, and one of our analysts is reviewing it now and we may very well be going back to the city with some further questions," said Sean Murray, director of research and quality assurance with the Office of the Information and Privacy Commissioner.
"But what happens from there, I think it's too early to tell."
On Tuesday, the city reported that private information on its website was accessed by four different users. The directory on the website — not available through links on the site — contained information used in a previous voters' list, including name, address and date of birth of about 10,000 people. While the directory contains that personal information, the city says it does not know if the personal information itself was viewed.
When a breach is reported to the privacy commissioner's office, the affected body is asked to describe the breach, state what it has done to ensure the breach doesn't happen again and how it plans to notify those affected. After that, the office will decide if it needs more information, said Murray.
"We may then assess whether the public body has adequately addressed the situation or whether they may you know there may be further steps warranted."
The office will also look into whether it believes there was malice in the intent of those committing the breach. That would also determine if law enforcement would need to get involved, although that's rare in breaches like this, he said.
Murray says the city took appropriate action in issuing a news release the leak affected more than a few individuals.
He also said anyone with concerns should contact the city, but if they are not satisfied with the response, he encouraged them to contact his office.
Once the breach was discovered, said Mayor Jim Parson, it was immediately dealt with, and all personal data on the list was removed from the server hosting the website.
"Our IT department is top-notch, very diligent, on top of these matters," Parsons said. "I have every confidence in them."
Parsons said the data available was considered "low harm" but he's glad the breach was noticed before it went further.
The city will implement a privacy audit for new software purchases and undergo further training of staff on privacy issues and employees requirements as it relates to the Access to Information and Protection of Privacy Act.