A report has found that the Department of Public Safety has numerous issues in its handling of sensitive data, potentially putting Canadians’ personal information at risk.
According to Blacklock’s Reporter, the Internal Audit Of Information Technology Security of Public Safety Canada found that one of the many issues in the department include the fact that the department does not keep track of external storage devices like USB flash drives.
“Public Safety does not maintain records of USB keys that have been issued and there are limited controls in place to identify if individuals are saving sensitive information on a USB key,” said the audit.
“In addition, Public Safety does not pick up USB keys during physical security sweeps to examine their content.”
Public Safety Canada is the federal body that oversees federal law enforcements efforts, including the Royal Canadian Mounted Police and Canada Border Services Agency.
Notably, the report also found that employees were not keeping track of confidential records being sent to personal email addresses and that former employees “still had privileged access” to Public Safety databases.
“Removal of access privileges for indeterminate employees is reliant on a departure form being submitted by the employee. However we were advised that departure forms are sometimes omitted when an employee leaves,” the report reads.
“There is no formal tracking of information technology security incidents at Public Safety.”
A report released in February found that since 2018 there have been 7,992 data breaches in federal agencies, with at least 144,000 Canadians affected.
Government spokespeople have said that most of the breaches were caused by human error on the part of federal employees.
In 2017 a judge ordered the federal government to pay $17.5 million to settle a class-action lawsuit after a data breach leaked the student loan information of around 583,000 people.