Health and financial info lost in
EDMONTON – Seven
laptops or digital devices with unencrypted health, employee and
financial information have been lost or stolen in Alberta in the past
month, prompting disbelief from Alberta Privacy Commissioner Frank Work
(pictured). “It just makes me crazy,” Work told the CBC. “I think that’s
just utterly irresponsible now in this day and age.”
Medical charts belonging to 2,700 pediatric gastroenterology patients
participating in a study were on one of the stolen laptops, which
belonged to a researcher at the University of Alberta.
A missing digital recorder stolen from Alberta Sustainable Resources
contained statements related to wildlife investigations. And a laptop
stolen from the same department contained contact information for junior
forest rangers, as well as an employee evaluation.
A laptop from an unnamed trust company had emails containing mortgage
application information, social insurance numbers, credit bureau reports
and other personal financial information for 135 people, a loss that
worried Work the most.
“In that case, that’s information that can really be used for an
identity theft,” Work said.
Two laptops containing information about patients, all under six years
old, were stolen from a speech pathology office.
Another laptop from a marketing firm that contained information on 27
Alberta employees was left in a European airport. The last missing
laptop belonged to a genetic research company. It contained employee
information that included social insurance numbers.
Work says people shouldn’t put personal information on laptops if they
don’t have to. Many internet security companies, such as Norton and
Symantec, offer encryption programs that make it easy for people to
“It’s not like we’re asking people to do anything incredibly difficult
here,” Work said, “especially if you weigh that against telling 135
employees that you lost their RSP information, their employment files
and so on.”
Police have told Work that most laptop thefts involve criminals who try
to resell them quickly for $50 or $70 to someone who simply overwrites
the files and does little with the personal information.
However, the information is out there, which is still troubling, Work
said. “You have a responsibility to your patients, your clients, your
employees to encrypt their information when you’re carrying it around
with you. And the law says you have to do that.”
Alberta law doesn’t have any provisions for Work to penalize
individuals, organizations or government agencies for privacy breaches.
He can only work with offenders on remedial measures.
People who’ve been the victim of privacy breaches by private sector
businesses can sue for damages under Alberta law, Work said.
Posted December 16, 2010