Slug: Looted Laptop
Source: CBC News
Summary: The personal information of 620,000 Albertans is compromised due to a laptop being stolen from an IT consultant and contractor to Medicentre. The theft occurred in Edmonton in October 2013 but was only reported last week (January 2014) to Fred Horne, Alberta Health Minister. It is unclear how the theft occurred.
- Issues Identification (primary)
- Community Relations (secondary)
- also Crisis Communications (bad issues mgmt. leads to it)
Good or Bad PR? Bad PR
Harmony or Discord: Discord
- The Medicentre Family Health Care Clinics VP writes a letter to the Alberta Health Minister 4 months after the theft. He claims they waited this long because they were trying to figure out how to best tell the Health Ministry about what happened. I believe his job would have been to inform the ministry quickly so they could decide on the next course of action; Medicentre should have also left the investigation to the Edmonton Police instead of handling it internally.
- Medicentre claims (in a news release) that they immediately notified the police and privacy commissioner after the theft. Edmonton Police said the theft was reported to them four days after the actual theft.
- The information stolen from the laptop is potentially damaging enough to commit identity fraud and cause numerous credit problems for those affected; this averages to 1 in 6 Albertans!
- The information was contained in a large file instead of being split up into smaller files. Also, the data was not encrypted. This suggests that data was not sufficiently protected.
- The fact that the IT consultant was able to access more data than necessary (all the data instead of just a section of the data) suggests that a privacy breach was already committed prior to the laptop being stolen.
These 5 points are really appalling situations to be involved in and Medicentre had a responsibility to ensure the safety and privacy of their patients. Did Medicentre not vet their IT consulting firm prior to this incident considering so much sensitive data is concerned? This level of carelessness is quite unprofessional and I would also be outraged and demand an investigation from the Privacy Commissioner into the situation as Minister Horne requires.