December 2008—Who is minding the store at Canada Revenue Agency? by Elvena Slump

Everywhere you look today government has its hand in your wallet; not only for your money but for your information too.

You can’t make a move these days without someone knowing something about it.

Some retail outlets film everyone that enters their stores.

Your charge cards and other debts are recorded and centralized at credit agencies and made available to any business seeking your credit history if they have a membership.

Chain pharmacies can interconnect on drug prescriptions.

Some health issues are mandatory information for driver licenses.

Your savings are monitored and taxed by the government of Canada.

Every time you fill in a form, that information is stored somewhere for some reason.

Combined with that constant encroachment of your personal information should come responsibility. Moral responsibility of the holder of that information to secure that information in a manner that will reduce any potential harm to the unaware citizen.

     Some provincial governments have taken steps to protect their residents by setting up rules governing the keeping and storing of such information. BC has such a law.

     Yet some powerful government agencies have poor records in securing personal data.

     Canada Revenue Agency has been cited

in an audit for poor security.

     Unlocked Doors: Failure to maintain basic security at seven key offices in Quebec and Ontario—two of them in Ottawa.

     Exterior and interior doors not adequately secured; deadbolts used inappropriately or missing.

     Keys, combination locks and key-cards not properly tracked, secured or used.

     Electronic alarm systems defective, unarmed or missing.

     The Report cites the agency for failing to fix substandard security problems that were reported in previous audits.

     Employees in charge of security had insufficient training about the standards of security they were expected to maintain.

     Employees had little knowledge of the security standards of equipment examined in the audit.

Failure to train replacement security personnel in proper procedure.

Security officials have set a deadline of Sept 30, 2009 to correct the problems.

Last year Canada Revenue reported the theft or loss of 25 laptops, 17 cell phones, six BlackBerries, five printers and a router.

Two video-surveillance cameras meant to deter thieves worth $8,244 were stolen.

Another surveillance camera was stolen the year before, as well as $10,000 in metal bars and door handles.

There have been several electronic breaches of security in the past. This particular audit did not examine the electronic data systems.

In 2004 an audit found laptops used outside the CRA environment were not locked up and that confidential information was vulnerable to hacking.

In 2003 four computers stolen from a CRA office in Laval, Que. contained the personal information of 120,000 Canadians.

The agency employs the equivalent of 38,000 workers and operates from more than 100 offices across Canada.