Office of the Information and Privacy Commissioner
December 2, 2015
Office of the Information and Privacy Commissioner � Report P-2015-002 Released
The Information and Privacy Commissioner, Ed Ring, has released his Report P-2015-002 under authority of the Access to Information and Protection of Privacy Act. A summary of the Report is included below.
To view the Report in its entirety, please go to www.oipc.nl.ca/privacyreports.htm
| Report: | P-2015-002 |
| Report Date: | November 23, 2015 |
| Public Body: | Royal Newfoundland Constabulary |
| Summary: | The Complainant submitted a privacy complaint under the Access to Information and Protection of Privacy Act, 2015 (the �ATIPPA, 2015�) in respect of a notice which the Complainant received from the Royal Newfoundland Constabulary (the �RNC�). The notice advised the Complainant that information about the Complainant had been accessed by an RNC employee without a valid business reason. The RNC also submitted a Privacy Breach Incident Report in relation to this matter. Additionally the RNC submitted two other Privacy Breach Incident Reports to this Office related to two other incidents of inappropriate access by employees which occurred this year. The Commissioner initiated an investigation on his own motion into these two events. Given the related issues and the possibility of a systemic problem within the RNC, the Commissioner decided to respond to all three matters collectively. The Commissioner found that the RNC had some administrative, technical and physical safeguards in place to protect personal information from unauthorized access; however, it is clear from these recent incidents that these mechanisms have not been fully absorbed, implemented and understood by RNC staff. The Commissioner found that the RNC must now go further in developing and employing these protections so that they are as strong as reasonably possible and, additionally, so that employees fully appreciate the application and implications of same. The Commissioner made several recommendations to assist the RNC in preventing such situations in the future. The recommendations include taking additional steps to monitor access both in terms of providing and removing access to the information system based on professional roles and implementing an on-going, robust random auditing program. It would also include protocols to ensure that information is securely maintained. |
- 30 -
Media contact:
Ed Ring
Information and Privacy Commissioner
709-729-6309
2015 12 02 11:20 a.m.