{"id":57288,"date":"2015-07-28T09:06:32","date_gmt":"2015-07-28T01:06:32","guid":{"rendered":"https:\/\/canadianinquirer.net\/v1\/?p=57288"},"modified":"2015-07-28T09:06:32","modified_gmt":"2015-07-28T01:06:32","slug":"file-breach-at-electronic-spy-agency-prompts-mandatory-privacy-training","status":"publish","type":"post","link":"https:\/\/canadianinquirer.net\/v1\/2015\/07\/28\/file-breach-at-electronic-spy-agency-prompts-mandatory-privacy-training\/","title":{"rendered":"File breach at electronic spy agency prompts mandatory privacy training"},"content":{"rendered":"<figure id=\"attachment_57289\" aria-describedby=\"caption-attachment-57289\" style=\"width: 604px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/canadianinquirer.net\/v1\/wp-content\/uploads\/2015\/07\/CSEC.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"size-large wp-image-57289\" src=\"https:\/\/canadianinquirer.net\/v1\/wp-content\/uploads\/2015\/07\/CSEC-1024x463.jpg\" alt=\"Communications Security Establishment (CSE) building in Ottawa (Photo from Wikipedia\/Eshko Timiou)\" width=\"604\" height=\"273\" srcset=\"https:\/\/canadianinquirer.net\/v1\/wp-content\/uploads\/2015\/07\/CSEC-1024x463.jpg 1024w, https:\/\/canadianinquirer.net\/v1\/wp-content\/uploads\/2015\/07\/CSEC-300x136.jpg 300w\" sizes=\"auto, (max-width: 604px) 100vw, 604px\" \/><\/a><figcaption id=\"caption-attachment-57289\" class=\"wp-caption-text\">Communications Security Establishment (CSE) building in Ottawa (Photo from <a href=\"https:\/\/en.wikipedia.org\/wiki\/Communications_Security_Establishment\" target=\"_blank\">Wikipedia\/Eshko Timiou<\/a>)<\/figcaption><\/figure>\n<p>OTTAWA \u2013 Canada\u2019s electronic spy agency introduced mandatory privacy awareness training for all employees in March following an internal breach involving personal information.<\/p>\n<p>When Greta Bossenmaier became chief of the Communications Security Establishment in February, the ultra-secret eavesdropping outfit was under intense public scrutiny over alleged spying on citizens.<\/p>\n<p>But less than two months into the job, Bossenmaier was informing the spy agency\u2019s staff of a privacy violation inside its own walls.<\/p>\n<p>\u201cI seriously regret that we are in this situation and never want it to be repeated,\u201d Bossenmaier told employees in a March 20 email. \u201cAs such, we must use it as a learning opportunity so that we can prevent any further incidents from occurring.\u201d<\/p>\n<p>The Ottawa-based CSE, which employs about 2,000 people, uses highly advanced technology to intercept, sort and analyze foreign communications for information of intelligence interest to the federal government.<\/p>\n<p>Documents leaked in 2013 by former American spy contractor Edward Snowden revealed the U.S. National Security Agency \u2013 a close CSE ally \u2013 had quietly obtained access to a huge volume of emails, chat logs and other information from major Internet companies, as well as massive amounts of data about telephone calls.<\/p>\n<p>As a result, civil libertarians, privacy advocates and opposition politicians have demanded assurances the CSE is not using its extraordinary powers to snoop on Canadians. The agency insists it scrupulously follows the law in protecting Canadians&#8217; privacy.<\/p>\n<p>On July 31, 2014, someone notified CSE\u2019s corporate security officials that a file containing personal information related to security clearances was mistakenly given public-access permission markings, making it accessible to CSE personnel, according to Bossenmaier\u2019s email to staff.<\/p>\n<p>An edited version of her classified message was obtained by The Canadian Press under the Access to Information Act.<\/p>\n<p>By November an internal probe determined the breach had potentially affected the personal information of 146 people. However, further examination led the agency to conclude in January that the sensitive personal information of just five individuals \u2013 four CSE employees and one member of the public \u2013 was deemed to be at risk.<\/p>\n<p>\u201cThe investigations determined that the incident was caused by a combination of technical and human errors,\u201d Bossenmaier told staff. \u201cSeveral of CSE\u2019s existing security safeguards mitigated the risk of the information being further compromised or removed from CSE premises.\u201d<\/p>\n<p>CSE spokeswoman Lauri Sullivan declined to elaborate on the nature of the information.<\/p>\n<p>The CSE advised the Treasury Board Secretariat, the federal privacy commissioner and the watchdog that keeps an eye on the spy agency.<\/p>\n<p>In February and March, the CSE informed the five individuals, Sullivan said in written answers to questions. \u201cThis involved extensive co-ordination between CSEs Privacy Office, senior management, security, labour relations, and CSE&#8217;s Counselling and Advisory Program.\u201d<\/p>\n<p>The CSE ushered in a new policy last September on administrative privacy breaches, asked managers to review access permissions on remaining documents, and introduced mandatory privacy awareness training for all staff in March.<\/p>\n<p>The federal privacy commissioner\u2019s office told the CSE In April that the steps taken were reasonable and that no further action was required, Sullivan said.<\/p>\n<p>Valerie Lawton, a spokeswoman for the commissioner\u2019s office, confirmed that it was aware of the incident, but added the Privacy Act prevented her from saying more.<\/p>\n<p>Bossenmaier sent the March 20 email to staff shortly before a brief account of the breach was tabled in Parliament as part of a broader written answer to a formal question about federal data lapses from New Democrat MP Charlie Angus.<\/p>\n<p>Sullivan said the timing of Bossenmaier\u2019s message \u201cwas directly related to completing the process of notifying the five impacted individuals.\u201d<\/p>\n<p>In her note, Bossenmaier urged staff to review the new privacy protocol, take the mandatory training, exercise care when assigning access permissions to documents, remain alert to any \u201cserious anomalies\u201d in information management, and immediately report any problems.<\/p>\n<p>\u201cWe all have a role to play in safeguarding information, and I am reminding you to apply it seriously to all information held by CSE.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>OTTAWA \u2013 Canada\u2019s electronic spy agency introduced mandatory privacy awareness training for all employees in March following an internal breach &hellip;<\/p>\n","protected":false},"author":33,"featured_media":57289,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[35],"class_list":["post-57288","post","type-post","status-publish","format-standard","has-post-thumbnail","category-technology","tag-original","mauthors-jim-bronskill","mauthors-the-canadian-press1"],"_links":{"self":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/posts\/57288","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/users\/33"}],"replies":[{"embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/comments?post=57288"}],"version-history":[{"count":0,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/posts\/57288\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/media\/57289"}],"wp:attachment":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/media?parent=57288"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/categories?post=57288"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/tags?post=57288"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}