A damning report from the Province’s acting Information and Privacy Commissioner who recommends the B.C. Government improve its’ policies and practices when it comes to mobile device use by employees.
Investigators from the Office of the Information and Privacy Commissioner have found the numerous government policies related to mobile device use are confusing and sometimes contradictory.
They also say that in some ministries, those responsible for privacy compliance are not adequately empowered to implement and monitor technical controls.
As well they say government does not maintain an accurate inventory of mobile devices and personal information stored on them.
Acting Information and privacy commissioner Drew McArthur says privacy management should be simple.
“Government employees should not have to wade through volumes of competing policies. This investigation is intended to identify potential risks before they become serious, so I have recommended some important improvements in policies, training, and risk management,” reads McArthur’s statement in a press release.
He says it’s important to note the investigation was conducted at a specific point in time, but that the government has taken steps toward implementing a privacy management program since then.
Five ministries were selected for this investigation based on the number of devices in use and the sensitivity of the information collected and stored.
Auditor General Carol Bellringer says they were chosen because they had the most lost or stolen devices.
“Those that would be the highest expected cost, and where they’d have the highest privacy risk. I actually would suspect it has to do with (those ministries) have the largest number in the first place.”
One of the main concerns the two reports found was that the government does not keep an accurate record of mobile devices, nor the information stored on them.
Investigators examined smartphones, tablet computers, and other devices that use mobile-specific operating systems.
This all stems from the so-called “triple delete” scandal.
Former ministry of Transportation staffer George Gretes faced two charges under the Freedom of Information and Protection of Privacy Act for allegedly lying under oath about deleting ministry emails.
That after a whistleblower reported he’d deleted emails about the highway of tears sought in an access to information request.