The editors of the Regina Leader-Post call for more disclosure and transparency on data breaches:
Perhaps it’s going to take a prosecution – and the possibility of a $50,000 fine -for the Saskatchewan government to show it really means business when it comes to protecting personal information in this province. What is clear is that suspensions and other disciplinary measures appear to be doing little to stem worrisome breaches of confidentiality by health, government and Crown corporation employees.
In the latest incident, Weyburn-based Sun Country Health Region has apologized to 66 patients whose electronic prescription records were improperly reviewed by one of its employees between March 2009 and January 2010. The breach wasn’t discovered until June 2010 because no one was monitoring the system for inappropriate use -an issue now being reviewed. After a six-month investigation, letters of apology went out this week.
The breaches are bad enough, but the disclosure process is equally poor. First, the employee concerned has been disciplined (though not fired), but Sun Country refuses to say what the penalty was. Was it a demotion, a fine, or a suspension of a week or two with or without pay? The public has a right to know how seriously such breaches are being treated.
Second, Sun Country won’t say what reason the employee gave its investigators for breaching the privacy of those 66 patients. Was he or she surfing though the prescription information of family, friends, neighbours, co-workers or strangers out of casual interest? Or were they passing information to a third party? The public has a right to know. After all, we were told last year that a Justice Ministry clerk accessed the SGI database to pass names and addresses to the Teamsters Union as it tried to organize a Saskatoon workplace.
Read more in the Leader-Post.