Brett Ruskin reports:
A privacy breach has revealed the personal information of dozens of Canadian military members, including names, ranks, service numbers, home addresses, home phone numbers, as well as names of spouses and children.
The documents are freely available to anyone who requests the file at the Federal Court of Canada.
“That sort of information can be readily used by somebody who wants to commit fraud,” said David Fraser, a privacy lawyer with McInnes Cooper in Halifax.
It appears that this is not one of those cases where the law requires the information to be publicly available. Ruskin notes:
The information was contained within documents disclosed by the Department of National Defence to the Canadian Human Rights Commission as part of a large, unrelated personnel matter.
The commission’s copy then was filed at the Federal Court of Canada.
Privacy experts say any personal information that is not relevant to the case should have been redacted or removed.
Okay, but should it have been redacted as a matter of good privacy hygiene or as a matter of their laws? I asked David Fraser, who informed me on Twitter that it’s a matter of good practice, not law.
Someone should fix that.
Read more on CBC.