Lucie Edwardson reports:
The United Conservative Party‘s privacy policies are being questioned after a party laptop was stolen out of an employee’s car in a parkade.
The laptop contains the names, addresses and contact information of 40,000 UCP members.
Experts say the language used in the memo to inform members was confusing and didn’t answer important questions.
“This is clearly a matter that the party needs to improve their information protection practices,” said Sharon Polsky, president of the Privacy and Access Council of Canada, adding the party will have to regain public trust.
Read more on CBC.
I don’t see where there’s a serious risk of identity theft here. We’re talking about names, addresses, and contact info. That could be a phone book. Or a phone book with email addresses. Either way, it’s not like SIN with DOB and additional details.
That said, there is no reason that the whole drive wasn’t encrypted when the laptop was off. And if it wasn’t encrypted, why on earth was it left in an unattended vehicle? Yes, people should be asking the UCP specific questions about the training and policies they give employees. But who’s going to require them to answer those questions? No one?
In Canada and possibly most of the free world, that information is considered PII and is therefore a breach of PII.
It may be a breach of PII but that doesn’t mean it necessarily is a big risk for identity theft, which requires more work/info than those data fields.
Can be matched to other breached info via Email for a richer data set that caaan lead to ID theft. There are places/people that do this. But on it’s own, nah. Unless someone goes fishing in mail boxes from the addresses exposed.
Or can be used during election time to cause confusion & lose votes, which has happened in the past.
Just say’n..