More fallout from a breach I’ve been covering on this blog involving bureaucrats accessing a veteran’s psychiatric records. Laura Payton reports:
Bureaucrats could lose their jobs for circulating a veteran’s confidential medical files, the veterans affairs minister said Thursday.
Jean-Pierre Blackburn says he’s still deciding what to do with officials who accessed the personal files — including psychiatric and pension information — of a veteran who’s spoken out frequently against the department.
“For sure there will be sanctions,” he said.
“They may be fired … we will have more sanctions, they will be more severe.”
After several requests under the federal Access to Information Act, veteran Sean Bruyea discovered that more than 600 different Veterans Affairs Canada officials accessed his file a total of 4,131 times over 10 years.
Read more in the Peterborough Examiner.
While there is political fallout from this breach, we should not lose sight of some of the bigger privacy and security issues about access to sensitive files and data protection. This is precisely the kind of case your mother warned you about: someone trying to gain your most sensitive information to use it against you. What protected Sean Bruyea? What should have protected him? The Privacy Commissioner released her report on the investigation yesteray. It reads like a callous and willful disregard of privacy rights — and a pattern of ignoring fundamental privacy rights and human decency for political purpose.
Should the axe fall on a few bureaucrats’ necks? There may be some who believe in education, not punishment. But how do we restore the wounded warrior to his pre-breach state? The fact of the matter is that we can’t. The privacy harm can neither be easily mitigated nor ever fully mitigated.
If you’re going to affect the rest of someone else’s life by invading their privacy, shouldn’t there be some long-term consequences for you, too? Sometimes, the teachable moment needs to involve serious consequences. In my opinion, given the repeated and pervasive nature of this breach, this is one of those cases.