The Office of the Privacy Commissioner of Canada (OPC) has launched a comprehensive investigation into a significant data breach involving the theft of federal employees’ information spanning 24 years. This breach, affecting military, RCMP, and federal personnel, stemmed from data held by government-contracted relocation service providers, Brookfield Global Relocation Services (BGRS) and Sirva Canada. Both companies, entrusted with handling the relocation of employees due to job-related transfers, were targeted in the breach, resulting in the compromise of personal data dating back to 1999.
Privacy Commissioner Philippe Dufresne underscored the severity of the breach and the need for a thorough investigation into the circumstances surrounding the incident.
The probe intends to assess the efficacy of existing security protocols and investigate the actions taken by the companies and federal entities involved. Dufresne emphasized the importance of understanding the causes behind the breach, seeking redress for those affected, and implementing preventive measures to mitigate the risk of future breaches. The investigation, conducted under the federal Privacy Act and the Personal Information Protection and Electronic Documents Act (PIPEDA), aims to evaluate compliance and establish robust safeguards to prevent similar breaches.
The OPC’s investigation is expected to scrutinize the contracted relocation firms’ and government departments’ adherence to data protection regulations, aiming to ensure the enforcement of adequate security measures and prevent any lapses that might lead to such breaches in the future. With personal information compromised on a large scale, the investigation underscores the imperative of fortifying security protocols and fostering compliance to safeguard sensitive data and protect individuals’ privacy in the digital age.
