Commissioner Frank Work had authorized an investigation under the Freedom of Information and Protection of Privacy Act (FOIP Act) into the loss of four computer tape cartridges and two microfiches containing information of pension plan members. The investigation under the Health Information Act regarding the loss of computer tape containing health information will be addressed in a separate report.
The Commissioner’s investigation in relation to the pension tapes and microfiches found that:
- The computer tapes and microfiches contained images of pension refund cheques issued by the Alberta Pensions Administration Corporation (APA). The information included individuals’ names, addresses, the refund amounts, the financial institutions and the names of the respective pension plans. The computer tapes and the microfiches do not contain the individuals’ bank account numbers, Social Insurance Numbers or pension member identification numbers.
- IBM Canada Ltd. prints pension refund cheques for the APA under an overarching agreement with the Alberta Government. The agreement is managed by the Alberta Government Integrated Management Information System (IMAGIS), which is under the ministry of Restructuring and Government Efficiency (RGE).
- The tapes had been sent by IBM to a private sector vendor to produce microfiches of the pension refund cheques issued by the APA.
- There was no tracking of the shipment of computer tapes between IBM and the vendor. Further, there was no tracking of the delivery and receipt of microfiches from the vendor to IBM. Consequently, the investigation cannot determine with certainty where the missing tapes or microfiches were lost.
- The risk of unauthorized access, use or disclosure of information in the missing microfiches is a possibility. Microfiche readers are readily available. In addition, microfiches may be read through magnifying glass or microscopes. Note: the risk of unauthorized access, use or disclosure of information in the missing computer tapes will be addressed in the separate investigation report on the missing health information.
- The limited amount of personal information in the computer tapes and microfiches reduces the potential risk of fraud or identity theft.
The investigation makes the following recommendations:
- That the APA reviews with IMAGIS and IBM its microfiche requirements, the arrangements to protect personal information, and the issue regarding the retention and storage of its microfiches. The APA was not aware that microfiches were produced for its issued cheques and cheque registers and that the microfiche processing was performed by a private sector microfiche vendor.
- That IMAGIS, the APA and IBM clarify the expectations regarding the timelines for notification of privacy breaches. Under the IMAGIS contract, IBM is to notify the parties “promptly” if it becomes aware of a privacy breach. IBM discovered the computer tapes and the microfiches were missing in January 2005. However, IMAGIS and APA were not notified until March 2005.
APA has accepted the recommendations outlined in the investigation report. RGE, which handles the IMAGIS contract for IBM also wrote and advised that:
“In the future, where any information is identified as missing or potentially missing, IBM will notify my Ministry within one business day. These measures have been applied to all information in the custody of IBM under its contract with Restructuring and Government Efficiency for IMAGIS Services”.
Commissioner Work noted that IBM, on its own initiative, implemented changes to track the movement of computer tapes and microfiches as a result of this incident. These changes will reduce significantly the risk of future losses. The APA has written to the 77 individuals whose information was on the computer tapes and microfiches.
In closing the investigation, Commissioner Work stresses the importance of establishing and maintaining inventory controls for privacy and security. Commissioner Work also reminds public bodies and organizations to periodically review their information management processes and requirements. During the investigation, it was identified that there may not be a requirement for microfiches of pension refund cheques issued by the APA. If so, the elimination of this step in the process would reduce a risk for a privacy breach. He states: “The less information is handled, the fewer the copies are made of any information, the less chance there is of it being lost.”