P2018-ND-133

The Presbyterian Church in Canada

The Organization contracts with Eckler Ltd. to develop and host its pension administration system. On June 13, 2018 , Eckler advised the Organization that an internal audit of its privacy practices revealed that it had inadvertently disclosed the personal information of certain of the Organization?s members in two separate incidents. The first incident occurred on November 18, 2011 when six (6) copies of a response to a client request for proposal were sent out that contained screenshots of the Organization?s pension system?s user guide. Although it was not known at the time, the guide contained actual personal information of the Organization?s pension members instead of fictitious dummy data. The second incident occurred on May 30, 2012 when Eckler sent a prospective client an email containing the guide. This version of the Guide also contained the personal information of the Organization?s pension members. This email was sent to two (2) individuals at the prospective client organization and was marked ?confidential?. The breach was discovered on June 6, 2018 when Eckler performed an audit of user guides. Eckler reported the breach to the Organization on June 13, 2018.

File Type: pdf
Categories: 2018
Tags: Unauthorized access