order paper question 1217 en.pdf

ORDER/ADDRESS OF THE HOUSE OF COMMONS ORDRE/ADRESSE DE LA CHAMBRE DES COMMUNESBY IDE DATE

Mr. Angus (Timmins - James Bay)

March 6, 2013/6

mars 2013

RETURN BY THE LEADER OF THE GOVERNMENT IN THE HOUSE OF COMMONS DEPOT DU LEADER DU GOUVERNEMENT A LA CHAMBRE DES COMMUNES

Signed by Mr. Tom LukiwskiPRINT NAME OF SIGNATORY INSCRIRE LE NOM DU SIGNATAIRE SIGNATURE MINISTER OR PARLIAMENTARY SECRETARY MINISTRE OU SECRETAIRE PARLEMENTAIRE

~~~ 2 2 2013(TABLED FORTHWITH / DEPOSE AUSSITOT)

INSTRUCTIONS FROM THE PRIVY COUNCIL OFFICE (OFFICE FOR THE COORDINATION OF PARLIAMENTARY RETURNS) TO ORGANIZATIONS WITH RESPECT TO WRITTEN QUESTION Q-12172 - MR. ANGUS (TIMMINS-. JAMES BAY)Q-1217' - March 6, 2013 - Mr. Angus (Timmins-James Bay) - With respect to data, infonnation or privacy breaches at government departments, institutions and agencies, for each year fi:om 2002 to 2012: (a) how many breaches have occurred in total, broken down by (i) department, institution or agency, (ii) the number of individuals affected by the breach; (b) of those breaches identified in (a), how many have been reported to the Office ofthe Privacy Commissioner, broken down by (i) department, institution or agency, (ii) the number of individuals affected by the breach; and (c) how many breaches are known to have led to criminal activity such as fraud or identity theft, broken down by department, institution or agency?

Organizations must obtain the information from their Access to Information and Privacy (ATIP) Coordinator and their Departmental Security Officer (DSO), and any other area responsible for compiling information regarding breaches. Once the information is compiled organizations are reminded to apply the principles of the Access to Information Act and the Privacy Act to ensure that the information contained in their response can be disclosed.

Organizations are required to enumerate each breach by fiscal year and include other requested information on the attached template.

Data, information or privacy breach: involves improper or unauthorized collection, use, disclosure, retention and/or disposal of protected personal and/or classified information including hard copies and electronic data.

Guidelines for Privacy Breaches: http://www.tbs-sct.gc.ca/pol/doceng.aspx?id=26154&section=text Personal Information Protection and Electronic Documents Act (PIPEDA) - http://lawsIois. justice. gc. ca/eng/acts/P-8. 6/index. htm I

Policy on Privacy Protection: http://www.tbs-sct.gc.ca/pol/doceng.aspx?section=text&id=12510 Privacy and Your Business - Privacy Breach Handbook: http://www.priv.gc.ca/resource/pb-avp/pb hb e.pdf

0-1217 - March 6,2013 - Mr. Angus (Timmins-James Bay) - With respect to data, information or privacy breaches at government departments, institutions and agencies, for each year from 2002 to 2012: (a) how many breaches have occurred in total, broken down by (i) department, institution or agency, (ii) the number of individuals affected by the breach; (b) of those breaches identified in (a), how many have been reported to the Office of the Privacy Commissioner, broken down by (i) department, institution or agency, (ii) the number of individuals affected by the breach; and (c) how many breaches are known to have led to criminal activity such as fraud or identity theft, broken down by department, institution or agency?

a) Enumerate each breach by fiscal year

a)(ii) & b)(ii) Number of individuals affected by the breach

b) Indicate if the breach was reported to the Office of the Privacy Commissioner (OPC) YES NO

c) Indicate if the breach led to criminal activity YES NO UNKNOWN

TOTALS a) Total number of breaches

I

a)(ii) Total number of individuals affected by all breaches enumerated in part a) b) Total number of breaches reported to the OPC b)(ii) Total number of individual affected by breaches reported to the OCP c) Total number of breaches known to have led to criminal activity

CLARIFICATION Q-12172-

MR. ANGUS (TIMMINS-JAMES

BAY)

Q-1217' - March 6, 2013 - Mr. Angus (Timmins-James Bay) - With respect to data, infonnation or privacy breaches at government departments, institutions and agencies, for each year from 2002 to 2012: (a) how many breaches have occurred in total, broken down by (i) department, institution or agency, (ii) the number of individuals affected by the breach; (b) of those breaches identified in (a), how many have been reported to the Office of the Privacy Commissioner, broken down by (i) department, institution or agency, (ii) the number of individuals affected by the breach; and (c) how many breaches are known to have led to criminal activity such as fraud or identity theft, broken down by department, institution or agency?

In cases of lost or stolen blackberries, organizations should only report on instances where these devices were authorized to carry classified information (protected, secret, or higher).

INQUIRY OF MINISTRY DEMAN DE DE RENSEIGNEMENT AU GOUVERNEMENTPREPARE IN ENGLISH AND FRENCH MARKING "ORIGINAL TEXT" OR "TRANSLATION" PREP ARER EN ANGLAIS ET EN FRANc;AIS EN INDIQUANT "TEXTE ORIGINAL" OU "TRADUCTION"

QUESTION NO./N DE LA QUESTION

BY I DE

DATE

0-1217

2

Mr. Angus (Timmins-James

Bay)

March 6, 2013

REPLY BY THE MINISTER OF ABORIGINAL AFFAIRS AND NORTHERN DEVELOPMENT REPONSE DU MINISTRE DES AFFAIRES AUTOCHTONES ET DU DEVELOPPEMENT DU NORD CANADIEN

PRINT NAME OF SIGNATORY INSCRIRE LE NOM DU SIGNATAIRE

SIGNATURE MINISTER OR PARLIAMENT ARY SECRETARY MINISTRE OU SECRETAIRE PARLEMENTAIRE

With respect to data, information or privacy breaches at government departments, institutions and agencies, for each year from 2002 to 2012: (a) how many breaches have occurred in total and broken down by (i) department, institution or agency, (ii) the number of individuals affected by the breach; and (b) of those breaches, how many have been reported to the Office of the Privacy Commissioner, broken down by (i) department, institution or agency, (ii) the number of individuals affected by the breach; and (c) how many breaches are known to have led to criminal activity such as fraud or identity theft, broken down by department, institution or agency?

ORIGINAL TEXT TEXTE ORIGINAL

TRANSLATION TRADUCTION

D

Insofar as Aboriginal Affairs and Northern Development Canada is concerned, our response is attached.

0-1217 - March 6, 2013 - Mr. Angus (Timmins-James Bay) - With respect to data, information or privacy breaches at government departments, institutions and agencies, for each year from 2002 to 2012: (a) how many breaches have occurred in total, broken down by (i) department, institution or agency, (ii) the number of individuals affected by the breach; (b) of those breaches identified in (a), how many have been reported to the Office of the Privacy Commissioner, broken down by (i) department, institution or agency, (ii) the number of individuals affected by the breach; and (c) how many breaches are known to have led to criminal activity such as fraud or identity theft, broken down by department, institution or agency?





2002-2003 - 2009-2010N/A*

2010-20111 1 1 2

x x x x x x

x x xx

2011-20121 .

x x

1TOTALS a) Total number of breaches

I6 7 6 70

a)(ii) Total number of individuals affected by all breaches enumerated in part a) b) Total number of breaches reported to the OPC b)(ii) Total number of individual affected by breaches reported to the OCP c) Total number of breaches known to have led to criminal actiVity

*AANDC does not keep any privacy breach records beyond their appropriate retention and disposition schedule (set out in the Library and Archives Canada Multi-Institutional Disposition Authority 98/001) and as such, this response only includes breaches dating back to April 1, 2010.

INQUIRY OF MINISTRY DEMANDE DE RENSEIGNEMENT AU GOUVERNEMENTPREPARE IN ENGLISH AND FRENCH MARKING "ORIGINAL TEXT" OR "TRANSLATION" PREPARER EN ANGLAIS ET EN FRAN(AIS EN INDIQLJANT "TEXTE ORIGINAL" OU "TRADUCTION" QUESTION NO.lN0 DE LA QUESTION BY I DE DATE

Q-12172


Bay)

March 6, 2013

REPL Y BY THE MINISTER OF AGRICULTURE AND AGRI-FOOD R~PONSE DU MINJSTRE DE L'AGRICUL TURE ET DE L'AGROALIMENTAIRE

signed by Gerry Ritz, PC, MPPRINT NAME OF SIGNATORY INSCRIRE LE NOM DU SIGNATAIRE SIGNATURE MINISTER OR PARLIAMENTARY SECRETARY MINISTRE OU SECRETAIRE PARLEMENTAIRE

With respect to data, information or privacy breaches at government departments, institutions and agencies, for each year from 2002 to 2012: (a) how many breaches have occurred in total, broken down by (i) department, institution or agency, (ii) the number of individuals affected by the breach; (b) of those breaches identified in (a), how many have been reported to the Office of the Privacy Commissioner, broken down by (i) department, institution or agency, (ii) the number of individuals affected by the breach; and (c) how many breaches are known to have led to criminal activity such as fraud or identity theft, broken down by department, institution or agency?ORIGINAL TEXT TEXTE ORIGINAL TRANSlATION TRADUCTION

D

The Canadian Grain Commission did not have any information or privacy breaches from fiscal year 2002 and up to 2012.

The Farm Products Council of Canada did not have any information or privacy breaches from fiscal year 2002 and up to 2012.

0-1217 - March 6,2013 -

Mr. Angus (Timmins-James Bay) - With respect to data, information or privacy breaches at government departments, institutions and agencies, for each year from 2002 to 2012: (a) how many breaches have occurred in total, broken down by (i) department, institution or agency, (ii) the number of individuals affected by the breach; (b) of those breaches identified in (a), how many have been reported to the Office of the Privacy Commissioner, broken down by (i) department, institution or agency, (ii) the number of individuals affected by the breach; and (c) how many breaches are known to have led to criminal activity such as fraud or identity theft, broken down by department, institution or agency?



b) Indicate if the breach was reported to the Office of the Privacy Commissioner (OPC) YES NO X X X X X X X X X X X X X X X X

c) Indicate if the breach led to criminal activity YES NO X X X X X X X X X X X X X X X X UNKNOWN

2007 -2008 - breach 1 2008-2009 - breach 1 2008-2009 - breach 2 2008-2009 - breach 3 2008-2009 - breach 4 2008-2009 - breach 5 2008-2009 - breach 6 2008-2009 - breach 7 2008-2009 - breach 8 2008-2009 - breach 9 2008-2009 - breach 10 2008-2009 - breach 11 2008-2009 - breach 12 2008-2009 - breach 13 2009-2010 - breach 1 2009-2010 - breach 2

4 32,000 44 2 1 60,000 1 273 1 1 1 1 1 1 1 1

a) Enumerate each breach by fiscal year 2009-2010breach 3

a)(ii) & b)(ii) Number of individuals affected by the breach 1 1 1 1 1 1 1 1 1 16 1 1 1 1 1 1 1 40 1 1 1 1 1 1



X X X X X X X X X X X X X X X X X X X X X X X X

X X X X X X X X X X X X X X X X X X X X X X X X

2009-2010 - breach 4 2009-2010 - breach 5 2009-2010 - breach 6 2009-2010 - breach 7 2009-2010 - breach 8 2009-2010 - breach 9 2009-2010 - breach 10 2009-2010 - breach 11 2009-2010 - breach 12 2009-2010 - breach 13 2009-2010 - breach 14 2009-2010 - breach 15 2009-2010 - breach 16 2010-2011 - breach 1 2010-2011 - breach 2 2010-2011 - breach 3 2010-2011 - breach 4 2010-2011 - breach 5 2010-2011 - breach 6 2010-2011 - breach 7 2010-2011 - breach 8 2010-2011 - breach 9 2010-2011 - breach 10

a) Enumerate each breach by fiscal year 2011-2012-breach 1

a)(ii) & b)(ii) Number of individuals affected by the breach 1 1 1 1 1 1 1 1 1 1 1



X X X X X X X X X X X

X X X X X X X X XX

2011-2012 - breach 2 2012-2013 - breach 1 2012-2013 - breach 2 2012-2013 - breach 3 2012-2013- breach 4 2012-2013 - breach 5 2012-2013 - breach 6 2012-2013 - breach 7 2012-2013 - breach 8 2012-2013 - breach 9

X


I51 92,422 5 92,357 0

a)(ii) Total number of individuals affected by all breaches enumerated in part a) b) Total number of breaches reported to the OPC b)(ii) Total number of individual affected by breaches reported to the OCP c) Total number of breaches known to have led to criminal activity



b) Indicate if the breach was reported to the Office of the Privacy Commissioner (OPC) YES

c) Indicate if the breach led to criminal activity YES

I

NO

I

NO

I UNKNOWN

*** Note: data on privacy breaches that occurred during the period of April 1, 2002 to March 31, 2006 were not tracked in the ATI P System that existed at that time. Any hard copy files that may of existed were destroyed as they had met their retention period.

0-1217 -

March 6,2013 - Mr. Angus (Timmins-James Bay) - With respect to data, information or privacy breaches at government departments, institutions and agencies, for each year from 2002 to 2012: (a) how many breaches have occurred in total, broken down by (i) department, institution or agency, (ii) the number of individuals affected by the breach; (b) of those breaches identified in (a), how many have been reported to the Office of the Privacy Commissioner, broken down by (i) department, institution or agency, (ii) the number of individuals affected by the breach; and (c) how many breaches are known to have led to criminal activity such as fraud or identity theft, broken down by department, institution or agency?


a)(ii) & b)(ii) N umber of individuals affected by the breach

b) Indicate if the breach was reported to the Office of the Privacy Commissioner (OPC) YES NO X X X X X X X X

c) Indicate if the breach led to criminal activity YES NO X X X X X X X X UNKNOWN

2002 - breach #1 2002 - breach #2 2003 - breach #1 2011 - breach #1 2011 - breach #2 2012 - breach #1 2012 - breach #2 2012 - breach #3

1 1 1 1 1 1 1 1


I8 8 3 3 0

a)(ii) Total number of individuals affected by all breaches enumerated in part a) b) Total number of breaches reported to the OPC b)(ii) Total number of individual affected by breaches reported to the OPC c) Total number of breaches known to have led to criminal activity

INQUIRY OF MINISTRY DEMANDE DE RENSEIGNEMENT AU GOUVERNEMENTPREPARE IN ENGLISH AND FRENCH MARKING "ORIGINAL TEXT" OR "TRANSLATION" PREP ARER EN ANGLAIS ET EN FRANC;;AISEN INDIQUANT "TEXTE ORIGINAL" OU "TRADUCTION"QUESTION NO.lNo DE LA QUESTION BY I DE DATE

0-1217


Bay)

March 6, 2013

REPLY BY THE MINISTER OF NATIONAL REVENUE AND MINISTER FOR THE ATLANTIC CANADA OPPORTUNITIES AGENCY REPONSE DE LA MINISTRE DU REVENU NATIONAL ET MINISTRE DE L'AGENCE DE PROMOTION ECONOMIQUE DU CANADA ATLANTIQUE

Signed by the Honourable Gail SheaPRINT NAME OF SIGNATORY INSCRIRE LE NOM DU SIGNATAIRE

.dLth~REMINISTER OR PARLIAMENTARY SECRETARY MINISTRE au SECRETAIRE PARLEMENTAIRE

With respect to data, information or privacy breaches at government departments, institutions and agencies, for each year from 2002 to 2012: (a) how many breaches have occurred in total, broken down by (i) department, institution or agency, (ii) the number of individuals affected by the breach; (b) of those breaches identified in (a), how many have been reported to the Office of the Privacy Commissioner, broken down by (i) department, institution or agency, (ii) the number of individuals affected by the breach; and (c) how many breaches are known to have led to criminal activity such as fraud or identity theft, broken down by department, institution or agency?ORIGINAL TEXT TEXTE ORIGINAL

D

Insofar as the Atlantic Canada Opportunities Agency is concerned, with respect to data, information or privacy breaches at government departments, institutions and agencies, for each year from 2002 to 2012, the answers to (a), (b), and (c) can be found in the attached table.

Q-1217 TEMPLATE

0-1217 - March 6, 2013 - Mr. Angus (Timmins-James Bay) - With respect to data, information or privacy breaches at government departments, institutions and agencies, for each year from 2002 to 2012: (a) how many breaches have occurred in total, broken down by (i) department, institution or agency, (ii) the number of individuals affected by the breach; (b) of those breaches identified in (a), how many have been reported to the Office of the Privacy Commissioner, broken down by (i) department, institution or agency, (ii) the number of individuals affected by the breach; and (c) how many breaches are known to have led to criminal activity such as fraud or identity theft, broken down by department, institution or agency?a)i} & b}(i} NAME OF ORGANIZATION: Atlantic Canada Opportunities Agency





2003-2004 2007-2008 2008-2009 2012-2013 2012-2013 2012-2013 2012-2013 2012-2013TOTALS a) Total number of breaches

1 0 0 0 0 0 0 6521

x x x x x x x x

x x x x x x x x

I8 653 0 0 0

a)(ii) Total number of individuals affected by all breaches enumerated in part a) b) Total number of breaches reported to the OPC b)(ii) Total number of individuals affected by breaches reported to the OPC c) Total number of breaches known to have led to criminal activity

1. This incident resulted from a form containing employee information temporarily being posted to an internal server. The form was not easily accessible and the person who saw it may not have had a "need to know" but did have the security clearance required to access the information.

INQUIRY OF MINISTRY DEMANDE DE RENSEIGNEMENT AU GOUVERNEMENTPREPARE IN ENGLISH AND FRENCH MARKING "ORIGINAL TEXT" OR "TRANSLATION" PREPARER EN ANGLAIS ET EN FRANCAIS EN INDIQUANT "TEXTE ORIGINAL" OU "TRADUCTION"QUESTIONNO.lN DE lJ\ QUESTION BY/ DE DATE

0-1217

Mr. Angus (Timmins-james

Bay)

March 6, 2013

REPLY BY THE MINISTER OF NATIONAL REVENUE AND MINISTER FOR THE ATLANTIC CANADA OPPORTUNITIES AGENCY REPONSE DE LA MIN ISTRE DU REVENU NATIONAL ET MINISTRE DE L'AGENCEDE PROMOTION ECONOMIQUE DU CANADA ATLANTIQUE

Signed by the Honourable Gail SheaPRINT NAME OF SIGNATORY INSCRIRE LE NOM DU SIGNATAIRE

e;d~~

(SfGNATlJRE

MINISTER OR PARLIAMENTARY SECRETARY MINISTRE OU SECRtTAIRE PARLEMENTAIRE

With respect to data, information or privacy breaches at government departments, institutions and agencies, for each year from 2002 to 2012: (a) how many breaches have occurred in total, broken down by (i) department, institution or agency, (ii) the number of individuals affected by the breach; (b) of those breaches identified in (a), how many have been reported to the Office of the Privacy Commissioner, broken down by (i) department, institution or agency, (ii) the number of individuals affected by the breach; and (c) how many breaches are known to have led to criminal activity such as fraud or identity theft, broken down by department, institution or agency?ORIGINAL TEXT TEXTE ORIGINAL TRANSLATION TRADUCTION

D

In 2012, the CRA put into place an updated information-sharing protocol between the CRA's areas responsible for security and privacy to ensure that information on privacy breaches were flagged to the CRA's ATIP Directorate, which is responsible for liaising with the Office of the Privacy Commissioner of Canada. The 2012 protocol strengthened the procedures and protections included in the previous 2010 information-sharing protocol. While the CRA captures the number of internal affairs investigations (Le., of data, information, and privacy breaches) and captures the information related to the number of security incidents (not related to employee misconduct) involVing the theft, loss, or compromise of information, and also the number of misdirected mail incidents it does not capture the information by breach in the manner requested. In order to produce the response for 2002-2012, a manual search of records would need to be undertaken to extract the data which is not possible within the prescribed timeline.

Q-1217 - March 6, 2013 - Mr. Angus (Timmins--James Bay) - With respect to data, information or privacy breaches at government departments, institutions and agencies, for each year from 2002 to 2012: (a) how many breaches have occurred in total, broken down by (i) department, institution or agency, (ii) the number of individuals affected by the breach; (b) of those breaches identified in (a), how many have been reported to the Office of the Privacy Commissioner, broken down by (i) department, institution or agency, (ii) the number of individuals affected by the breach; and (C) how many breaches are known to have led to criminal activity such as fraud or identity theft, broken down by department, institution or agency?

a) Enumerate

each breach by fiscal year

a)(ii) & b)(ii) Number of individuals affected by the breach Not extractable. Please see Inquiry of Ministry.



Not extractable.

Please see InqUiry of Ministry.

TOTALSa) Total number of breaches a)(ii) Total number of individuals b) Total number of breaches c) Total number of breaches b )(ii) Total number of individuals

Iaffected by all breaches enumerated affected by breaches in part a) reported to the OPC reported to the OPC known to have led to criminal activity

Q-1217Organization: Canada Revenue Agency

INQUIRY OF MINISTRY DEMAN DE DE RENSEIGNEMENT AU GOUVERNEMENTPREPARE IN ENGLISH AND l;RENCH MARKING "ORIGINAL TEXT" OR "TRANSLATION" PREPARER EN ANGLAlS ET EN FRAN

order paper question 1217 en.pdf

Documents

honourable gail sheaprint

preparer en anglais

en franc

en fran

ministre de

aboriginal affairs

national revenue

de date