Brought to you, of course, by our very own Liberal government. I just copied this straight from Paying Attention (see blog list on the right), who ganked it from Press Pass at the TC in Victoria, so you lazy types don't have to click through the link if you don't want to. It's amusing and scathing at the same time:
The Times Colonist runs a Sunday column called Press Pass, compiled mainly by the newspaper's press gallery reporters- currently Lindsay Kines and Rob Shaw - and legislative columnist Les Leyne. The reporters have broken all the stories on the government's bungled response to a major privacy breach.
On Sunday, Press Pass added this background.
"SUGGESTED READING: With all the hoopla around those missing government files, perhaps it's worth brushing up on the fundamentals. What's supposed to happen when government learns of a major privacy breach?
According to the Key Steps in Responding to Privacy Breaches guide, written by the Office of the Information and Privacy Commissioner in June 2008, there are four key steps. Let's contrast them with what happened in this case:
1. Contain the breach and notify privacy/security officials.
If, by that, you mean don't tell the senior bosses or ministers until the Public Affairs Bureau hears about it seven months later, then done and done.
2. Evaluate the risk of the breach.
Let's see. Employee under criminal investigation for fraud has swiped sensitive personal information that could be used for fraud ... we'll go with "high" risk.
3. Notify people "as soon as possible" to warn them their privacy has been compromised.
In this case, wait more than half a year before writing letters to the wrong people.
4. Prevent a future reoccurrence by investigating the cause of the breach.
Or, repeatedly claim ignorance about when you found out or what you knew and bolt from the legislature to enjoy a four-month winter break.
When should you follow these four steps? According to the guide: Immediately.
Maybe someone in government should read this thing."