Thursday, February 16, 2012

Vets department and board struggled for years to contain privacy leaks

By: Murray Brewster, The Canadian Press
02/16/2012 4:52 PM

OTTAWA - Veterans Affairs Canada and the independent board that reviews claims of ex-soldiers grappled with allegations of leaked personal information long before a privacy scandal blew up in public.

A series of leaked documents show the department and the agency tried — and ultimately failed — in the spring of 2009 to tighten up the system and clamp down on bureaucrats who'd been rifling through the files of veterans advocates and opponents.

A May 28, 2009 letter, signed by the deputy chair of the Veterans Review and Appeal Board, noted that a working group from the agency and the department itself had been assembled to examine privacy issues.

"Security Services has recently released two communiques on this topic, and will continue to educate employees on a regular basis," wrote James MacPhee in a letter to follow board member Harold Leduc, whose medical file had become the source of gossip and innuendo around the review agency.

The letter noted that staff at the review board were to be given mandatory privacy training.

MacPhee assured the former warrant officer that his privacy invasion was taken seriously and that federal officials were looking at restricting access to the computer data base where the files were held.

Yet, the department was not fully galvanized to action for another 18 months until the scandal involving advocate Sean Bruyea blew up in public — prompting among other things a major audit of procedures and practises by the country's privacy watchdog.

Access to the data base was not tightened until the fall of 2010 as part of the Harper government's damage control exercise following revelations Bruyea's medical records were sown into a ministerial briefing note.

A spokeswoman for the review board, Danielle Gauthier, said the independent agency took steps a year before the department to safeguard information and also adopted many of the steps taken by Veterans Affairs in its clean up efforts.

"The Chairman has made privacy and the protection of personal information top priorities at the board," she wrote in an email response to questions posed by The Canadian Press.

"When a privacy breach occurs, we take immediate steps to address it, including corrective actions and disciplinary measures where appropriate."

Despite that, the board was the source of a 2011 release of a report on Harold Leduc that had not been vetted for private information.

A request to interview board chair John Larlee was denied last week.
Liberal attempts to get the privacy issue heard by a House of Commons committee were swept behind closed doors this week.

"This information just strengthens the needs to deal with this in public," said Liberal veterans critic Sean Casey.
"It's apparent that Harold Leduc is only the tip of the iceberg. A Parliamentary committee is supposed to delve into these things."

NDP veterans critic Peter Stoffer said it's amazing the Harper government is asking Canadian to trust that it will protect online privacy in the controversial surveillance bill, yet it allows bureaucrats free rein with some of the country's most vulnerable citizens.

"It is simply not credible for the department to claim they've cleaned up their act," Stoffer said.

Officials at the federal Privacy Commissioner's Office confirm that, in addition to conducting a major audit of Veterans Affairs, it is pursuing 12 separate complaints from individuals about the department.

All of the protests were filed in 2010.
Veterans Affairs Minister Steven Blaney said in the House of Commons this week that he's open to strengthening privacy guarantees even further, but that the 10 point action plan implemented following the Bruyea case was having a positive effect.

Yet, Bruyea himself cast doubt on that Thursday, saying his battles with the department did not end with the 2010 settlement of his lawsuit against the federal government, which saw a $400,000 award for damages and legal costs.

He was initially able to track the leak of his information through Privacy Act requests. Most of the original 12,000 documents he received related to the 2005-06 timeframe.

His pursuit of more up-to-date records has hit a brick wall because the department has apparently stopped answering his requests. Before the gate came down he'd received an additional 18,000 pages — enough information for him to file further complaints last year with Privacy Commissioner Jennifer Stoddart.
Four of those complaints have come back as well-founded, according to letters obtained by The Canadian Press.

Bruyea was apparently accused last week by the deputy minister of veterans affairs in a private meeting of having an axe to grind and being biased.

"I don't need to believe in conspiracies to see that (Veteran's Affairs) culture is really just a conspiracy of incompetence," he said.

Bruyea noted that the department has had a comprehensive policy on personal information since 1999 and all departments have been required to follow federal Treasury Board privacy guidelines since 1998.

That should have been enough to safeguard his medical files, as well as those belonging to Leduc and others, and promise to fix the system are merely window dressing, he said.
"Had (Veterans Affairs) followed either of these plans, none of any of these breaches would have happened," he said. "Ignorance of the law is not an excuse. What we are talking about is ineptitude and a complete disregard for not just the law but the humanity of the victims."
Post a Comment