BC Hydro-Accenture not in compliance with privacy laws says Commissioner’s office
March 29, 2007
BC Hydro and Accenture were not in compliance with privacy laws because “adequate technical and physical security was not employed on the stolen laptop,” says a report just released from the Office of the Information and Privacy Commissioner.
The union representing employees at both companies sounded alarm bells last spring and now questions the length of delay in notifying employees, the accuracy of BC Hydro’s claims, and its ability to uphold standards.
“We have thanked the privacy office and are pleased that our complaint has been investigated,” said,
“Privacy of personal records is a serious concern and this investigation has raised questions for us about BC Hydro’s account of the incident. The findings of the investigation indicate that Hydro knew of the security breach four days before they made a report or notified employees,” added Ross.
“Until this report, it was our understanding that Accenture had withheld knowledge of the theft to everyone, including BC Hydro. But the investigation clearly says that BC Hydro knew about the breach much sooner that they have previously stated and that the theft itself occurred up to nine days before employees were informed,” said Ross.
“At the time of the breach, BC Hydro joined us in singling out Accenture for the delay in telling employees that their personal records had been stolen,” added Ross. “It was a traumatic time for everyone worried about identity theft scrambling to change bank accounts and to this day people’s accounts remain flagged. But instead of coming clean with its employees, it appears BC Hydro decided to leave the impression that Accenture acted alone in withholding information,” concluded Ross.
MoveUP also noted that the privacy report has not addressed its ongoing concerns about the accountability of outsourcing public records. The union has written to BC Hydro chief, Bob Elton, making a series of recommendations to ensure privacy standards meet the highest standards and beyond the minimum contractual requirement. The letter also raises questions about the secret nature of private-public contracts and whether they stand up to public standards.
Today’s privacy report talks about support from the companies and indicates that new measures have put them back into compliance with privacy laws.
The report does not deal with complaints regarding the storage of data outside of