Privacy given 'short shrift' in passport offices: Audit: Via Canwest News Service on Canada.com

OTTAWA - Privacy and security problems at Canada's passport offices add up to a "significant risk" for Canadians applying for passports, the Privacy Commissioner of Canada found in an audit released Thursday.

The audit, part of the commissioner's annual report tabled in Parliament before it was prorogued until late January, itemizes how privacy matters are given "short shrift" at every step of the application process.

At the front end, passport applications and supporting documents were kept in clear plastic bags on open shelves. At the back end, documents containing personal information, including credit-card numbers, and, sometimes, Social Insurance Numbers, were tossed into regular garbage and recycling bins. Shredded documents could be easily put back together.

The audit also found that computer systems allowed too many employees to access passport files, including locally hired staff in consular offices abroad, who had access to files processed by any other mission.

Such basic controls as audit logs and encryption of stored personal information were not in place. Passport Canada also provided inadequate privacy training for employees, an issue "of concern" across government institutions.

"These privacy and security shortfalls are particularly worrying, given the high sensitivity of the personal information involved in processing passport applications," the report states.

"There is a risk of consequences - identity theft, for example - to individual passport holders if their personal information goes missing or is stolen. It's clear that stronger safeguards are required to protect this data."

In an interview, commissioner Jennifer Stoddart said she was surprised about the audit results.

"Quite frankly, I was surprised in a process, which is not new, that we did find so many gaps, particularly the gaps in missions abroad."

She added, "The irony wasn't lost on us . . . that it would show up at the place that is producing Canada's premiere identity document."

Last year, Passport Canada processed more than 3.6 million passport applications. It has more than 30 million passport records in its control.

Mike Beaupre added one more file when he submitted his application to a passport office in Ottawa on Thursday. "Considering that we're getting these passports to increase security, I think it's pretty detrimental to our security," he said of the audit findings.

The backdrop to these failures is a "dispersed" approach to privacy responsibilities, split between Passport Canada and the Department of Foreign Affairs and International Trade, the audit found. Passport Canada is an agency of the department, which has a mandate to issue passports.

Stoddart said the "good news" is both the agency and the department are "very open to our suggestions and are implementing most of our recommendations."

The annual report also highlights Stoddart's concern that the online posting of personal information by some federal administrative and quasi-judicial bodies does not strike the right balance between the public interest and privacy rights. These cases usually involve highly personal information about Canadians fighting for government benefits, challenging federal public service hiring processes, or taking part in other federal administrative proceedings.

Last year, her office investigated 23 complaints about the posting of personal information to the Internet by seven bodies created by Parliament to adjudicate disputes. The report notes these processes often involve "very intimate" details about people's lives, including their financial status, health, job performance and personal history.

"Why should a law-abiding citizen fighting for a government benefit be forced to expose the intimate details of her personal life to public scrutiny?" the report states.

Read Original Article (Via Canwest News Service on Canada.com.)