RNC staffer breached 12 people's privacy using police data base

The RNC says it has completed an internal review into a privacy breach that spanned several years and impacted 12 people whose private information was accessed by a civilian employee.

Did not impact criminal investigations: Chief Bill Janes

Documents obtained by CBC News through an access to information request revealed the breaches of privacy by a staff member with the Royal Newfoundland Constabulary. (CBC)

The Royal Newfoundland Constabulary says it has completed an internal review into a privacy breach that spanned several years and impacted 12 people whose private information was accessed by a civilian employee of the force on the northeast Avalon.

Documents obtained by CBC News through access to information revealed several privacy breaches involving one staffer that began in March 2010 and was halted when a member of the public complained to the police on Dec. 9, 2014.

RNC Chief Bill Janes said the employee inappropriately accessed the Integrated Constabulary Automated Network (ICAN), which the staff member had access to for work, on 33 different occasions.

The system is used to store information in relation to incidents the RNC responds to, Janes said.

"It could be anything from a theft that we respond to, to a car accident," said Janes.

"It will include personal identifiers, such as a people's names, dates of birth and their address."

The Department of Justice and Public Safety as well as the Access to Information and Protection of Privacy (ATIPP) Office were notified after the breaches were discovered, Janes said.

No criminal investigations threatened by breach

The 12 people whose information had been accessed were sent letters from the RNC notifying them of the breach, Janes said.

There were three separate instances where the employee passed along information to a "third party" in 2012-2013.

Further details as to why the breaches happened are unknown, but Janes said it did not impact any criminal investigations.

"It's very unfortunate that it happened," Janes told CBC News Tuesday. "We dealt with it the best we could in terms of an investigation and an internal disciplinary investigation."

The outcome of the internal disciplinary review is not being released.

"The purpose of [ICAN] is for legitimate business reasons and when someone accesses the system and it's not a legitimate reason, then that's when we do an investigation as to why it happened and to mitigate it so it doesn't happen again," he said.

Janes said privacy breaches are very rare within the force, adding every employee with the RNC takes an oath of confidentiality and there are policies and procedures regarding access to information.

The employee's access to ICAN was disabled, according to the documents obtained by CBC News.