Province calls in auditor general on FOI privacy breach

Auditor General Michael Pickup's office is getting involved in the breach that saw 700 people's personal information exposed through the province's freedom-of-information website.

Request to Michael Pickup's office after personal info of 700 people accessed

Nova Scotia Auditor General Michael Pickup and his office will investigate the privacy breach of the province's freedom of information website. (Andrew Vaughan/Canadian Press)

Auditor General Michael Pickup's office is getting involved in the breach that saw 700 people's personal information exposed through the province's freedom-of-information website.

The minister responsible for the site, Patricia Arab, asked Pickup Friday evening to help investigate what happened and come up with recommendations. The audit from Pickup's office will be in addition to an investigation underway by privacy commissioner Catherine Tully and her office.

In her letter to Pickup, Internal Services Minister Patricia Arab tells Pickup she "would view the work of your office as supportive and complementary to the work being done by […] Ms. Tully. Our department will work closely with your staff and the staff of the Nova Scotia Information and Privacy Commissioner.

"We would also support whatever division of work and sharing of materials between your offices that the two organizations see as appropriate, subject to ensuring that the necessary protections are in place to avoid an inadvertent waiver of any privileged materials."

Pickup told CBC News he would try to restrict his work to this breach but might wander further afield if that's where he thought it needed to go.

"If it doesn't make sense to add it on because it's going to slow us down, then we'll do it as a separate piece of work or pieces of work if we found that there were more things."

Pickup wants this done "sooner rather than later."

"The goal is to get this done late summer, early fall. That's my hope."

Halifax man faces charge

Arab and the government have been under fire since it was revealed earlier this month someone accessed 7,000 documents containing private and personal information — such as addresses, birth dates and social insurance numbers — that never should have been made public through the website.

While the breach was announced earlier this month, it actually happened March 3-5. It was only discovered when a government employee doing work on the website made a typing error and gained access to something they should not have been able to access.

A 19-year-old Halifax man is facing a charge for unauthorized use of a computer. In an interview with CBC News, the man said he downloaded the information for research purposes and had no malicious intent. Government officials have said the effort was not a hack and confirmed there was nothing on the downloaded files to indicate any of the information was in fact private and not for public consumption.

Government response criticized

While members of the government, including Premier Stephen McNeil, were quick to focus on the person who did the downloading, as opposed to the flaws within the government's own website — McNeil accused the man of stealing files — their tone softened after CBC News published an interview with the accused.

Since then, government talking points have focused almost exclusively on the need to fix the website, get it back up and running and inform people affected by the breach. The website remains down, while registered letters have been sent to all people affected by the breach.

The government and police response has been widely criticized by members of the IT community as overstated and lacking an understanding on internet research.