Toronto accidentally turned over citizens' private info 16 times in 2 years
Unreported theft of kids' daycare photos among breaches
Photos of children at a city-run daycare were stolen during a break-in last year, but neither the police nor the children's parents were ever notified of the theft.
The break-in at the Greenholme Early Learning and Child Care Centre in North Etobicoke occurred in May, 2017. A memory card containing photographs of 12 children was stolen, along with a camera cable.
Toronto Police say they have no record of the incident. The city admitted in a statement to CBC Toronto that the children's parents were told only about the break-in and vandalism — not the theft of the photos.
'Someone should be held accountable'
"I'm very upset that this has happened; I'm very upset that the parents have not been notified," Coun. Jim Karygiannis told CBC Toronto. "I'm horrified by what I've seen and I think someone should be held accountable."
Children's Services was the leakiest city division, responsible for five of the 16 privacy breaches.
Also included in the list:
- A woman's address was mistakenly given to her ex-spouse while he was registering for a city Parks, Forestry and Recreation division program. The city says it notified the ex-wife and police of the breach.
- An X-ray requisition for a resident was posted on a public cork board at the city-run Seven Oaks Long-term Care Home in Scarborough.
- A staff member lost an iPad that contained notes on a client of the Children's Services division.
- Personal information of 38 unsuccessful applicants for a city job was sent to seven other applicants who'd been invited for an interview by the Human Resources division.
- Revenue Services staff accidentally mailed personal information about two individuals to a third person.
In all 16 cases, the city has labelled the incidents "closed." The city appears to have investigated and sent letters of apology in most instances.
City staff declined to be interviewed by CBC Toronto about the incidents.
'It's a pretty good record'
But in a series of statements, spokesperson Wynna Brown said: "The City of Toronto routinely manages hundreds of thousands of documents and when these rare instances do occur, we take them very seriously. We identify every opportunity to review and tighten information management procedures to ensure the continued protection of personal information.
"Of note, approximately 7 of the 16 occurrences involved mailings of which the City undertakes more than 4 million per year. As well, the vast majority of incidents are self-reported by staff which we attribute to the effectiveness of the City's training program."
Councillor Gord Perks agreed that the city has a relatively good track record, under the circumstances:
"Any time it happens, it's serious. That being said we do handle hundreds of millions of pieces of information every year and from what you've shown me, this is 16 accidents or releases of information over 2 years; it's a pretty good record."
He said he'd have been more concerned if most of the privacy breaches came from a single division.
However, she said the fact that the incidents were not made public voluntarily by the city is "a little bit troubling."
"The city has such a high duty of care for our personal information. It would be great if they were a little more forthcoming about when things go wrong. A transparency report would be a really great idea — just an annual report that says we've had this number of breaches; this number of people were affected and this is what we did to fix it in each case."