RCMP sent confidential details of suicide attempt to wrong email chain: report
Email included the person’s name, date of birth and details of suicide attempt
The RCMP inadvertently sent an account of someone's suicide attempt to the wrong email chain, leaving the details in the inboxes of more than 160 people, according to a report on the mishap.
The email included the person's name and date of birth, details of the suicide attempt, the injuries they sustained and the name of the hospital where they were recovering, according to a copy of a Privacy Act breach report obtained by CBC News through an access to information request.
The case started last winter when officers responded to an emergency call and collected the personal information of the victim.
Instead of sharing that information only with select members of the RCMP's senior management team, the sender forwarded it to the wrong proxy email address, which was linked to 130 Mounties' accounts. That proxy address then automatically forwarded the email to another seven accounts.
At least 161 people received the email in error, according to the report.
The recipients were then asked to delete the email and to not discuss its contents.
"In this specific circumstances of this incident, the RCMP has chosen not to notify the affected party at this time. However, a family member of the affected individual was notified of the breach," says the report.
RCMP spokesperson Cpl. Caroline Duval said the privacy breach was reported to the Office of the Privacy Commissioner, which reviewed the matter and decided not to pursue it further.
"Although the RCMP has stringent processes in place to prevent privacy breaches from taking place, occasionally errors do occur," she said.
"The RCMP has procedures in place to protect personal information and we take this responsibility very seriously."
1 of 15 cases reported to privacy commissioner
The RCMP say their IT department is working to restrict its email chains to prevent similar mistakes.
The case is one of 15 breaches by federal departments and agencies reported to the commissioner's office during January. Copies of the breach reports were recently released through an access to information request.
In one incident, Canada Post lost a box containing the files of an inmate who was transferring to a new correctional institution. The box included files related to the inmate's mental health.
It also once lost an individual's passport application, which included a valid passport and a long form birth certificate.
In two separate breaches, Canada Revenue Agency employees accessed dozens of taxpayers' accounts without permission.
In one of those cases, a CRA employee accessed the accounts of 29 taxpayers and businesses — including the employee's own account — and disclosed the tax credit information of two taxpayers to their spouses, who were not entitled to the information.
According to the breach report on that CRA case, the agency decided not to alert police but did reach out to the affected individuals.
Dozens of federal institutions report significant privacy breaches each year to the privacy commissioner.