school children

Canadian School District on Hot Seat After Data Error

Can you guess the number one cause of data breaches? If you guessed human error, go to the head of the class. Goofs and careless email practices are frequently the roots of data loss, and one Ontario school district is on the hot seat after an employee hit ‘Send’ on an email with a misplaced link.

In early November, parents or guardians of the 825 students at a Catholic secondary school in Cornwall received a mass email that contained far too much information.

The school board sent the communication to notify families when a student at a school was diagnosed with COVID-19. However, the text accidentally included a link to data on the school’s 800+ students and their families.

School Leaks Details

The school district operates an estimated 40 elementary and intermediate schools plus 10 secondary schools. Right now, the district board is probably trying to determine how frequently someone accessed that link to student data before officials disconnected it.

To date, it’s known that the link in that email took readers to names, addresses, and other contact information. A complete list of data included is not yet available, but the potential for abuse is evident. It’s also understandable that parents are concerned.

Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), which took effect nearly two decades ago, outlines how data custodians must report data compromises. In this instance, notice would go to Ontario health officials and the Canadian Privacy Commissioner’s office.

The Board’s privacy policy identifies a slew of data that they should be carefully protecting. For example, it includes information relating to the race, national or ethnic origin, colour, religion, age, sex, sexual orientation, marital or family status of the individual.

Also covered is information relating to the educational, medical, psychiatric, psychological, criminal or employment history of individuals.

Medical ID numbers and items like fingerprints or blood type round out the list of what’s considered personal information. At this writing, information from the school district board has not appeared on any government privacy websites but posting may be imminent.

Shield Yourself

Government groups have advised all Canadians impacted by breaches to check a credit report for any new accounts that hackers might create using stolen identities. Check monthly bank statements, too.

Other steps you might that more proactive steps:

  • Place a fraud alert with Equifax or TransUnion credit bureau
  • Change settings for current financial accounts to trigger spending alerts for purchases or withdrawals
  • If your SIN has been compromised, notify Service Canada immediately
  • Monitor credit scores frequently for a drop that might point to identity theft

IDShield Canada can track all your data 24/7 and save you time. When hackers attack, stolen details of your life often end up on the Dark Web. We are in the front lines monitoring those shady websites and pushing back against such data abuse. Our identity monitoring tracks dozens of data points so you can sleep easier at night.

IDShield is a product of Pre-Paid Legal Services, Inc. d/b/a LegalShield (“LegalShield”). LegalShield provides access to identity theft protection and restoration services. For complete terms, coverage, and conditions, please see an identity theft plan. All Licensed Private Investigators are licensed in the state of Oklahoma. This is meant to provide general information and is not intended to provide legal advice, render an opinion, or provide any specific recommendations.