D. Routley: In this House, it’s your responsibility.
As we discussed yesterday, the minister responsible for data security lost 3.4 million students’ personal information, a breach that has become routine with this government.
A couple of highlights from the many breaches and their responses. In 2010, the minister said: “Protection of British Columbians’ private and personal information is a top priority for this government.” Sound familiar? “We committed to improving the system, and we have put the policies and education programs in place to do that.”
In 2014, the next minister responsible said: “The provincial government takes the management of personal information and the protection of privacy very seriously.”
Same issues, same excuses. The only thing that changes is the date and the names on the press release.
My question for the Minister of Citizens’ Services: after all these breaches, all these investigations, all these commitments to do better, why are you still failing to safeguard British Columbians’ personal information?
Hon. A. Virk: I understand that the members opposite received a fulsome and robust response to the very same questions that he poses today. What I heard was misinformation, fearmongering and an embellishment of the details from that side of the House.
I’ve been clear — I’ve been very clear — that a mistake was made. The creation of that duplicate hard drive and the manner in which it was stored was not correct. I have also made it clear — and I said it before, as well — that I’ve asked the chief information officer of government to do a complete review of the Ministry of Education and of core government to ensure that the protection of privacy is enhanced.
Madame Speaker: The member for Nanaimo–North Cowichan on a supplemental.
D. Routley: Fearmongering? Is that an indication of how seriously this minister takes this issue? British Columbians’ most sensitive information, a bell that can’t be unrung once it’s lost. It’s disgraceful. This government does the same thing again and again, and they expect a different result. They continue to lose British Columbians’ personal information, and we continue to hear the same excuses. “We’re investigating why this happened. We’ll improve the system. We’re sorry.”
To the minister responsible for data security: you weren’t supposed to have an unencrypted hard drive full of personal information in the first place. How many other drives just like this are still sitting unprotected in warehouses?
Hon. A. Virk: Perhaps I’ll repeat some of the facts of this incident. The drive in question should not have been created in 2011. It should have been encrypted. It should not have been stored in the manner it was. To ensure that the protection of data is enhanced, I have asked the chief information officer not only to investigate the initial incident but to do a fulsome review across core government to ensure that the data protection policies of this government that were in place at that time, and now, are fully followed.
J. Rice: Information about the province’s most vulnerable children is missing because this minister failed to keep it safe. Highly personal information about 9,273 people was collected by the Ministry of Children and Family Development and stored on this missing hard drive — highly sensitive information on children in the system who moved schools and lived in difficult circumstances, entrusted to this government. But this government broke this trust.
To the minister responsible for data security, when is he going to contact these 9,200 people and warn them about the risks to their personal information?
Hon. A. Virk: What the member certainly knows is that at present, I have no evidence to suggest any of that information on that drive has been accessed or used for any other purpose. The member clearly knows that.
The member also knows that the Information and Privacy Commissioner will be working alongside the chief information officer of government to analyze the data that was on that duplicate hard drive and to come up with a plan by which they can assess which individuals need to be notified.