Few government records are handled with as much seriousness and rigour as the national census, so for nearly 600 completed forms to disappear in the trunk of a Statistics Canada employee’s stolen car is a surprising and, well, very bad thing.
But here is the one thing that’s arguably even worse than that: not telling the Office of the Privacy Commissioner about the breach.
According to documents released to the CBC via the Access to Information Act, StatsCan has logged at least 20 privacy breaches relating to the 2016 census, some of which should also have been reported to the privacy watchdog.
In the case of the forms unintentionally pilfered by car thieves in Montreal, the agency didn’t report the loss on the shaky grounds it wasn’t a “material breach” – that is, the miscreants were after the vehicle, not the trunk’s contents.
Nor, apparently, did the agency contact the First Nations people who had filled out the forms to inform them their personal information had been stolen. Instead, they were only told after a replacement census was successfully arranged on their reserve.
This is inexcusable and potentially harmful. Of all the public institutions that can least afford to have their credibility and reputation besmirched, StatsCan must be near the top.
The personal data it compiles inform every aspect of government decision-making, at every level, and Canadians must have the utmost confidence in the body’s ability not just to collect that data, but to keep it safe.
This is not to say the agency is habitually negligent – it’s not. Statistics Canada takes its security responsibilities seriously, particularly when it comes to census data.
It needs to be more serious about its transparency obligations, however.
Accidents and human error are a fact of life. But it shouldn’t require media reports for the privacy commissioner, and the public at large, to learn about lists of names and addresses blowing away in a gust of Alberta wind, or a bag containing sensitive documents getting forgotten on a Toronto subway train.