The November 12th issue of the Sounder contains an ad notifying Gabriolans about a privacy breach, reproduced below. Based on what it says, it appears that an office computer that had not been properly wiped somehow ended up in the hands of a community member, and has now made its way back to the GFPID. Clearly someone made a mistake somewhere.
Presumably this is the privacy breach referenced during the New Business part of the November 5th meeting. Ironically, during that meeting there were disagreements as to whether Microsoft’s OneDrive or a self-managed server was the most secure way to protect data.
This incident illustrates the common adage that the biggest vulnerability any organization has is not technology, but people.
We commend the GFPID on its transparency with regard to this issue. We also look forward to updates as to how this happened and what remedial measures are being put into place, in terms of training, policy and practice, (perhaps including compliance checklists) to ensure that such data security breaches do not happen again.
