Canada’s privacy commissioner has opened an investigation into the theft of 24 years of data of federal employees from two government-contracted relocation firms.
As we reported earlier this week, the Treasury Board said data as far back as 1999 on military, RCMP, and federal employees held by Brookfield Global Relocation Services (BGRS) and Sirva Canada, who help move employees transferred as a result of their jobs, was stolen in the hack. BGRS is a relocation management company, while Sirva Canada is a household goods transportation company.
Today, the Office of the Privacy Commissioner of Canada (OPC) said it will examine the adequacy of the safeguards that the two companies and the federal government had in place to protect the personal information of personnel who used the relocation services.
“Given the broad scope and potentially sensitive nature of the compromised personal information, I have determined that this breach must be investigated so that we can understand why this happened and what must be done to remedy the situation and prevent such things from happening again,” said Privacy Commissioner Philippe Dufresne. “I appreciate and encourage any and all remedial steps that are being taken and will be taken to protect those affected.”
OPC has the power to launch investigations under the federal Privacy Act to look into the actions of Public Services and Procurement Canada as well as Treasury Board, the two government departments that contracted with the companies. It will also look into the actions of Brookfield Global Relocation Services and Sirva Canada and whether they complied with the Personal Information Protection and Electronic Documents Act (PIPEDA), which covers the private sector.