[BreachExchange] Information about 69, 000 Phoenix pay system victims sent in error

[Destry Winant]

https://www.cbc.ca/news/politics/phoenix-pay-system-privacy-breach-1.5466855

More than 69,000 public servants caught up in the Phoenix pay system
debacle are now victims of a privacy breach after their personal
information was accidentally emailed to the wrong people, says Public
Services and Procurement Canada.

The problem-plagued electronic payroll system has improperly paid tens
of thousands of public servants since its launch in 2016. Some
employees have gone months with little or no pay, while others have
been overpaid, sometimes for months at a time.

As the government has struggled to fix the system, Public Services and
Procurement Canada has been sending departmental heads of human
resources and chief financial officers reports every two weeks listing
employee overpayments.

Earlier this month, a report naming 69,087 public servants was
accidentally emailed to the wrong federal departments.

Overpaid by Phoenix, more than 98,000 public servants still owe money

Personal information belonging to 144,000 Canadians breached by
federal departments and agencies

The report included the employees' full names, their personal record
identifier numbers, home addresses and overpayment amounts.

More than 161 chief financial officers and 62 heads of HR in 62
departments received the report in error, according to a statement
posted to Public Services and Procurement Canada's website on Monday.

Department reviewing how info is stored

The department said it took steps to contain and destroy the
information and notified the Office of the Privacy Commissioner of
Canada.

It also said affected employees will be notified in the coming days.
The department has stopped the distribution of overpayment reports
pending the results of the investigation.

"Our government takes privacy concerns and the protection of personal
information very seriously and it is top of mind in the work we do at
PSPC," said Minister of Public Services and Procurement Anita Anand in
an email to CBC News.

"We will take steps to ensure that this does not happen again and
fully reevaluate the way in which personal information is stored and
used."

Public Services and Procurement Canada isn't the only department to
accidentally breach the confidentiality of workers' personal
information.

According to figures recently tabled in the House of Commons, federal
departments or agencies mishandled personal information belonging to
144,000 Canadians over the past two years.

Privacy Commissioner Daniel Therrien has long called out "strong
indications of systemic under-reporting" of privacy breaches across
government.