[BreachExchange] Liberal MP apologizes to voters after his office emails their information to Conservatives

[Terrell Byrd]

https://www.thepeterboroughexaminer.com/ts/politics/federal/2021/02/18/liberal-mp-apologizes-to-voters-after-his-office-emails-their-information-to-conservatives.html

OTTAWA–An Ottawa-area MP apologized to constituents Thursday after his
office sent private information about “hundreds” of voters to a mailing
list of Conservative staffers.

But Liberal MP Chandra Arya likely won’t face any sanctions for the privacy
breach, because politicians and political parties are largely not subject
to Canadian privacy laws.

Arya’s office confirmed Thursday that a staff member mistakenly sent
information about constituents to a parliamentary mailing list of
Conservative staff members. A source told the Star that the mailing list
included approximately 900 people.

The Nepean MP did not specify what personal information was shared.

In a followup email sent on Wednesday afternoon, Arya’s office said it had
made a “grave error” and requested the information be deleted. That was
followed by an email to the recipients from Conservative MP Blake Richards,
the party’s whip, requesting staff members “immediately delete the email
containing this sensitive information.”

“This careless and irresponsible handling of Canadians’ information is
completely unacceptable,” Richards wrote.

On Thursday, Arya confirmed that Conservative staff members “were
accidentally copied on an email which contained limited constituents’
personal information.”

“The message was immediately recalled, but some staffers had already opened
the email. As staff of the House of Commons, anyone who did is bound to the
same confidentiality obligations as our office,” Arya’s office wrote in a
statement.

“I would like to sincerely apologize for this mistake.”

As a member of Parliament, Arya is not bound to the same privacy rules that
apply to government departments or private companies.

The Privacy Act, which governs how federal departments and agencies handle
personal information, and Canada’s private sector privacy laws do not apply
to political parties or to MPs offices.

If a private company or government department committed a similar breach,
it would be obliged to report the incident to Canada’s privacy watchdog and
could face sanctions or fines.

Political parties, on the other hand, are not required to submit to privacy
regulators’ reviews or disclose precisely how they use voter information in
their sophisticated data mining and analysis operations.

After the Star requested an interview, Arya’s office said it had contacted
Privacy Commissioner Daniel Therrien’s office to “flag this incident,
(request) assistance in handling it appropriately, and will work with them
to put protocols in place to ensure that a similar mistake never happens
again.”

The use of voter data by members of Parliament has periodically raised
concerns over privacy protection and the unfettered use of Canadians’
personal information. In 2012, then-immigration minister Jason Kenney
raised eyebrows over data mining a petition from LGBTQ Canadians and later
using that contact information to praise the Conservative government’s
approach the LGBTQ refugees.

But despite repeated calls from privacy watchdogs, and a House of Commons
committee’s unanimous recommendation to bring parties under privacy laws in
2018, the governing Liberals have refused to act on the matter.

The Liberals are believed to have eclipsed the opposition Conservatives in
the collection and exploitation of voter data — something the party’s
senior staff explicitly said was central to its 2015 election victory.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211116/5dc7859f/attachment.html>