Here’s a news report of an insider privacy breach in Canada that is just…. awful. That is has resulted in severe psychological harm and trauma to one of those impacted is not surprising.
The incident, which you can read about here, involves records that are more than 30 years old that appear to have been maliciously sent to the child of a welfare recipient.
As such, this incident serves as a useful reminder that even very old personal data can have devastating consequences if the data are not adequately secured against unintended or malicious release.
This incident also serves as a useful reminder that entities need to have good access logs so that they can determine who is the rogue employee. And of course, then we get to the question of why was the rogue employee even able to access these old files? Were the access controls adequate in this case?