Lucie Edwardson reports:
The United Conservative Party‘s privacy policies are being questioned after a party laptop was stolen out of an employee’s car in a parkade.
The laptop contains the names, addresses and contact information of 40,000 UCP members.
Experts say the language used in the memo to inform members was confusing and didn’t answer important questions.
“This is clearly a matter that the party needs to improve their information protection practices,” said Sharon Polsky, president of the Privacy and Access Council of Canada, adding the party will have to regain public trust.
Read more on CBC.
I don’t see where there’s a serious risk of identity theft here. We’re talking about names, addresses, and contact info. That could be a phone book. Or a phone book with email addresses. Either way, it’s not like SIN with DOB and additional details.
That said, there is no reason that the whole drive wasn’t encrypted when the laptop was off. And if it wasn’t encrypted, why on earth was it left in an unattended vehicle? Yes, people should be asking the UCP specific questions about the training and policies they give employees. But who’s going to require them to answer those questions? No one?