Privacy commissioner, Nanaimo victim say punishment for breaches woefully inadequate

Stephens said the snooping on her family’s records began in January 2017 and didn’t stop until early this year. She was told her parent’s information was accessed a combined 27 times.

While the health authority assured Stephens the responsible party was no longer employed, it provided little comfort.

“This person’s identity is protected and they know all of our information,” she said. “It’s a very uncomfortable feeling and I don’t even have proof that person is actually fired and isn’t still working there.”

The threat of losing your job for violating privacy laws clearly isn’t a suitable deterrent, Stephens said.

“I am horrified this has been going on for so many years and probably goes on under our noses when nobody contacts the media to let them know. A fine needs to be imposed, not just losing your job. Punitive damages are necessary as well.”

Michael McEvoy, B.C.’s privacy commissioner, told NanaimoNewsNOW he’s constantly shocked people continue to break privacy laws despite the expectation of being fired.

“But it’s also clear to me that stiffer penalties are needed to bring home the gravity of this kind of violation of people’s trust.”

McEvoy said B.C.’s Freedom of Information and Protection of Privacy Act is well behind other provinces.

“I believe there needs to be stiff offence provisions in our legislation to act as a deterrent to this kind of action…Our office has called for it, an all-party committee of the legislature has called for it. What we need to see is the will from government and our legislators to move forward to amend our legislation.”

McEvoy said he intends to sit down with Jinny Sims, the minister in charge of Citizens’ Services, on Thursday to discuss the issue.

The Ministry of Citizens’ Services said the government is continuosly looking at ways to strengthen privacy protection and potential changes to FOIPA are “currently being reviewed,” including the recommendations from the privacy commissioner’s office and legislative committee.

A statement from the Ministry pointed out people who wilfully disclose personal information can be charged with an offence and face fines up to $25,000 under current legislation.

In 2015, the province’s privacy commissioner at the time filed a report saying health data was routinely breached and the practice was only becoming more prevalent due to the growing reliance on electronic records.

Island Health was rocked by back-to-back privacy breaches in 2016, including the worst in its history when nearly 200 patient records were accessed without authorization.

Then-privacy commissioner Drew McArthur delivered similar comments as McEvoy.

Island Health would not disclose how many privacy breaches occurred over a given period of time, saying its protocols ensure anyone affected is always contacted directly in all instances.

The health authority said its internal safeguards mean anyone who does break privacy rules is caught. It did not say what safeguards were put in place after previous breaches or what may change after this most recent incident.

“The privacy and security of our patients’ and clients’ personal and health information is a top priority for Island Health. Our employees are well aware that snooping into the health records of family and friends, or anyone, is prohibited,” a statement said.

dom@nanaimonewsnow.com

On Twitter: @domabassi

— Note to readers: A previously reported comment from McEvoy indicated there are no provisions in the current legislation for penalties or punishments for violating FOIPA. That comment was incorrect based on the response from the Ministry.

by Dominic Abassi

Privacy commissioner, Nanaimo victim say punishment for breaches woefully inadequate

More Local News