Personal information on roughly 9,000 children that was accidentally leaked to roughly 100 external agencies and groups by the Children’s Disability Services, is now being investigated by Manitoba’s ombudsman.
Last month Children’s Disability Services staff accidentally sent a mass email to external agencies containing personal information on thousands of young clients.
“There’s an impact for the children and the families in the fact that their personal information is out there,” ombudsman Jill Perron was quoted as saying.
“Their ability to control who has their personal information and how that’s handled is lost.”
The ombudsman’s office announced.
Families in Manitoba, a Canadian province, acknowledged the breach at the time, and said staff at the agency accidentally sent an email intended for a single recipient — the Manitoba Advocate for Children and Youth — to roughly 100 agencies and advocacy groups.
The email included a spreadsheet with information about roughly 9,000 children who are Children’s Disability Services clients, plus information on a matter under review by the children’s advocate.
The spreadsheet was password protected, but the password was also provided, Manitoba Families said at the time.
The personal information on clients included details like children’s names, genders, dates of birth, address, the nature of their disabilities, and medical or psychological assessment details.
Perron said she hopes to conclude the investigation quickly, rebuild client confidence and ensure appropriate privacy protections are in place.
“There’s a bit of an opportunity with a department is as large as the Department of Families,” she said.
“They touch a lot of Manitobans, particularly vulnerable Manitobans. Lessons learned out of this audit actually can apply and transfer to their other programs.”
Perron said the province was proactive in its response to the breach and notified the ombudsman’s office the same day it happened.
Manitoba Families said last month it had called all unintended recipients to ensure the email was deleted and contacted affected families to apologize.
The province said in a statement that it welcomes the ombudsman’s investigation.
“This breach highlighted the need for the department to develop stronger and more comprehensive policies on how information is secured and shared,” the release said.
All requests for client information from external organizations must now also be more formally reviewed by the department’s privacy unit, the province said.
Manitoba Families Minister Heather Stefanson has also asked the ombudsman for help on a new protocol on information sharing, the province said.
Staff are getting a training webinar this week focused on privacy and personal health information, how to send information more securely, strategies to prevent breaches and what to do if one happens, the province said.