This is despite the fact that the same government agency had a similar situation happen in December (bottom of the article) with a lost or stolen USB thumbdrive.
According to that CTV article, the missing files include student names, social insurance numbers, dates of birth, and contact information of 538,000 borrowers between 2000 and 2006.
“A toll-free number 1-866-885-1866 has been set up for Canadians to verify if they are affected by this incident. The number will be in operation 8 a.m. to 8 p.m., seven days a week beginning Monday, Jan. 14.”
So, what are student loan borrowers doing about it? They’re filing class-action lawsuits!
“It’s extremely scary to not know where your information is at, who could have it and what they could be doing with it,” one student is quoted as saying in a CTV article.
That said, according to the government, there isn’t any evidence that the information has been used for fraudulent purposes, but it’s more the fact it was allowed to happen, and the lack of government transparency about the issue that has student loan borrowers upset.
More recently, A juvenile agency in Florida lost a device containing the personal information over 100,000 people, and despite the fact the law demands such devices be encrypted or password protected, it wasn’t.
Both of these situations underscore the absolute need for all organizations, including government, to have proper security practices in place. If sensitive data is stored on an external hard drive or USB thumbdrive, it MUST be encrypted and monitored to ensure it doesn’t fall into the wrong hands.
As with anything important, it’s a matter of training and routine. Nerds On Site can setup encryption and password protection for your home or business devices, and train you and designated staff on what to do. It’s a non-trivial process, and can protect against data and identity theft. If the thief doesn’t know the secure password to access the encrypted data, they’re out of luck, and although you may have lost the device, the data is NOT at risk.
Not only is this a necessary security step to take, in many cases for business and government organizations, it’s the law!