EDMONTON — Social insurance numbers. Mortgage applications. Medical records. Credit reports. Home addresses.
Such information about more than 2,700 Albertans has been stolen or lost, says Frank Work, the province’s privacy commissioner, who says he can’t believe that government and businesses aren’t better protecting people’s personal data.
“When I hear about breaches like this, all I can say is, ’Really?’ Is there a need to put people through this when the information could easily be encrypted?” Work said in a release Thursday.
Alberta law requires businesses to notify the commissioner when personal information is lost. In the last month, there have been seven breaches involving a stolen or lost laptop or digital device.
“The most troubling” from the standpoint of identity theft involved a laptop belonging to a trust company that was stolen.
It contained information about 135 customers, including mortgage applications, names, addresses, social insurance numbers and credit bureau reports.
“That’s the very foundation for identity theft. They’ve got your name, your social insurance number,” said Wayne Wood, communications director for Work’s office.
“They can then become you and you don’t know that they’ve become you and start getting a line of credit and loans,” Wood said.
“It can take an awful lot of effort and a long, long time before you can dig yourself out of an identity theft situation.”
Other stolen or lost information included the Alberta Health Services medical records of 2,700 children. Wood says they were pediatric, gastroentology and nutrition patients.
AHS has notified 46 of those 2,700 patients.
“We don’t know if they are in the process of notifying the others,” Wood said.
The medical information is not the type that could be used in identity theft, he added.
The other breaches included:
— Two devices from Alberta Sustainable Resources that had interviews with citizens and information from an informant. The informant’s name was not on the device.
— Employee files from a market research company.
— Information about 50 children under six who were clients of a speech language pathologist.
— Information about employees at a medical genetics research company.
Work said organizations have to better protect people’s personal information.
“It’s irresponsible that an organization would allow this stuff out the door without ensuring it’s protected.”