Tuesday, March 25, 2014

Student Loan information now unsecure


Well this is certainly going to make all of us feel very secure about the privacy of the extensive personal information required to apply for our student loans.. 


Long story short; the government supposedly takes care to protect “sensitive data of more than 583,000 student loan recipients”. However, a hard drive recently went missing that contained this data, and the device was unsecured, unencrypted, and not guarded by so much as a password. The hard drive has been missing for two months. 

Oh, and that personal information that is a thief now has causal and unlimited access to? That would be our full names, date of birth, home address, telephone numbers, loan amounts and balances, and Social Insurance numbers. The article neglects to mention that one of the features of both OLSAS and OUAC loan administrators is that if I completely forget my password to either of these, I can call in to these services, give them my birth date, postal code, and SIN, and I then have complete tele-control over the administration of that account. Keep in mind, the same is usually true of your general bank accounts if you call the customer service number on the back of your debit/credit card. I know this because I’ve used these feature frequently, and was mildly concerned about how easy it would be for an individual to simply gather this information and use my student loan as they saw fit. This nightmare has now become reality. 

All that being said, the Employment and Social Development Canada representative did concede that this loss was “completely unacceptable”, and provided several suggestions for better protection in the future. But as interim commissioner Chantal Bernier states in her report, “protecting personal information cannot be ensured by having policies on paper. Policies must be put into practice each and every day and monitored regularly”. 

The problem here is that there were policies already in place to protect against this very kind of issue. However, these policies went unfollowed, and the information was remained carelessly unprotected. Canadians whose information has now been compromised were never alerted to this massive breach of information. Meanwhile, no remedy or reparative course of action has been suggested aside from reiterating the policies which should have prevented this occurrence in the first place. 

I am clearly deeply upset about this development. I think you all should be too. 

1 comment:

  1. I would just like to point out that my personal information was potentially among this breached information. I know this because a year or so ago I received notification of the potential breach. Therefore, I don’t think the issue was not notifying, but rather whether policy was followed to prevent the loss of the information and the timeliness of the response to the loss.

    ReplyDelete

Note: Only a member of this blog may post a comment.