The Privacy Commissioner of Canada has long been a visible and vocal champion of privacy and related issues for Canadians. I remember being impressed when the office embraced the technologies they were charged with keeping a watchful eye on. Aside from the office’s website, they maintained a blog (last updated September 20, 2013), a Twitter stream and occasionally posted videos to a YouTube channel (last updated March 27, 2013).
Among other things, the office uses its website to announce investigations into privacy concerns with government departments (Health Canada, HRSDC) and private sector businesses (Bell Canada, Facebook, Google). After all, the Internet is where more and more Canadians are going to get their information; particularly the connected Canadians who are often more sensitive to these issues.
A news report published to the Ottawa Citizen on April 24 suggests the Privacy Commissioner’s office itself may have suffered “an embarrassing loss of sensitive information of approximately 800 current and former federal employees.” Strangely, there is no indication about an investigation into the breach on the Commissioner’s website. The last update to their Twitter stream was made April 15.
A CBC article on the same issue notes that office staff are concerned about the impact of the breach on the office’s reputation. In my view, the absence of an official statement on the site and general online silence is far more damaging to a reputation. The Commissioner and her office need to be in front of the story.