Consultation – federal Directive on Automated Decision Making

Life Labs investigation report, Ontario and BC

Privacy cases summarized – Osler, Hoskin & Harcourt

Ontario’s IPC has podcast on indigenous data prospectives

Canada’s privacy Commissioner investigates CRA

Ontario IPC issues digital charter for schools

Blog

Thieves Steal a Server From a Law Firm

June 14, 2023 - Ron Kruzeniski, Information and Privacy Commissioner

I became aware of a case in Alberta, where thieves stole a computer from a law firm. Law firms hold a lot of information about their clients. Some of the information can be personal information and some can be personal health information, and the rest is usually viewed as highly confidential. Law firms, like any other organization, needs to keep information as secure as possible. We don’t say, “if a breach occurs”, but say “when a breach occurs”. A law firm can do many things to reduce the risk of a breach but how do they protect against a break in and physical theft of their computers.

Well, it is difficult. Apart from the obvious, secure doors, an alarm system, and special security on the computer room door, it is hard to know what else they can do. There is one thing, they can consider storing all their client information in the cloud. That way, the information is not on site and not available to thieves. Of course, they, like any organization, needs to do due diligence to ensure that the cloud service provider has a security system that is equal to or better than the law firm has right now.

Advice for all organizations – protecting personal information is important and you need to think about your physical security at your office; and consider the pros and cons of storing that information in the cloud.

 

Categories: BlogTags: , , , ,

Back to Blog