Privacy breach reveals lack of ethical integrity

It was revealed this week that highly personal information about Sean Bruyea, an outspoken critic of veterans’ affairs in Canada, was included in a 2006 briefing note for a federal cabinet Minister (Psychiatric report of veterans critic inserted in minister’s briefing: documents, Toronto Star, September 21 2010). Apparently, the briefing note was seen by several senior bureaucrats. In addition, Mr. Bruyea’s file was accessed by hundreds of people, who shared Mr. Bruyea’s private information with hundreds more, including political staffers.

With few exceptions (relating mainly to legal compliance), Canada’s Privacy Act prohibits the use and disclosure of personal information without the consent of the individual to whom it relates, except for the purpose for which the information was originally obtained. In this case, the private information was originally collected to determine Mr. Bruyea’s eligibility under a disability program, but appears to have been used to undermine Mr. Bruyea’s credibility as a policy critic.

The mis-use and disclosure of Mr. Bruyea’s personal information is an appalling breach of privacy that should concern us for several reasons.

First, the use of Mr. Bruyea’s personal information in the context of developing strategies to counter his activity as a policy critic was inappropriate and, clearly, illegal. That bureaucrats and political staffers from any party would even contemplate such unethical activity erodes our collective exercise of democracy and free speech, not least by creating a climate of disrespect and fear.

Further, the fact that as many as 156 individuals accessed Mr. Bruyea’s file and subsequently exchanged his personal information, and that an additional 243 people received Mr. Bruyea’s personal information, shows that there are serious weaknesses in the ethical standards and processes of our government and political parties. The disclosure of Mr. Bruyea’s personal information only came to light when Mr. Bruyea himself reviewed government documents released in response to his request for information pursuant to the Privacy Act. We might therefore reasonably surmise that not one of the hundreds of individuals who saw Mr. Bruyea’s personal information blew the whistle on this breach. They either did not recognize the breach for what it was, or they did recognize it, and either failed to act or took action that failed to correct the breach. None of these scenarios is acceptable. There is a clear need to strengthen the training of government and political staffers in recognizing and reporting ethical breaches, and to strengthen whistle-blowing procedures to ensure reported breaches are acted upon (without fear of reprisal).

Prime Minister Harper committed in the House today to investigate the breach of Mr. Bruyea’s privacy. Let’s hope the investigation goes beyond a mere review of paperwork to consider the organizational cultural drivers behind this situation.

  1. If you’ve been following the alleged privacy breach at Canada’s Veterans’ Affairs department, you’ll want to read this article in the Hill-Times:
    http://www.hilltimes.com/page/view/ombud-09-27-2010

    In a nutshell, the Veterans Ombudsman Pat Stogran says his private medical files may also have been accessed and shared inappropriately. Incidentally, Stogran’s term as Ombudsman is not being renewed. It’s hard not to connect this with his recent criticism about controversial aspects of financial support for Canadian veterans, given this Conservative government’s pattern of removing dissenting opinion.

    • Celesa Horvath
    • October 7th, 2010

    The Privacy Commissioner has concluded that the breach of Sean Bruyea’s privacy rights was both inappropriate and unlawful, and recommends the Veterans Affairs department “immediately revise its protocols for handling personal information to ensure it is shared only on a need-to-know basis, and provide training to employees about appropriate personal information-handling practices.”

    Read more: http://www.cbc.ca/politics/story/2010/10/07/veteran-privacy-breach.html#ixzz11gci93Yq

    I venture to suggest the need for such strengthening of ethics protocols and training isn’t limited to Veterans Affairs!

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: