GNWT struggling to contact hundreds of people over privacy breach

A Google Streetview image of the Lahm Ridge Tower
A Google Streetview image of the Lahm Ridge Tower.

The GNWT says it went public about the theft of government hard drives in March partly because it doesn’t know how to reach hundreds of affected people.

Earlier this week, the territory said hard drives stolen from a Department of Education, Culture and Employment office on March 16 contained the personal information of around 3,000 NWT residents.

Those affected were people claiming income assistance between 2006 and 2014.

Information on the drives includes names, addresses, dates of birth, income assistance case reports and, in some instances, social insurance numbers and healthcare numbers.



The theft was announced on Tuesday. In a news release, the GNWT said affected people were receiving letters notifying them that their privacy had been breached.

Asked by Cabin Radio why the territorial government waited for a month to disclose the theft, a spokesperson said the delay occurred partly because of the effort needed to trace everyone.

“Wherever possible, direct notification is the preferred method to contact individuals affected by a privacy breach. Many hours were involved in creating a contact list and confirming mailing addresses,” ECE spokesperson Briony Grabke said by email.

“Once it was determined that the GNWT did not have contact information for approximately 400 individuals, the GNWT issued a public service announcement to reach those affected individuals in addition to those who received letters.”



If you think you may be affected, you are asked to contact ECE’s manager of income security programs

As soon as the March 16 break-in took place at Yellowknife’s Lahm Ridge Tower, the GNWT knew hard drives had been stolen and that people’s information was included, Grabke said.

But she said the territory did not immediately have “a full assessment of the extent of the information included or the extent of the breach,” such as what information was on the drives for each financial year.

“The department spent approximately 200 hours auditing client data to compile a final list of clients who may have been affected by March 28, at which point efforts focused on reaching out to affected individuals directly,” Grabke wrote.

The GNWT earlier said the theft was immediately reported to the RCMP and the NWT’s information and privacy commissioner, and an internal investigation is ongoing.