In this day and age, thefts of computer equipment – including hard drives – are not uncommon. Breaches of private information – whether through such thefts, or online hacking, are also an unfortunate fact of modern life.
The common protocol practised by banks, employers, retailers, government agencies and other organizations that deal with the general public is to take a proactive stance as soon as the breach is discovered. A straightforward statement is the greatest antidote to fear and confusion, and can also dispel unnecessary alarm in cases where the risk of compromised information is minimal.
Unfortunately, this was not the approach taken by the City of White Rock following a March 7 theft of four hard drives from White Rock Community Centre.
It took until May 22 for the city to issue a news release to warn the public that there was a possibility that information on those who had financial transactions with the city might have been compromised by the robbery.
And, even more curious, the action only came at the recommendation of the Office of the Privacy Commissioner.
Following investigation by the RCMP and the privacy commissioner, it was determined that the missing hard drives did not pose a huge threat. According to the city’s information technology manager, the drives taken were only part of a larger data-holding network, and none of them held complete, accessible information.
But even if the risk to residents and staff – whose information was on the hard drives – was considered minimal, it is hardly comforting to learn the city was not prepared to be proactive as soon as the breach was discovered.
That it took more than two months for an alert to reach the public is a matter of concern, particularly in a city that has acknowledged it has had communication problems in recent months.
White Rock residents, and those who do business with the city, deserved to know about this far sooner.
Perhaps the city should consider its residents not so much ‘taxpayers’ as ‘investors’. While, as in any corporation, a board has been elected to represent those investors and act on their behalf, it behooves the board to report in a timely fashion to those who, ultimately, fund their operations.