PEOPLESOFT BREACH

Nine Months After my Employment Ends, I am Informed that my Manager Duties Still Exist

Not only did my profile in PeopleSoft still exist, but it also gave me access to everything I had access to before I left my employment

Nine Months After I left my employment, I still had full management rights in PeopleSoft

Including some employees I never supervised, like Maurice Power, Thomas Hall, and Tracy Ormiston.

and I had access to everyone’s timesheet...

Yep, including information about overtime, sick days, upcoming vacations, and acting pay.

and leave balances!

Ok, I'll admit that just knowing someone's vacation balances doesn't really warrant much shock and awe . . .

But I also had access to sick leave balances!

This looks like health information...usually treated as worthy of greater protection under privacy legislation.

FAILURE TO RECOGNIZE THE BREACH

Recognize the Breach

In circumstances where a delegation of my former management duties was required, somehow no one involved could recognize the possibility that the continuation of my former management rights was problematic.

Contain Your Data

Without recognizing that a breach has occurred, it's almost impossible to effectively contain the data.

Secure Your Data

Again, if you can't recognize that a breach has occurred, it is unlikely that anyone would take steps to recover data. Note, however, that in this case, I have had occasion to inform the Government of the Northwest Territories of the information in my possession—and no one requested that I return, destroy, or delete the information.

Notify Those Involved

Yep, again, this step requires some kind of awareness of the breach. Another fail here for the Government of the Northwest Territories.

Fix the Problem

As mentioned previously, an organization who cannot recognize a breach is very unlikely to fix it.

I notified the Government of the Northwest Territories, and no one did anything!

A complaint to the Information and Privacy Commissioner (IPC) might be the way to go!

IPC COMPLAINT

This website is for educational purposes only


Recognize>Contain>Secure>Notify>Fix