August 2, 2016 by Canadian Underwriter
Saskatchewan Government Insurance (SGI) has notified customers of a privacy breach by an employee at an independent motor licence issuing office in Vonda, Sask.
SGI, Saskatchewan’s self-sustaining auto insurance fund, said in a press release on Friday that their investigation found that an employee at the office “looked up customer information without a business reason” and, as a result, “this individual’s access to SGI’s computer systems has been permanently terminated.”
The investigation concluded that the individual was “snooping,” that the searches were random and SGI does not believe that there has been, or will be, any harm to any customers as a result of this breach. “We also believe that no information was disclosed to another party or used maliciously,” SGI said in the release. The information accessed was photo, email address, date of birth, customer number, customer name, mailing address, height and eye colour, SGI said, adding that no medical information or driver records were accessed.
Anyone with access to SGI’s computer system must complete privacy training every two years and sign privacy and confidentiality agreements. The agreements acknowledge that all users and SGI understand the need to keep customer information safe and share a commitment to doing so.
SGI pointed out that it has zero tolerance for accesses to customer information without a business reason, and individuals who do so have their access to SGI systems terminated. There are many procedures, checks and audits in place to reduce the risk of unauthorized access to customer information, and the insurer said it is taking the following steps to further strengthen protections:
Customers affected by this breach will be contacted and Saskatchewan’s Office of the Information and Privacy Commissioner has been made aware of the situation, SGI said.