The New Democrats have written to Information and Privacy Commissioner Ron Kruzeniski asking for him to investigate a possible breach of information.
The NDP claim in their Saturday letter to Kruzeniski that members of the public have received emails from the provincial government containing the name of the Hunting, Angling and Trapping License number of a different person.
“That’s really why we’ve asked the Privacy Commissioner to investigate it, because it appears to be a serious breach. We don’t really have enough information to know for sure,” said NDP Environment Critic Erika Ritchie. “What it appears to have done is assign an angling license holder’s, information to another subscriber. And so information on their past activity in the system.”
Last week, Kruzeniski issued a report suggesting that more than 500,000 files with personal information may have been exposed in a ransomware attack on Saskatchewan’s eHealth system. The attack took place a year ago and could be the largest in provincial history.
“What we’re asking them to do is investigate the breach of privacy to understand its, its origin. Also, we’ve raised concerns is this systemic issue,” asked Ritchie? “We’ve seen a number of these breaches and various other government agencies and want to know if there’s a systemic problem that that we’re facing here with these breaches.”
An American based third-party company administers the licensing system. The NDP are asking Kruzeniski to examine that company’s role in the privacy breech.
A Ministry of Environment spokesperson said that on Jan. 7, Aspira, the third-party agency responsible for managing the province’s H-A-L system, sent an email to approximately 33,000 people regarding Hunter Harvest surveys.
The email was sent individually and may not have matched the person who the email was intended for.
The Ministry said the error was human caused by Aspira and that the system was not hacked or breeched in anyway.
As well to access the account, verification and a password are needed.
The Ministry reported the incident to the Information and Privacy Commissioner on January 8.