Is the dust-up about the release of personal information in the rearview mirror now that the file is off the Internet blog site?
Unfortunately, “No.”
As far as I know:
• CRA has yet to report this incident to the authorities.
• CRA has not informed the five people directly affected that their information was out on the Internet.
• CRA has not offered the five people identity theft protection. I think they need to offer to pay any costs for people to secure their bank accounts; including paying for the printing of checks for these folks; especially if they had to open new accounts as a precaution.
• CRA has yet to secure and transfer the membership records from those responsible for the release of information so this won’t happen again.
• CRA also may have a problem because they did not already have a policy in place in case of an unauthorized disclosure of personal financial information.
This is the minimum that CRA should do. Most of the above are statutory requirements.
Also, CRA has not informed their membership (including the Board) about this breach.
This incident is far from over. I fully expect some legal repercussions for those involved but what form that will take only time will tell.