The Office of the Privacy Commissioner is being firm that the province did break privacy laws during its response to the 2021 cyber attack.
Commissioner’s Delegate Sean Murray released details of the long-awaited report yesterday.
It notes that there were some details about the attack that were not disclosed at the first reasonable opportunity despite being required by law.
When asked if government broke any laws, Murray’s blunt response was “yes,” noting that the requirement is enshrined in legislation.
As an example, he says a “great deal of time” passed between government knowing that it was a ransomware attack and informing the public of that fact. He says they asked government what the delay was and never got an explanation.
As for possible repercussions for breaking said laws, Murray says there are offence provisions in the statutes, but under the circumstances they are not appropriate in this case.
Minister of Justice and Public Safety John Hogan
Meanwhile, Justice Minister John Hogan says he hasn’t had a chance to give the report a thorough read yet, but notes that he is generally pleased with the findings, citing the praise in the report for the work government has done in the aftermath of the attack.
When asked about government breaking any privacy laws, Hogan says that the health authorities have obligations to disclose in that situation, saying “it’s their data.”
He says there was tremendous stress and strain on the health care system at the time, and the overall conclusion of the report is that reasonable steps were taken to deal with the attack.
