A year ago, B.C. government staffers were unsuccessfully searching boxes in a Victoria-area warehouse, trying to find a missing backup hard drive containing 3.4 million education ministry student files.
Now the province is grappling with the next generation of data security, trying to keep track of 12,000 mobile phones and tablet computers that also may contain sensitive government or citizen information.
After data privacy breaches involving medical and other records, and a controversy over “triple deleting” staff emails that may be subject to freedom of information searches, the province’s Chief Information Officer launched a mobile device security program in June.
By the end of 2016 it will cover all 12,000 mobile devices used by the B.C. government, Betty Jo Hughes said in response to a report on data management released Tuesday by B.C. Auditor General Carol Bellringer.
“Existing controls include password protection, device encryption, ability to remotely wipe a device that is lost or stolen, and the ability to automatically lock a device that is inactive for a period of time,” Hughes wrote in response to the auditor’s report.
Bellringer found gaps in the government policy, including a lack of central monitoring and logging of mobile device activity.
“And, even though government provides security guidance to its employees when they’re issued a mobile device, it’s left to employees to actually apply some of the settings,” Bellringer said. “As a result, appropriate security settings are not always in place.”