ST. JOHN'S, N.L. — RNC Chief Joe Boland asserts the RNC is dedicated to protecting privacy and confidentiality.
“With our targeted internal communications and training, I am confident that the members of the RNC will continue to foster a culture of privacy protection and respect for all individuals within our organization,” Boland said in a prepared statement distributed to the media Thursday afternoon.
His comments were in response to a report issued earlier this week by the Office of the Information and Privacy Commissioner, which had investigated a privacy breach that happened at the RNC last year.
In July 2018, an RNC officer reported to senior management that another RNC officer had entered an unoccupied and unlocked manager’s office and retrieved a form that contained her personal information, including medical information. The information was shared with the manager and other employees.
The officer whose information was breached was told what happened weeks later by a co-worker.
The RNC conducted an internal investigation, during which an officer admitted she had accessed and disclosed the other female officer’s personal information contained on the form.
However, in December 2018, when no update had been provided to her by the RNC in several months, the officer whose information was breached filed a formal privacy complaint with the privacy commission.
In her report, commissioner Victoria Woodworth-Lynas said the RNC didn’t properly protect the officer’s private information.
The commissioner said that during its investigation the RNC “provided very general statements” when asked specific questions about how it dealt with the breach.
The report pointed to concerns about the time it took for the officer to find out about the breach.
The officer who breached the information was eventually charged with two counts of conduct unbecoming a police officer for reading and disclosing the private information of the complainant without consent and without the legal authority to do so. She pleaded guilty to two counts of conduct unbecoming a police officer, including failing to obey RNC regulations respecting policy and procedures.
In February 2019, Boland imposed a sanction — that the officer apologize to the officer whose privacy she breached.
However, Woodworth-Lynas said it took far too long for the RNC to send the breach notification to her office.
The breach was reported in July 2018, but the RNC did not send the breach notification form to the privacy commission until Jan. 10, 2019.
The commissioner also expressed concerns about the lack of security of the manager’s office, noting all offices, desks and cabinets should be locked.
She also recommended the RNC communicate what happened with all its employees.
The commissioner also recommended the RNC provide Access to Information and Protection of Privacy Act training to the officer’s specific division and that the RNC communicate to all employees the rules regarding the protection of and access to personal information.
In his prepared statement, Boland said he fully supports the recommendations.
“The RNC is an evolving police service, much like the legislation, policy and procedures by which we are guided,” he said.
“In light of the report provided by the Office of the Information and Privacy Commissioner, we are collectively dedicated to the protection of privacy and confidentiality.”
Boland said the RNC will continue to educate employees on their role in privacy and security, as well as respecting and protecting the personal information of colleagues and members of the public.
Twitter: TelyRosie
