Top News

189 people’s privacy violated, including Valerie Penton’s


Fourth in a four-part series Part 1: No place to turn Part 2: Feeling abandoned Part 3: A pervasive problem In total, 189 people were affected by a privacy breach of the Motor Vehicle Registration Division’s database discovered in 2011.

Premier Paul Davis.

Valerie Penton was one of those people.

Penton has spoken at length with The Telegram about sexual harassment she experienced, and how she feared for her safety after her harasser breached her privacy and accessed her driver’s licence information, including her home address.

Related stories:

Editorial: Beyond teasing

Davis orders external review of harassment policies

She has provided The Telegram with more than 150 pages of documentation about her case, most of it obtained through access to information.

She felt that human resources representatives at Confederation Building didn’t take her situation seriously, and was worried that if she pursued criminal charges and her harasser’s family became aware of the situation, the man might retaliate.

As a direct result of the privacy breach and the workplace harassment, Penton chose to leave her job in the civil service and move to another province.

Premier Paul Davis has said he takes the issue of sexual harassment very seriously, and in response to earlier Telegram stories, he ordered an independent review of the province’s sexual harassment policies.

Davis was minister of Service NL at the time of the breach, so he was the politician responsible for the Motor Vehicle Registration Division’s database. He said he took the privacy breach seriously and addressed it.

“I took steps to ensure that access by employees to motor registration information was tightened up and locked down,” he said. “If you had access to certain parts of motor registration that you didn’t need, we removed that. We also started an audit process.”

According to Service NL director of communications Jason Card, it wasn’t until February 2014 — more than two years after the privacy breach was discovered — that the government started auditing the front-line Service NL workers who have access to the Motor Vehicle Registration Division’s database.

Card also revealed that Service NL is only now starting to audit other Service NL employees’ access to the driver’s licence information database, in response to a second privacy breach.

Earlier this year, the provincial government revealed that another, smaller privacy breach was discovered involving the driver’s licence database. At least 17 people’s privacy was breached, with another 11 files potentially affected.

The government employee responsible for that breach is no longer employed by the province.

In the 2011 case that affected Penton, despite breaching the privacy of 189 people, the man is still employed by the province.

The government has never publicly revealed the identities of either of the employees who committed the privacy breaches.

Service NL said 293 employees of the government have access to the Motor Vehicle Registration Division’s database, including employees in Service NL, Transportation and Works, Justice, Finance, Advanced Education and Skills, and Child, Youth and Family Services.

Service NL says each department with access to the driver’s licence database does its own audits separately, and each department uses different methodology.

According to Information and Privacy Commissioner Ed Ring, the best way to prevent government workers from snooping on private information is to publicly make it clear that there will be consequences for privacy breaches, and to put in place auditing systems that make employees feel that if they break the rules, they will get caught.

Unlike with personal health information, where the government can lay charges simply as a result of any unauthorized access to it, in the case of other government information covered by the Access to Information and Protection of Privacy Act, charges can only be laid if the person who breaches somebody’s privacy provides that information to a third party.

Deputy Premier Steve Kent, the minister responsible for access to information, said new legislation that will be debated this spring in the House of Assembly will strengthen the law.

“The definition will be much broader, which will allow charges to be laid in many more circumstances,” Kent said.

He said the government is committed to addressing privacy concerns.

“The onus is on government departments and agencies to take any kind of privacy breach extremely seriously, and there should absolutely be consequences from an HR perspective.”

 

jmcleod@thetelegram.com Twitter: TelegramJames

 

We want to hear your stories

Valerie Penton said she chose to speak publicly about her experience with sexual harassment in the public service, and coping with the repercussions of a privacy breach in the hope that other people would feel empowered to come forward and talk about these issues.

If you have been affected by sexual harassment in the workforce, or if you were the victim of any government privacy breach, The Telegram would like to hear from you. If you want to speak anonymously, we can respect that.

Contact reporter James McLeod at jmcleod@thetelegram.com, or by calling the newsroom at 364-2323.

Recent Stories