The Privacy Commissioner of Canada

In another case, six computers were stolen from the CRA's Laval, Quebec tax services office. One of the computers was being used to test computer applications. It was password protected, and contained approximately two million records from four confidential databases. These databases contained personal information, but not tax return information. More than 120,000 affected individuals were advised of the security breach, and given tips on what to do to reduce the possibility of identity theft, such as: review and verify all bank account, credit card and other financial transaction statements; report any problems/delays with mail delivery to Canada Post; report to Human Resources and Skills Development Canada any suspicion about use of the social insurance number (SIN); and contact a credit reporting agency such as Equifax or Trans-Union, which are experienced in helping individuals in such matters.

Sixteen individuals later lodged formal complaints with our Office, alleging that the CRA had not adequately protected their information. The CRA indicated that as a result of a lapse in security procedures, the computer had not been stored in a secure room at the end of the day. Appropriate disciplinary action, consistent with CRA policies, was taken.

--------------------------------------------------------------------------------

Hundreds of computers were stolen from federal government offices last year, filched from such security-sensitive agencies as the RCMP, the Canadian Space Agency, Canada Customs and Revenue Agency, the Department of National Defence and the Privy Council, the operational arm of the cabinet.

Among the 25 other federal departments robbed of laptop computers, desktop computers and accessories were the Justice Department, Correctional Service Canada, the Immigration and Refugee Board and the Financial Transactions and Reports Analysis Centre, which fights money laundering.

All told, the stolen equipment was worth about $1.1-million. "But it's not the hardware that matters, it's the theft of information.

We've got a hole in the security fence," said Vancouver immigration lawyer Richard Kurland, who tallied the thefts through access-to-information requests and says he is astonished at what he found.

"The hard question is whether there's any notification requirement in the loss of the data. And if there is, is it all fragmented through several dozen government agencies? Or is there a central repository so someone can connect the dots?" The answers appear to be no.

"Each department records their own losses and reports them to the appropriate police department," said Pierre Teotonio of Public Works and Government Services Canada, which buys and manages federal government property. "But there's no central pool of information." When government information is compromised by theft, Mr. Teotonio said, a description of the material is reported to the Access to Information and Privacy Office. But he was unsure whether the office goes beyond compiling an inventory of all the losses.

Public Works took one of the biggest hits. The agency recorded 30 instances of laptop theft and two desktop computers were stolen, together with a projector worth $127,000 and three flat-screen television monitors worth roughly $1,000 apiece.

Mr. Kurland's discovery stemmed from a sweeping survey he conducts of the Public Accounts Office each year. This is the first time, however, he has pieced together the computer-theft data.

In the corporate sector, important computer data are almost always backed up with duplicate material, said Paul McLaughlin, editor of the forensic accounting firm Kroll Lindquist Avey's Report on Fraud newsletter.

He also speculated that some of the missing units might have been stolen before they were put to use.

Either way, he said, one relatively inexpensive way of cutting computer theft is to install tracking devices, akin to global positioning systems.

But Mr. Teotonio said he doubted whether government computers have such precautions built into them, though he said many of the items stolen last year have been recovered.

The issue has surfaced before, said Wesley Wark, a professor in the University of Toronto's history and international relations department who specializes in security issues. Whenever it does, he said, the afflicted agencies scramble to tighten anti-theft procedures.

The key question, Mr. Wark said, is the nature of the data in the missing computers. "Are we talking about computer theft from inside physically protected secure areas of the government, where there would be code words, passkeys, identification badges and the rest?" Some departments guard their data better than others, Mr. Wark added, with the Privy Council reputed to be the most diligent. But not last year, it appears. In six separate instances, computers were stolen from the Privy Council, thefts Mr. Wark termed "extraordinary." Privy Council spokesman Francois Jubinville said the agency's rigorous security precautions likely mean that the stolen computers contained no sensitive data.

In all, at least 330 computers were stolen. The complete figure, however, is larger because in some instances of theft the number of units was not specified.

The biggest collective loss appears to have been sustained by the Human Resources Department, which recorded almost 100 items stolen. Eighteen computers were taken from the Defence Department and 52 from Customs.

Among the other security-sensitive agencies from which equipment was stolen are the Auditor-General's office (one laptop), Foreign Affairs and International Trade (two notebook computers) and the Justice Department (a BlackBerry pager and a laptop). A $6,000 laptop was pilfered from the financial transactions centre, central in tackling organized crime. The RCMP were relieved of seven laptop and five desktop computers.

Other thefts occurred at the departments of Industry, Agriculture, Environment, Fisheries and Oceans, Health, Indian Affairs and Veterans Affairs. Computers were also stolen from Parks Canada, the National Film Board and the Chief Electoral Officer, which lost two.