The City of Brantford notified a series of individuals who were impacted by a privacy breach involving data submitted to the City’s internal intranet site on Tuesday, January 11.
Unfortunately, the breach occurred due to incorrect access permissions and configuration settings within the City’s internal intranet platform. The City of Brantford understands the importance of protecting the information that we retain and takes the responsibility of maintaining residents’ and staff private information very seriously.
The personal information that may have been potentially viewed by other staff who should not have had access to the data included job application records, name and address information related to an employee fundraising initiative, employee vaccination status forms and COVID-19 screening forms that staff are required to complete in advance of entering the workplace.
This incident did not impact any data collected through any of the City’s public facing websites including brantford.ca and at no time was anyone outside of the City’s internal staff network able to access the City’s intranet site. In other words, the public at large does not have access to the City’s intranet site at any time.
Upon discovering the incident, the City’s Information Technology staff immediately took steps to further secure the intranet site which included a comprehensive review of access permissions and implementing new processes and controls to ensure personal information collected is further protected.
The letters sent to those whose information may have been breached describe the incident specific to the data they submitted, the groups of individuals potentially involved, measures the City has taken, and some steps that individuals involved may consider taking in response if required.
The City has also notified the Information and Privacy Commissioner (IPC) of this breach and as of the date of this communication, no reply has been received.