Government departments in the Yukon do not have privacy management policies in place, says the territory’s information and privacy commission.

Diane McLeod-McKay said this morning she is encouraging the departments to develop and implement such policies but they do not exist currently.

The exception is a policy implemented by the Yukon Workers’ Compensation Health and Safety Board.

McLeod-McKay spoke with the Star this morning following Thursday’s release of a 40-page report from the B.C. privacy commissioner regarding computer files lost by the B.C. Ministry of Education.

They contain information about 8,000 former Yukon high school students.

McLeod-McKay said it’s her understand the Yukon files contain records of academic performance, such as exam marks and grades.

But they also contain names, addresses, birth dates and personal education numbers, she pointed.

McLeod-McKay said the information contained in the files would provide a solid head start for thieves wanting to steal identity.

“I am not wanting to make people afraid,” she said. “I am letting people know this information is out there.”

McLeod-McKay said she’s also concerned the Yukon Department of Education has not yet received a list of the students whose information is missing so they can each be notified directly.

Student information from the Yukon is shared with B.C. because the territory uses the B.C. curriculum.

McLeod-McKay said the information belongs to the Yukon Department of Education. It is the responsibility of the department to make sure the information is secure and protected, she said.

As part of her work with the department, McLeod-McKay will be examining what arrangements the Yukon had with B.C. to ensure information is protected, she said.

The B.C. Ministry of Education learned of the breach last July when it was conducting an internal information audit.

It notified the Yukon in mid-September, the same day it went public with information about the breach which involves a portable hard drive with information about 3.4 million students. The hard drive has not been found.

In her investigation report, the B.C. privacy commissioner said the breach occurred because employees with the Education ministry did not follow privacy policies and procedures – even though they knew of the policies.

The B.C. commissioner’s office said there is no indication information on the files has been used in any nefarious way. (See separate story.)

McLeod-McKay said while she’s been in discussion with the Yukon’s Education department about the breach, she’s not intimate with the details because she does not have the authority to conduct her own investigation unless she receives a complaint.

She has not received a complaint.

Since arriving in the position2 1/2 years ago, McLeod-McKay has been stressing the need for government departments to develop privacy management programs.

The government did implement a general policy last October directing departments to develop such programs, she pointed out.

McLeod-McKay said in her experience investigating privacy breaches in Alberta, it does not take a lot of information to provide identity thieves with a enough information to go fishing for more information.

The names, addresses, birth dates and personal education numbers would certainly provide thieves with ample information to go fishing for more, she said.

McLeod-McKay said while she doesn’t want to alarm the former students, she wants them to be aware so they can be on the lookout for any unusual activity, perhaps with their bank accounts.

The investigation by B.C. privacy commissioner Elizabeth Denham also notes the concern over the ongoing delay of notifying students whose information is on the hard drive.

As one of her nine recommendations, Denham says notification of individuals affected by privacy breaches must be made without delay, “even in cases where there is not compelling urgency for immediate notification.”