Security issues discovered following audit of Vital Statistics Agency

By | September 9, 2020

WINNIPEG — Manitoba’s Vital Statistics Agency needs to do more to keep the information it holds safe, according to a new report from the province’s auditor general.

The report, released Wednesday, said the agency’s management had several issues when it came to ensuring information remained accurate and protected.

The Vital Statistics Agency holds nearly four million records going as far back as 1882. The records in the agency include registrations of births, deaths, adoptions, and name changes.

“Because of the nature of this information, we felt that protecting this information from unauthorized access, and ensuring that the information is complete and accurate is critical,” said Auditor General Tyson Shtykalo.

“We wanted to determine whether the agency was properly managing the security and privacy risks associated with this type of information, and what it was doing to properly manage the integrity of information.”

The audit covered the time period between March 2015 and March 2017. The Office of the Auditor General began the investigation in late 2017.

According to the audit, it found the agency did not regularly review staff access rights to its registry software, or use secure mail for delivering certificates and registration forms.

It also discovered weak physical security controls within the agency’s office, such as inadequate separation between work and public areas.

“One of the things that is on our radar is the protection and security of sensitive information,” Shtykalo said.

The final report included a total of 19 recommendations. The recommendations include monitoring the activity of staff who hold access rights, restrict access to the agency work area to only authorized staff, use secure mail to deliver certificates and forms, and disable all shared accounts.

The report will be referred to the Public Accounts Committee who will review it, Shtykalo said.

View original article here Source