Latest news with #KerryHatfield


CBC
3 days ago
- Politics
- CBC
N.L. privacy commissioner investigating government response to school cyberattack
The province's information and privacy commissioner is investigating a security breach that saw hackers steal the private information of nearly 300,000 current and former students and teachers in Newfoundland and Labrador. In a news release sent Friday afternoon, Privacy Commissioner Kerry Hatfield said part of that investigation will look at whether the Education Department has taken enough action in the wake of the PowerSchool attack to make sure it doesn't happen again. "Before launching this investigation I felt it was appropriate to give the department sufficient time to assess the impact of the breach, notify those who were impacted, and take steps to adjust its policies and practices," she said in the release. "It has now had ample opportunity to do so." The late-December cyberattack struck PowerSchool, the data management software used by the English, French and Indigenous school systems — along with other school districts across North America. According to the Education Department, on Dec. 28 hackers stole the information of approximately 271,000 students and 14,400 teachers across Newfoundland and Labrador's English, French, and Indigenous school systems. The stolen data includes contact information, date of birth, MCP numbers, medical alert information, custodial alert information, some social insurance numbers and other related information. Some of that data dates back to 1995. The department said about 75 per cent of the stolen student data belongs to people who are no longer in the K-12 system. The company offered two years of free identity and credit monitoring to any of the victims, and has since hired Experian and TransUnion to provide those services. "The purpose of my investigation is not only to assess whether the department has responded adequately to the breach, but also to ensure that measures taken by the department to prevent future occurrences of this nature are sufficient," said Hatfield. "People have a right to expect that when a public body collects their sensitive personal information that it will do so in accordance with the law."
Yahoo
4 days ago
- Politics
- Yahoo
N.L. privacy commissioner investigating government response to school cyberattack
The province's information and privacy commissioner is investigating a security breach that saw hackers steal the private information of nearly 300,000 current and former students and teachers in Newfoundland and Labrador. In a news release sent Friday afternoon, Privacy Commissioner Kerry Hatfield said part of that investigation will look at whether the Education Department has taken enough action in the wake of the PowerSchool attack to make sure it doesn't happen again. "Before launching this investigation I felt it was appropriate to give the department sufficient time to assess the impact of the breach, notify those who were impacted, and take steps to adjust its policies and practices," she said in the release. "It has now had ample opportunity to do so." The late-December cyberattack struck PowerSchool, the data management software used by the English, French and Indigenous school systems — along with other school districts across North America. According to the Education Department, on Dec. 28 hackers stole the information of approximately 271,000 students and 14,400 teachers across Newfoundland and Labrador's English, French, and Indigenous school systems. The stolen data includes contact information, date of birth, MCP numbers, medical alert information, custodial alert information, some social insurance numbers and other related information. Some of that data dates back to 1995. The department said about 75 per cent of the stolen student data belongs to people who are no longer in the K-12 system. The company offered two years of free identity and credit monitoring to any of the victims, and has since hired Experian and TransUnion to provide those services. "The purpose of my investigation is not only to assess whether the department has responded adequately to the breach, but also to ensure that measures taken by the department to prevent future occurrences of this nature are sufficient," said Hatfield. "People have a right to expect that when a public body collects their sensitive personal information that it will do so in accordance with the law." Download our free CBC News app to sign up for push alerts for CBC Newfoundland and Labrador. Click here to visit our landing page.


CBC
29-03-2025
- Business
- CBC
N.L.'s privacy commissioner urges people to delete data from 23andMe after bankruptcy declared
In the wake of a popular genetic testing company going bankrupt, Newfoundland and Labrador's privacy watchdog is urging people to take action to protect their genetic information — while they still can. Genetic testing company 23andMe has filed for bankruptcy in the U.S., raising questions about what will happen to the personal genetic information it has amassed. "They have a treasure trove of, I think, some 30 million people's genetic data, and that is deeply personal. But it's also potentially valuable genetic information of 30 million people," information and privacy commissioner Kerry Hatfield told CBC. That data could be financially attractive to third parties who might want to buy that information, she said, like an insurance company. No one knows who might buy the data that 23andMe has accumulated and how it could be used, Hatfield added. The San Francisco-based company was founded in 2006, with clients submitting saliva samples by mail, which would then be analyzed to produce charts of their background and lineage. On March 23, 23andMe filed for bankruptcy in U.S. federal court and announced on its website"orders and subscriptions will continue as normal, and any purchases or genetic testing kits sent in for processing will be handled without disruption." Not long before filling for bankruptcy, the company updated its privacy policy, announcing that if 23andMe did go into bankruptcy, then clients' information could be accessed or sold. In a follow-up statement, it said "any buyer of 23andMe will be required to agree to comply with our privacy policy and with all applicable law with respect to the treatment of customer data." Take action Hatfield is encouraging people to go onto the 23andMe website, log in, and delete their information and accounts. In addition, if someone has opted into allowing the company to keep their sample for research, they can also change that setting. "And just to be super safe, I'm actually saying for people to delete the entire account," she said. However, Hatfield said that means users will still be relying on the company honouring its privacy policies. "The laws have not always kept up to ensure these things get done," she said.