Rogue One? Employee the victim after HR function fail

The HR function at two large government agencies are in the spotlight after failures of policy and procedure led to private data illegally being shared

The HR functions at two large government agencies are in the spotlight after failures of policy and procedure led to private data illegally being shared.
 
The Canadian Security Intelligence Service was recently found to have sourced data illegally from the Canada Revenue Agency via a ‘rogue’ CRA employee.
 
Though the CSIS had no warrant, the CRA employee supplied an as yet undefined batch of private taxpayer data, which was housed for a time on a CSIS database.
 
The Globe and Mail reports the employee is no longer with the CRA, though the agency is not disclosing whether the person was fired or left voluntarily.
 
The incident raises questions over the HR and compliance functions at both the CSIS and the CRA, which seem to have bigger problems than just one employee.
 
A recent report from the intelligence watchdog, the Security Intelligence Review Committee, found spy and revenue agencies have repeatedly breached the rules.
 
The CSIS assured the committee that management had issued a “stern reminder” to all its employees of the need for a warrant to collect any taxpayer data.
 
The CSIS also defended its management and staff training programs, with CSIS spokeswoman Tahera Mufti saying it had “robust policies and procedures, clearly defining our roles and responsibilities”. “We continue to actively educate and train our staff on the latest updates on our policies,” she said.
 
Mufti told The Globe and Mail she could not confirm or deny if any “internal disciplinary measures might have been taken” against any of its own staff.
 
The CRA has indicated that it is not sure what private data was actually passed on to the CSIS, as the data had since been deleted. The CSIS would not reveal what data it had sourced from the CRA, and has confirmed the data deletion.
 
The CRA’s Code of Integrity and Professional Conduct, which applies to employees, states that “integrity is at the very core of the CRA”, and that it “shapes and connects everything we do”.
 
“We safeguard taxpayer information and privacy, public funds, programs, data, and systems and make sound and responsible, integrity-based decisions. We value stewardship,” the code of conduct states.
 
The federal privacy commissioner is currently investigating the incident. “What we can tell you at this time is that we were aware of this issue and we have been examining it,” spokeswoman Valerie Lawton told The Globe and Mail.