Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
British Columbia: OIPC publishes report of findings following investigation into PHSA Health Information System
The Office of the Information and Privacy Commissioner for British Columbia ('OIPC') published, on 15 December 2022, the report of findings, following the investigation that it had launched into the Provincial Health Services Authority ('PHSA') concerning some security and privacy vulnerabilities of the Provincial Public Health Information System ('the System'). In particular, the OIPC found several vulnerabilities in the System, including:
- a lack of proactive auditing for suspicious activity;
- no ongoing program for managing application vulnerabilities;
- no encryption of personal information within the database at rest; and
- no universal requirement for multi-factor authentication to access the System.
In light of the above, the OIPC recommended the PHSA to take seven actions, including that it:
- acquires, configures, and deploys a privacy-tailored proactive audit system;
- ensures a multi-factor authentication solution; and
- encrypts personal information within the database at rest.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
