Skip to content
Join our Newsletter
  1. Home
  2. News
  3. Economy, Law & Politics

B.C. government IT controls still too lax: AG

The B.C. government’s protection of public and private information is still inadequate, despite being told to fix information technology (IT) security problems every year for the last five years, says B.C.’s auditor general.
Nelson Bennett
Nelson Bennett
gv_20120711_biv0109_120719974
John Doyle, Vancouver Coastal Health Authority, B.C. government IT controls still too lax: AG

The B.C. government’s protection of public and private information is still inadequate, despite being told to fix information technology (IT) security problems every year for the last five years, says B.C.’s auditor general.

“Despite being advised of control issues with IT year after year, IT deficiencies accounted for 30% of the audit issues communicated to the public-sector entities for fiscal years ending in 2011,” auditor general John Doyle concludes in his new report, The Status of IT Controls in British Columbia’s Public Sector: an analysis of audit findings.

The B.C. government relies more and more on IT to gather information and provide services, the report states. Audits of government operations continue to find a general laxity in security and the protection of information.

“We found that 55% of IT-related management letter issues identified problems pertaining to inadequate information security management,” the report states.

Security gaps were found in the following areas:

  • account management (ensuring only appropriate users accessed sensitive material) was poor;
  • strong passwords and periodic changes of passwords were not enforced; and
  • separation of duties within IT operations to safeguard against illegal acts or fraud was inadequate.

Last year, B.C.'s Information and Privacy Commissioner launched an investigation when government medical records were found on an unsecured laptop.

The personal information of 450 patients of the Vancouver Coastal Health Authority were contained on the laptop, which had been left in a Toronto airport.

The AG’s new report sets a precedent in that IT issues are normally dealt with in a general audit of public accounts. These problems have become so pronounced, however, the AG is now conducting audits specific to IT security issues, and plans to continue to issue separate reports annually on IT concerns.

“We will also be tracking government’s progress on addressing IT risks, and continue to audit, and report publicly on, the various forms of IT government has adopted,” the report concludes.

[email protected]           

@nbennett_biv