Editor:
Everyone who used LifeLabs in B.C. before Dec. 17, 2019 has potentially just been robbed. The personal data Lifelabs hold belongs to you, the customer. Lifelabs is the custodian who we rely on to keep your data safe and secure and private. Clearly, they have failed to live up to their responsibility. The recent data breach which was withheld from the public for six weeks, had a variety of data including highly sensitive lab results, is no longer secure and private.
Data is a company asset and as such has a real dollar value. For example, could your bank or your insurance company operate without your data? No, they need it for products or services they provide. This data asset is very valuable and I needs to be protected. It’s not clear if Lifelabs understood the value of your customer data. The Lifelabs CEO didn’t even know if the customer data was encrypted.
Cybercrime magazine states that about 52 percent of Canadians have been hacked over the past year. Hackers can use your data to apply for items such as fake bank cards or send you emails to trick you into sharing more sensitive information because they have collected pieces of data such as your name and address and the last four numbers of your current credit card or your health card information.
In the case of Lifelabs, the data is so sensitive that the hackers could demand almost any amount as ransom. The company had to pay a ransom to stay in business. But should Lifelabs stay in business? Do you trust them as custodians of your sensitive data?
It is true many companies get hacked but it is also true many companies don’t. Companies that don’t get hacked usually have a significant investment in IT professionals, secure hardware and software. They spend money to keep their customer data secure by regular security updates to their systems, networks and firewalls. In today’s world, this is the cost of doing business and if a company doesn’t invest in data security they shouldn’t hold your customer data. But there is another aspect that needs improvement: our data security laws. Canada has weak laws for this type of crime and when a company is hacked and exposes customer data they typically get a slap on the wrist and shrug and say “I’m sorry.”
This needs to change quickly at both the provincial and federal level. Significant fines need to be put in place for data breach violations. Only then will companies take data security seriously. The laws covering the actual hackers need to be bolstered as well, including extradition.
Health Minister Adrian Dix said the breach is “of vital concern”. That’s a good start but has he said he will introduce serious legislation for future breaches? Has he said he will have his own Ministry IT staff investigate LifeLabs systems and do a security audit? Has he said LifeLabs has violated its written contract with the provincial government and may not be doing business with the Province in the future? Has he said how much of a financial fine is in the contract with Lifelabs regarding a data security violation?
Keith Munro
