EDMONTON

U of A reports privacy breach after info for Camp fYrefly participants downloaded by former staffer

Julia Parrish Web Reporter, CTV Edmonton

Published Thursday, April 19, 2018 2:33PM MDT Last Updated Thursday, April 19, 2018 2:34PM MDT

A person typing on their keyboard is seen in this file photo.

Text:

Officials at the University of Alberta said an internal investigation had revealed a former employee for Camp fYrefly had violated the university’s policy.

On Thursday, the university said a former employee with the Institute for Sexual Minority Studies and Services had downloaded and shared personal details of Camp fYrefly participants, volunteers, leaders and facilitators.

The university said the employee had access to electronic files containing information about the camp. Before and after the end of the individual’s employment with the organization in March, 2018, the employee downloaded files, which included personal information for about 700 people, onto a personal device.

The investigation also revealed the same employee had shared four Camp fYrefly documents containing personal details for about 200 people with individuals of a youth advisory group in February, 2018. Logs showed two individuals accessed those documents.

“While the advisory group had a role to play in planning Camp fYrefly, the personal information of camp participants should not have been shared with this group,” Steven Dew, provost and vice-president academic, said in a statement. “We believe that the information was shared in error.”

The U of A said it’s believed camp participants whose information may have been compromised include:

Adult volunteers between 2015 and 2017
Campers between 2014 and 2017
Facilitators between 2014 and 2017
Youth leaders between 2015 and 2018

In the online application for Camp fYrefly, applicants are asked to provide the following information: legal name and name currently being used, birthdate, contact information, gender identification, sexual orientation, medical conditions and medications taken, EpiPen and emergency inhaler needs, accessibility needs, identification as Indigenous, dietary restrictions, t-shirt size, contact information in case of an emergency and previous participation in Camp fYrefly.

The university said the incidents were reported to the Office of the Information and Privacy Commissioner of Alberta, and directly notified the individuals. Details of the breach were released to the public in an attempt to notify others the university couldn’t directly reach.

Minors and guardians were not contacted directly, the university said, due to heightened risks associated with direct notification.

Meanwhile, the university said it sought a court order, ordering the return and deletion of files the former employee had in their possession. The former employee is cooperating, the university said.

As a result, officials said they believe the breach has been contained.

A phone number – 780-492-4400 – has been set up to answer questions and provide support to those whose information may have been compromised. The line is staffed between 8:30 a.m. and 5 p.m. Monday to Friday.

Anyone who has not heard from the university directly, who believes they may have been impacted, is asked to call the phone number or send an email for more information.