Independent investigation report on BC's privacy debacle

This story was published more than 13 years ago.

The privacy debacle that attended the launch of British Columbia's first venture into online gambling last year was again under the spotlight this week following the release of the results of an independent investigation into the affair by the B.C. Information and Privacy Commissioner Elizabeth Denham. And although the enquiry found that the BC Lottery Corporation did not take adequate steps to protect the privacy of players, this has been fully addressed since, the report shows

BCLC's PlayNow site went live on July 15 but was shut down within hours after suffering a security glitch. The operator later acknowledged PlayNow suffered 134 "data crossovers" which allowed customers to see the personal details of other players, such as bank and credit card information.

Denham said in a statement this week that she has concluded BCLC properly identified the cause of the breach and had taken steps to prevent it happening again.

"However, a second, broader investigation identified a number of security gaps when the PlayNow.com online casino platform was launched, the cumulative effect of which resulted in inadequate protection of customers' personal information," the statement revealed.

"The investigation identified inadequate user access controls and malicious code controls, unencrypted data transmission and gaps in BCLC's privacy management framework."

These security weaknesses were a particular concern, said Denham, given the types of people often attracted to online gambling.

"The inherent nature and high profile of online gaming websites expose customer personal information to increased risk," she wrote. "Gambling attracts the attention of organised crime and these individuals or groups have the means and the inclination to test the security of online gaming platforms."

Denham's report made a number of recommendations to BCLC on how to address the privacy concerns, including creating a schedule for when customers' personal information should be destroyed. These have been accepted and implemented by the Corporation.

Source: InfoPowa News