Skip to content

The Case Of The Lacking Computer systems: Classes Realized From Well being Canada – IT and Web

To print this text, all you want is to be registered or login on

An audit of Well being Canada’s info know-how (“ITEM“) methods (the “Audit“) discovered an extended listing of issues, together with, amongst others, inadequate or inefficient monitoring of IT property, lack of correct upkeep of IT {hardware} property, outdated IT {hardware} property decommissioning processes, and total insufficient governance and assist for planning and engagement for IT asset administration.1 This bulletin goals on the classes corporations can study from the Audit and highlights the significance of getting and implementing a strong inside IT and cybersecurity program.

The Audit and Its Findings

The Audit included the examination and evaluation of methods, information, personnel, and bodily properties associated to IT property of Well being Canada and the Public Well being Company of Canada (collectively, the “Division“) as much as June 2019. Though the Audit was accomplished in 2019, it was not made public till June 2022. The Audit was not the primary audit of the Division’s IT property; an preliminary 2009 audit discovered a number of points, and a subsequent 2013 audit discovered that enhancements had been inadequate and the administration of the relevant IT property had not been adequately improved.These earlier audits led to an overhaul of the Division’s IT associated protocols in 2017, which the Audit was meant to judge.

Materials findings from the Audit embrace the next:

  • Inadequate documentation and monitoring of IT {hardware} property, with sure IT {hardware} property not tracked in any respect. Finally, the auditors couldn’t verify the existence and placement of roughly 74% of the IT {hardware} property or a complete of 35,000 gadgets;
  • Inadequate and error-prone monitoring of software program property, the place the acquisition orders for 51% of the software program property examined couldn’t be situated;
  • Lack of course of to make sure the administration of low greenback worth IT property resembling USB sticks, servers, laptops, tablets, computer systems, and displays;
  • Inadequate controls for the upkeep of IT {hardware} property; and
  • Lack of adherence to the Division’s necessities and course of for decommissioning IT property and lack of oversight of the stated course of.

Dangers for Firms

Poor IT stock administration and an absence of sturdy IT and cybersecurity program can result in large dangers to each private and non-private organizations, together with the next.

  • lack of information: Poor IT asset monitoring and administration reduces organizations’ means to precisely account for, keep, and correctly safeguard their IT property, which may result in the lack of each confidential info of the organizations and private info within the organizations’ custody. This will result in each monetary and authorized liabilities to the organizations.
  • Breach of contractual obligations: Many agreements, whether or not associated to IT property, have necessities to correctly safeguard confidential info and private info. As quickly as such info is uncovered to poorly managed IT property, it’s susceptible to theft and/or misuse, which can result in substantial legal responsibility to organizations. Additional, using software program is ruled by software program licenses. The absence of applicable monitoring of using software program property can result in breach of software program licenses and mental property infringement claims.
  • privateness complaints: Below Canadian privateness legal guidelines, people can complain to the relevant privateness commissioners about organizations for his or her mishandling of non-public info, failure to supply entry to private info, or failure to right errors in private info. Poorly managed IT property reduces organizations’ means to deal with private info in accordance with relevant privateness legal guidelines and will increase the chance {that a} grievance is filed in opposition to the organizations.
  • Breach of privateness legal guidelines: Below non-public sector privateness legal guidelines, companies are liable for private info of their custody. Below public sector privateness legal guidelines, these obligations are additionally owed by service suppliers to public entities. Failing to correctly safeguard private info on account of poorly managed IT property could quantity to a breach of those obligations, which can result in fame loss in addition to monetary and authorized liabilities.

In sum, failing to correctly observe, keep, handle, and get rid of IT property, whether or not laptops, cell gadgets, servers, or USB drives (amongst others), will increase the chance that a corporation shall be in breach of any relevant agreements tied to these property, and any information residing on such property can’t be appropriately monitored, maintained, or safeguarded.


Correct administration of IT property is a important element of a strong IT and cybersecurity program. All companies ought to be sure that their IT and cybersecurity insurance policies and procedures lengthen to IT asset administration, and deal with the dangers of not correctly monitoring and safeguarding any system containing private, confidential or proprietary info. This may increasingly embrace IT stock monitoring methods, common audits of IT property, and insurance policies and/or procedures for managing the lifecycle of IT property.

You probably have any questions on any IT and cybersecurity associated insurance policies, practices or procedures, or Canadian privateness legal guidelines extra typically, a member of our Privateness & Information Safety Group can be comfortable to help you.


1. Well being Canada, Audit of Data Know-how Asset Administration (2022 June), on-line: Authorities of Canada.

The foregoing supplies solely an outline and doesn’t represent authorized recommendation. Readers are cautioned in opposition to making any choices primarily based on this materials alone. Slightly, particular authorized recommendation ought to be obtained.

© McMillan LLP 2021

POPULAR ARTICLES ON: Media, Telecoms, IT, Leisure from Canada

Possession Of Athlete Biometric Information In Canadian Sports activities

Borden Ladner Gervais LLP

Biometric information derived from wearable know-how (wearables) has not solely develop into a necessary device in athlete coaching and harm prevention, but in addition a extremely sought-after and profitable commodity…

Profitable 5G Implementation

Gowling WLG

5G underpins lots of the applied sciences that may drive enterprise digitalisation, facilitating communication between an enormous vary of gadgets and the wi-fi switch of knowledge produced…

Social Media Use And The Office

Lindsay Kenney LLP

Social media use has develop into a each day exercise for a big portion of the inhabitants. Fb, Twitter, Instagram, Reddit and different boards are generally used for private and enterprise functions.


Leave a Reply

Your email address will not be published.