The RCMP are looking into how a hard drive containing the personal information of 583,000 student loan borrowers, including social insurance numbers, went missing from a Gatineau, Que., office in November last year.

Human Resources and Skill Development announced Friday that the external hard drive contained the private details of borrowers from 2000 to 2006.

Staff at the Quebec office noticed the hard drive missing on Nov. 5. Information on the hard drive, used as a back-up storage option, contained student names, dates of birth, social insurance numbers, addresses and student loan balances from borrowers across the country.

No banking or medical information was on the device, which included the personal contact information of 250 department employees.

Quebec, Nunavut and Northwest Territories’ borrowers were unaffected.

It wasn’t until Dec. 6 that department staff found out what was on the hard drive, and the privacy commissioner was told on Dec. 14.

Adam Awad, chair of the Canadian Federation of Students, said this type of record loss was bound to happen.

Second in size only to the Canadian Pension Plan with respect to the money involved in a government program, Awad said the lost records are, “a side effect of this enormous system we’ve created.”

Officials with the RCMP said Friday they have been asked to review the incident and determine if an investigation is needed. The investigative unit in Ottawa is handling the referral.

Based on the evaluation of information, police may launch an investigation.

In a statement Friday, Minister Diane Finley said she was disappointed and called it an “unacceptable and avoidable” incident in handling Canadians’ personal information.

“As a result, I have directed that departmental officials take a number of immediate actions to ensure that such an unnecessary situation does not happen again,” she said.

An official with the minister’s office said the hard drive was an unencrypted device, which is against department protocol. When asked why the device — likely purchased and approved by higher-ups in the department — was used, communications director Alyson Queen couldn’t say.

A department spokesperson said in an email response that it was determined during an initial investigation that “tracking of devices connected to the network, were inadequate.”

The Friday announcement seemed strategic. With issues like Idle No More dominating the news cycle, lawyer and political consultant Warren Kinsella called it a “Friday news dump” — a way to cushion the media coverage of a government mistake.

“Taking out the trash on a Friday rarely ever works,” Kinsella said in an email. “If anything, Friday news dumps now get more attention than any other part of the week. The more you try and hide it, the more you get noticed.”

This is the second time in as many months human resources department staff has lost personal information of Canadians. In late 2012, the department informed the Office of the Privacy Commissioner of a lost, unencrypted USB key that contained information on more than 5,000 residents.

“Neither were encrypted and neither were approved,” Queen said. “The protocol wasn’t followed and additional gaps are being closed in terms of the security policies at the department.”

Loading... Loading... Loading... Loading... Loading... Loading...

The department is sending letters to all individuals affected to let them know of the incident and what they can do to help protect their personal information.

Finley said new policies have been put in place so government staff is more diligent at protecting personal information. Portable hard drives are no longer allowed and unapproved USB keys are not to be connected to government networks.

Staff will also be required to take mandatory training on how to handle sensitive information properly and new technology will be used to control or prevent the transfer of such information.