EDITORIAL NOTE: TPR withheld publishing this article until the personal information was removed from the City website.
Hamilton’s Acting City Clerk published the home addresses, personal emails, and phone numbers of 36 delegates speaking at Tuesday’s Council budget hearing.
TPR emailed the City Clerk on the evening of January 15, notifying them of the privacy beach.
The City Clerk responded, stating there was no privacy breach and that TPR was incorrect in making the complaint.
The City Clerk is the City’s chief privacy officer.
Hamilton Mayor Andrea Horwath’s Office learned the City Clerk had dismissed the complaint, and quickly directed the City Clerk to address the breach.
Only then was the private information removed from the City website.
The Breach and How It Occurred
People wishing to delegate to City Council must use a web form to submit their request. The form requires them to provide personal information.
The web form generates an email to the Office of the City Clerk.
Instead of removing personal information, the Office of the City Clerk improperly used a ‘black highlight’ over the text of delegates’ home addresses, personal emails, and phone numbers.
Anyone who downloads the agenda can copy and paste the underlying private information.
Professional PDF software programs offer redaction features that remove text and replace it with black bars. The City does not use this software.
Hamilton is the only large municipality in Ontario that does not follow privacy by design practices.
Latest Privacy Breach by the City Clerk
This is the latest privacy breach by the Office of the City Clerk.
During the 2022 municipal election, the City Clerk breached the privacy of hundreds of voters who registered for advance voting.
On October 13, 2022, the City Clerk sent a mass email to advance voters after mailing advance ballots too late for the voters to return before voting day. The email addresses of the voters was revealed in the “to” line of the email. The email addresses of many people who requested mail ballots were identifiable, adding to the privacy breach.
Following the election privacy breach, the City issued an unsigned statement of regret.
The City’s auditor briefly reviewed the incident and concluded, “While the privacy breach is regrettable … ultimately, how people were voting was not exposed in this privacy breach.”
“That being said, there is room from a process improvement perspective to better manage
privacy risks in the future,” the City auditor wrote.
The City did not implement improvements.
City Will Self-Investigate Their Latest Privacy Breach
The City auditor will review the latest breach.
The City Clerk is not apologizing for the latest breach.
The Municipal Freedom of Information and Protection of Privacy Act requires the City of Hamilton to notify the 36 individuals.
Production Details v. 1.0.0 Published: January 16, 2024 Last edited: January 17, 2024 Author: Joey Coleman Edit Record v. 1.0.0 original version v. 1.0.1 correction of sub-heading typo. Thank you to commenter for noting the error.
Should read “City Will Self-Investigate Their Latest Privacy Breach” instead of “City Will Self-Investigation Their Latest Privacy Breach” in the last header
Thank you