OTTAWA 鈥 The company administering the federal government's $900-million settlement deal with Armed Forces members and veterans who experienced sexual misconduct while in uniform has inadvertently released private information about dozens of claimants.
Epiq Class Action Services sa国际传媒 confirmed the privacy breach on Wednesday, after a veteran said she had received an email last week containing letters intended for more than 40 other people.
Retired master corporal Amy Green said she was shocked when she discovered she had been sent names, email addresses and claim numbers, which she said is enough information to access certain parts of a claimant鈥檚 file.
鈥淚f I wanted to, I could just log in and upload anything to their file because I have their email address and their claimant ID,鈥 said Green, who left the military in 2014 and now lives in London, Ont. 鈥淪o I could tamper with anything.鈥
The Federal Court appointed Epiq to administer the settlement process after the government reached an agreement in November 2019 with plaintiffs in three overlapping class-action lawsuits dealing with sexual misconduct in the military.
In response to a request for comment, Epiq spokeswoman Angela Hoidas said 鈥渓imited information鈥 about fewer than 100 of the 20,000 people who have applied for compensation were sent to another claimant.
鈥淓piq鈥檚 investigation found that the inadvertent disclosure was caused by human error,鈥 Hoidas said in an email. 鈥淲e promptly implemented new procedures to ensure this does not happen again and have taken the appropriate disciplinary action.鈥
She went on to say that all those whose personal information was disclosed have been contacted, and that the company 鈥渇ully understands the importance of protecting personal information and sincerely regrets this error.鈥
Hoidas added in a subsequent email that "there is no way for a claimant to log in and access their private file." She said a claimant's name and randomly generated ID number can be used to submit a document through a secure link on the class-action website. That document would then be reviewed by Epiq.
"There is no ability to externally access any uploaded files or any claimant information whatsoever," Hoidas said.
Green nonetheless expressed concern about the mistake, particularly given the nature of the claims and settlement deal. She also said that despite the company鈥檚 assurances, she continues to harbour questions and concerns about the scope of the breach.
鈥淚s this a one-off and am I the only one who received it?鈥 Green asked. 鈥淚t should never have happened. Even one is too many.鈥
She added she doesn鈥檛 know what to do with the email. However, while some people have suggested she seek legal counsel, she said she will likely delete it once she is sure what Epiq says about the limited scope of the privacy breach is true.
鈥淚 don鈥檛 want it, I don鈥檛 even want to look at it,鈥 she said. 鈥淚t makes me uncomfortable to have it.鈥
Toronto lawyer Jonathan Ptak, who represented some of the plaintiffs involved in the lawsuits, said Wednesday that Epiq had only just notified counsel about the privacy breach involving some members of the settlement agreement.
鈥淧rivacy is of the utmost importance and this issue is being fully investigated,鈥 he said in an email. 鈥淲e have been advised that urgent steps are being taken by the administrator to prevent any further disclosure and to ensure that this does not occur again.鈥
Veterans Affairs sa国际传媒 referred questions to the Department of National Defence, which did not immediately respond to requests for comment.
This report by The Canadian Press was first published Feb. 9, 2022.
Lee Berthiaume, The Canadian Press