An in-house report released Wednesday on the use of spyware at the District of Saanich admits senior staff failed to consider privacy concerns, but stops short of blaming any individual staff member for its improper use.
The report, completed by interim CAO Andy Laidlaw, used findings from Brian Simmons, a contracted labour relations consultant, to answer questions put forward by Saanich council about the use of Spector 360, an employee monitoring tool.
The software was covertly installed on the computer of Mayor Richard Atwell and on 12 other workstations at the District on Dec. 2, 2014 and was disabled on Jan. 21 after B.C.’s privacy commissioner launched an investigation into its use.
Simmons concluded that there was no evidence to “support a claim that Atwell’s computer was targeted” by the employee monitoring software, and said he found “no evidence that would single out any particular individual in this matter, rather it was a corporate decision.
“Finding no evidence of malfeasance, I find no cause to terminate or discipline any employee,” Simmons wrote in his June 20 report.
Privacy Commissioner Elizabeth Denham released a scathing report into the District’s improper use of Spector 360 on March 30, in which she said senior staff failed to consider privacy standards before approving its use. Denham also found senior staff failed to notify Atwell about the software’s installation on his computer, and noted “the District’s submissions to my office demonstrate a deep lack of understanding about the most basic tenets of the (Freedom of Information and Protection of Privacy) Act, such as what constitutes the collection of personal information.”
Denham also concluded that Director of Corporate Services, Laura Ciarniello, gave the express approval to install the spyware.
In a statement, Laidlaw said his report is intended to bring closure to the spyware scandal for both council and staff.
“Decisions were made by the senior management in the best interests of protecting Saanich’s information and technology system,” Laidlaw said.
“The implementation lacked a review through the lens of (the Freedom of Information and Protection of Privacy Act) because the software was being viewed purely as an additional security installation.”
Laidlaw agreed that Denham was right when she called out the municipality for failing to complete a “privacy impact assessment,” which should have led senior staff to reconsider Spector 360’s invasive functions like keystroke logging and screenshot recordings.
“In my opinion, there was a systemic disconnect within the organization on the issue of personal privacy,” Laidlaw said.
“I recognize that Council has a need for accountability, however, it would be simplistic and inaccurate to point to some decision or event.”
The internal report also reveals five IT staff resigned and one retired between December 2014 and May 2015.
More to come.