COVID-19 Update

The provincial government has announced the Winnipeg Metro Region is in the Critical level (red) on the #RestartMB Pandemic Response System. In response to the announcement, effective Monday November 2, our office will be closed to the public, and staff members will work remotely. You can reach us by email (contact@oag.mb.ca) or by phone (204.945.3790). Further updates will be posted as information becomes available. Thank you for your understanding and patience.

September 9, 2020 Government Operations

WINNIPEG – Manitoba’s Vital Statistics Agency needs to do more to manage the security, privacy and integrity of the vital events information it holds, says Auditor General Tyson Shtykalo. The findings are contained in the report, Vital Statistics Agency, released today.

“The Vital Statistics Agency holds a significant amount of personal and sensitive information about Manitobans that must be properly protected and used effectively and efficiently,” Shtykalo said. ”Failing to do so increases the risk that vital statistics information could be compromised, or is not complete and accurate.”

The Vital Statistics Agency (the Agency) holds nearly four million records of vital events going back as far as 1882. Vital events include registrations of births, deaths, adoptions, name changes, and changes of sex designation.

Security and privacy risks

The audit found information security controls need to be improved. The Auditor General noted, for example, that the Agency did not regularly review staff access rights to its registry software.  “If this isn’t done, there’s a greater risk that invalid or fictitious information is entered into the registry, resulting in incorrect or false certificates being issued,” Shtykalo said.

The report noted the Agency did not always use secure mail for delivering certificates and registration forms. “As a result, vital events certificates and registration information may be lost or delivered to the wrong person, which could lead to privacy breaches, identity theft or fraud,” Shtykalo said.

The audit also found weak physical security controls within the Agency’s office — including inadequate separation between work and public areas.

Integrity of vital events information

The Auditor General found several issues with event registrars. Registrars include staff designated by hospitals and funeral homes to certify births and deaths, and forward vital events information to the Agency for processing.

The audit notes:

  • The Agency did not maintain a complete list of event registrars, or validate their identity.
  • The Agency did not train event registrars on how to prepare, forward or maintain the privacy and security of vital events information.

“These issues create a greater risk that mistakes will be made registering vital events information, and increase the chance of delays and privacy breaches,” Shtykalo said.

The report contains 19 recommendations. Sensitive security findings were presented to management separately. To view the public report, please visit http://www.oag.mb.ca/reports.

ABOUT THE AUDITOR GENERAL OF MANITOBA

The Auditor General is an officer of the Legislative Assembly mandated to provide independent assurance and advice to Members of the Legislative Assembly. Through its audits, the Office of the Auditor General seeks to identify opportunities to strengthen government operations and enhance performance management and reporting. For more information visit http://www.oag.mb.ca./

For more information contact: 
Frank Landry, Communications Manager
204.792.9145
frank. landry@oag.mb.ca

Share this news release on social media

Facebook Twitter LinkedIn

What we are working on

At any given time, we have several project audits in progress. You can find brief descriptions of these on-going audits here.

Learn More

We want to hear from you

We encourage Manitobans to provide us with information related to one of our on-going project audits, or to potential audits. This information may help our audit teams identify concerns and potentially influence what an audit will examine.

Learn More