250 News - Your News, Your Views, Now

October 28, 2017 2:25 am

Another Data Breach? This Time in PG? – Update

Tuesday, September 22, 2015 @ 4:32 PM

Prince George, B.C. – Further privacy concerns following this morning’s bombshell announcement the provincial government lost a hard drive containing the personal information of 3.4 million students.

Glen Thielmann, a high school teacher at D.P. Todd Secondary School in Prince George, said “after a secure login” he was provided “access to a data set that I’m not supposed to see according to FOIPPA.”

He added “I ended up with a 64 page report that should not have been accessible. Our staff informed the ministry, and the issue was resolved within a few hours.”

Thielmann said the “access” follows new software School District 57  is using  which is called  MyEDBC.

He sent out this message on Twitter this afternoon:

“#MyEdBC breaks #bced & #foippa rules. Today, landed on screen w/ all my school’s past/present students: bdays, Med & SpEd & AbEd notes, etc.”

Thielman also voiced his frustration in the comments section of 250 News.

“Our principals and support staff should not (have) to work overtime to mitigate design flaws in the software – not just security, but performance flaws,” he said.

“The BCED procurement process for a new data management system was supposed to ensure a high standard for function and privacy. So far I’m not impressed.”

250 News is waiting to hear back from Prince George School District 57 superintendent Brian Pepper for a response on this matter.


Bombshell? That’s bs. The government didn’t lose anything. An employee screwed up and the BCGEU told the ministry to pound rocks. And this loyal BCTF member? His employment contract states he is notify SD57 or his principal about stuff like this.

Not a breach, but, after a secure login, access to a data set that I’m not supposed to see according to FOIPPA. While looking for options to make a class list of my students, I ended up with a 64 page report that should not have been accessible. Our staff informed the ministry, and the issue was resolved within a few hours. Our principals and support staff should not to work overtime to mitigate design flaws in the software – not just security, but performance flaws. The BCED procurement process for a new data management system was supposed to ensure a high standard for function and privacy. So far I’m not impressed – this software is not meeting those requirements, hence my tweet at lunch today.

This teacher is a cynical opportunist – his real or perceived problem with his place of work and the tools made available to him in the execution of his work are privileged. Not top secret, not muzzled, not ‘controlled by the government’, just professionally privileged. His piling on to a legitimate news story and a legitimate privacy concern is pure vanity social media. Disgusting.

Good on you thielmann. Sounds just like the welfare system that has gone through major outages. Supposedly that system is built for store inventories, but used for vulnerable people. Go Crusty!

“…the provincial government lost a hard drive containing the personal information of 3.4 million students.”

Lost a hard drive??? Aren’t they getting the big bucks at the top to make sure that things like this do not happen?

How can a hard drive be lost? Did somebody remove it from a computer and misplace it? Did they lose the whole desktop or laptop computer?

If that happened in private industry heads would roll.

Cynical opportunist, VOR? That’s a new one for me. It was one tweet on my lunch break… not a piling on. I had not even read about the hard drive thing when I was contacted by the media. I did not use the word breech, in fact I said the opposite – it was a secure login that ended up with access to data that should not be broadly accessible (even by employees). After noticing the problem I referred it to district staff who referred it to ministry staff who then fixed the problem — that part, at least, works as it should. And yes, as a professional privilege I expect that if I am required to use software on daily basis then it should meet basic standards for performance and privacy. I also am defensive about the time and energy our office staff and school administration have spent on a variety of headaches associated with this data system. They have enough to do without this, just like teachers have enough to do without dealing with glitchy software.

errrrr….. *breach* not breech.

Since when do employees, public servants or otherwise, use social media and interviews with local conventional media to voice a thinly veiled grievance publically with their employer? In what employment universe would that possibly be acceptable? If you were an entry-level grunt it could be dismissed as bad judgment. As an established teacher, who claims to be a ‘professional’ it’s an embarrassment on your part. You don’t publically air petty grievances with the quality of the lathe at the Lakeland Mills maintenance shop and not expect to be called on it. If you have a problem with the lathe, you talk to your supervisor and management. If you have a problem with your software at work, you talk to your supervisor and management. Anything else is shameless political opportunism and grandstanding. You know who probably took the hard drive Glen? – a shameless political opportunist. Makes for great copy, doesn’t it?

Never mind this bunch of goofs thielmann, most are minimum wage earning, union haters.

Yes, informed management, who are equally frustrated with the provincial “lathe” and also yes, used social media because this provincial software is political and an added layer to the work that happens in the classroom. As a professional with 20 years in, I know the difference between respect for my local employer (who has nothing to do with the quality of the software) and offering critique (solicited or not) to the government of the day, as we all should do when we think it matters. SD57 and its staff have worked to make the transition to the new software as painless as possible. They have respected the union’s request about use of teacher time for training, and have been creative, collaborative, and responsible in the way they have staged implementation. I am not embarrassed to stand by them as they face the same frustrations with a software system that they have to use not for minutes per day (as we teachers do), but for hours per day, made longer with hangups and glitches. Now, if you really want to get into petty grievances, there is lots to talk about — the effects of underfunding are not hard to find — texts, resources, technology, support teachers, librarians….

Poor judgment to talk to the press.
Maybe after 20 years if you find your job so difficult it is time for a career change.

VOR the management at Lakeland most likely would have no idea what a lathe looks like. Very poor example you used destroying your credibility.

Card carrying NDP teacher blames the government for his coworkers mistake… classic.

Before you read any further, I must confess that I know Mr. Thielmann, I teach, and I get to use the same program as he does on a daily basis.

MyEdBC is new software that was to replace BCeSIS, the under-performing, over priced (well over $100 million invested into it), antiquated out of the box software that the Ministry of Education expected all schools and districts across the province to use. It was slow, user-unfriendly, had a horrible user interface, often crashed, and was a drain on educational budgets across the province. In a word, it sucked. MyEdBC was supposed to fix all of that.

The Ministry has been very concerned about access to student data since the initial use of BCeSIS and, with the adoption of the new platform, required ALL users to acknowledge that they received training and instruction regarding the FOIPOP legislation and would use the software accordingly. In the educational field, teachers have been disciplined for FOIPOP violations such as posting student marks on a piece of paper on the wall of a classroom even when students are not identified by name. Teachers have also been in violation of FOIPOP regulations by leaving their computer unattended with any student information on it while they went to assist a student. It is, technically, a FOIPOP violation to discuss a student with another teacher who is not currently teaching that student. The list continues…when the Ministry or the government commit a FOIPOP breach, it is typically passed off as an ‘Ooops, we won’t do that again.’

Teachers are not supposed to have access to the type of information that Mr. Thielmann was able to access. Period. This is quite a serious breach of FOIPOP and Ministry regulations, but not on the part of Mr. Thielmann. He was using Ministry provided software and that software allowed him to access information that it shouldn’t have. As a teacher and an educational advocate, Mr. Thielmann did two things: he notified his administration and they then notified the appropriate people; and, as an advocate for public education, he, as many, many others have done with this new software, let his frustration and bewilderment be known.

There are other educational software systems out there that are already proven, or were in developmental stages, that not only outperformed the new MyEdBC software, but were less costly and easier to maintain. The Ministry chose to go with a system that is maintained by the same company that was in charge of the design and implementation of BCeSIS, which is a curious way to make change.

Of course, as usual, the pundits here have all the knowledge and all the answers.

VOR, I’ll repeat — this went to IT and management first, so they could deal with it and pass it on to the Ministry. The Ministry addressed the problem, perhaps on the double due to the media pressure. It does not make my job any more or less difficult because the system picked by the gov’t didn’t comply with FOIPPA or because it robs my school’s office staff of their time, it is simply a matter that it has problems that deserve to be noted publicly. The procurement of MyEdBC was a very public process, frought with politics, misdeeds, and concerns about “big data” – this was well documented in the press. I have no issue with joining a public story and relating what I know — you are all doing so right now on this forum and we should expect any less.

My employment needs have almost nothing to do with the lousy software — I use it for classlists and attendance, maybe 15 minutes a week. My employment needs are largely met on my own; teachers have a large degree of independence and the best of them (in my opinion) skin their own cats. We also benefit from interdependence and collaboration, something that is well supported in our district despite the various directives and conflicting agendas that come down from above. I love my job, I’m good at it, I really enjoy working with students to build skills, thinking, work ethic, and I’m very happy when my children end up with a teacher who takes their profession seriously enough to engage publicly about the issues in our educational system.

I think you’re doing the right thing by being involved in that same discourse, even if I don’t agree with you or follow your reductive generalizations. You obviously are not a fan of folks who exhibit entitlement or take their secure jobs for granted. Neither am I. I’m lucky to do what I do and I wouldn’t trade it for another career or any of the jobs I had before teaching.

Mr. Thielmann. I’ll repeat. Why did you feel compelled to go to the media to openly embarrass your employer at a time when another issue of privacy violation was being made to the public? A person would have to be a complete idiot to not see the connection.
Why in the world do teachers think they’re the only employees in this province with challenging tasks ahead of them, occasional ethical dilemmas, frustrating software interfaces, stress, financial challenges at home etc., etc.?
I would never air some half-baked complaint against my employer publically, and anonymously, on a well-viewed local weblog. Why? Not because I’m scared to. Because I’d be ashamed to.
You think the people writing the code for the new MyEdBC software are operatives of the Premier, or out to undermine your job and precious union? They’re people that work for a living and make mistakes, including software deployment bumps.

How much C#, HTML, Perl, Clojure or Maple coding have you laid down at DP Todd in the last 20 years Glen? Is there some way that people could embarrass you and your job for not knowing what any of those things are? ‘Quick – get me CBC on Line 1’

Its simple VOR – they have a problem with the price of the software. If that money had been given to the teachers they would be happy with whatever software they were using.
Well, happi-ER

The province could have given them $20k more each in ‘salary’ a year, maybe another week or two off in the summer and a box of Crayolas between every two of them and they’d be thrilled with their new software.
‘Excellent user interface – very compatible with modern learning objectives’.

As I mentioned, VOR, I didn’t go to the media, I made a tweet, and the calls started coming in. The hard drive story was news to me at that point.

My employer is SD57, who are the recipients, not the architects, of this data system that was made by a third-party contractor for the gov’t and is managed by the same folks who brought us BCeSIS. Making mistakes is fine, but the big ones need to be dealt with in the YEARS of development and not after deployment. Basic design criteria like user experience and plan for performance checks — again, we expect some bumps during wave 1 & 2 but not failure to deliver critical/required features in Sept 2015 when the last of the districts have come online. Read the CBC story on L.V. Rogers Secondary if you think the concerns are half-baked. Incidentally, that article is filled with comments from other teachers who did what I did — raised their concerns with the software publicaly.

Nothing anonymous — my name is attached to everything I post online. I follow the rules of fidelity to my employer (I’ve been quite clear about that above) and I follow the principles of active citizenship when it comes to public policy and advocacy.

I’d love to learn more about code, all I’ve done is html. I’d heard of the rest except for Clojure… had to google that. If I have time I’d like to learn how to make apps with students. I think it would be cool to build one that is meant to interact with the town of Barkerville – something between a scavenger hunt and a “going deeper” feature that interacts with placed QR codes.

I worked a business that tried to development a data system. Who makes this? Their is no common sense. Nerds with no idea of applications build this stuff. They still have jobs however. Kinda like teachers.

Its interesting that the righties on this site blame the teacher for drawing attention to an egregious breach of privacy. They don’t comment on the the breach at all, just lambast the person who was unfortunate enough to be the recipient of information from flawed software, almost as if they think he wrote the defective code himself. Even naming some coding languages as if it were relevant. Regardless of the language used, the software cost enough that it should work properly, and it is the responsibility of the Ministry of Education to ensure that it does. It is not the teacher’s job to do that. That is a senior management responsibility, not a union responsibility. He fulfilled his responsibilities as a teacher by drawing attention to it in a manner which ensures it is taken care of rather than just hidden away with a pretense that there is no problem, as usually happens with this kind of stuff.

Several people have commented that complaints should not go outside the employer. That may be largely true for private employers, but in this case the employer is the public and circumstances in which the public have a legitimate interest in being informed are therefore broader. Even in the case of a private employer, if public safety or some other public interest is affected, going public is often necessary and appropriate.

As for blaming the programmer, I don’t think anyone is doing that. Programmers are human and make mistakes, but problems such as this often result from defective specifications and system design, not the errors of individual programmers. In any case, any large project such as this where privacy is a concern should have an audit process that detects such problems. There should have been people assigned to try to access information to which they are not supposed to have access.

Comments for this article are closed.