N.S. private info vulnerable: auditor general

Nova Scotia's auditor general says the security software protecting the private information collected by the provincial government islax and open to manipulation by hackers.

Jacques Lapointe released his annual report Wednesday. He's concerned about the safety of informationthat appears in government registries of businesses, joint stock companies and land and property.

"The danger is of someone getting into these systems," he said. "They can change the information. They cancorrupt it. They can simplydisclose it."

Lapointe looked at the way information was collected and stored from September 2008 to September 2009 and found a number of holes in government security:

• The auditor general's staff was able to crack the password of four employee accounts.
• Onlynine of 36 operating systems, or one-quarter, had the software patches required to maintain firewalls.
• Fifteen of 20 employees being terminated maintained access to important registry information days after they left.

Lapointe did not uncover any specific breaches in security but said there had been two alleged cases of fraud by government employees in recent years.

"It's evident that controls have to be strengthened to prevent those in the future," he said.

Security breaches could result in identity theft, endanger property ownership or disrupt business operations.

The audit recommends tightening procedures to block former employees and outside contractors from accessing government computers.Lapointe says Service Nova Scotia and Municipal Relations Department has accepted most of them.

Lapointe said he found good controls in placein thedepartment's vital statistics division.

Community Services lacks complaints policy: report

In a different section of the report, Lapointe said the Department of Community Services must do more to improve services to people with disabilities using some of its programs.

Lapointe said that though the department has been working on a plan for almost eight years, his audit found no clear policies or procedures for dealing with complaints from individuals seeking appropriate housing or other services.

"If complaints are received, they need to be acted upon," he said."And what we found, frankly [were] poor, almost nonexistent policiesfor how to deal with these complaints, and we found that there wasnothing much in the files to indicatehow these complaints were dealt with. Were they resolved or not? That's a big concern of ours."

Lapointe made 29 recommendationsto improve services for the 3,500 disabled individuals registered with Community Services.The departmentsays it has already addressed many of the findings and is continuing to work on the others.