The Coast Halifax
Close

Nova Scotia FOIPOP website somewhat back online

Freedom of Information web portal partially returns, five months after the province discovered an obvious and massive security flaw.

Jacob Boon Sep 5, 2018 15:49 PM
VIA NOVA SCOTIA
A familiar site by now for the province's journalists.

Five months after being taken offline to address some basic security flaws, the province has finally brought back its Freedom of Information and Protection of Privacy web portal—albeit in a limited format.

The new-and-improved FOIPOP site provides previously completed Freedom of Information requests (used by the public, politicians, academics and journalists to access public data not routinely released by the government). But it doesn’t at this time accept any electronic submissions for filing a new FOIPOP request. That option will be rolled out later this fall, according to the province.

“Only publicly released access to information requests are available on the site,” reads a short press release announcing the relaunch. “The site does not host any personal information and is not connected to the case management ”


The site relaunched Wednesday, over 150 days after it was accidentally discovered that several thousand confidential documents had been downloaded without authorization.

Files on the site, often containing unredacted personal information, could be accessed by the general public simply by sequentially altering the numbers at the end of the HTML web address.

Over 7,000 documents were found to have been inappropriately downloaded because of the security flaw, a few hundred of which contained “highly sensitive” personal information.

A squadron of 15 Halifax Regional Police officers would end up arresting a 19-year-old for accessing the documents. Three weeks later and after international ridicule, the police announced via press release they would not be charging the teen.

Service provider Unisys—the company that maintains the FOIPOP site—had its contract with the province renewed over the summer, but only for a single year and with the restriction that Unisys will no longer be in charge of the public disclosure portion of the site.

Meanwhile, two separate investigations into the government's handling of the breach—headed up by the Office of the Information and Privacy Commissioner and auditor general Michael Pickup, respectively—are both still ongoing. 

Related Stories