NDP Leader Jim Dinn (St. John’s Centre) says government has to get serious about how the data of Newfoundlanders and Labradorians is collected, used, and stored. Following the 2021 healthcare system breach, and now with information emerging from the 2024 PowerSchool breach, government must strengthen regulations and oversight for companies entrusted with sensitive personal information.
NL Privacy Commissioner Kerry Hatfield’s report on the breach outlines weaknesses not only in the third-party contract with PowerSchool, but also highlights the lack of oversight into how third-party companies use and store our data. Dinn says government needs to stop dragging its feet on safeguards around data protection, AI, and oversight, and introduce legislation to change this culture before more Newfoundlanders and Labradorians are put at risk.
“Our government needs to come to terms with the world we are living in and just how much technology and data influence our lives,” said Dinn. “We cannot continue this culture of allowing the data of Newfoundlanders and Labradorians to be put at risk because government has failed to take the necessary action to ensure that safety.”
“If any government department is signing a contract with a third-party company, we must ensure those agreements strengthen protections for people’s data, not put them in greater jeopardy. To learn there was an ‘always on’ feature in the PowerSchool contract that allowed continual remote access to sensitive data is deeply concerning and should have been addressed before the contract was signed. We need to be far more aware and proactive in how data is handled and protected. If that means hiring more people to provide proper oversight and accountability, then that is what government needs to do.”
Dinn adds that this issue extends far beyond just PowerSchool, and government must respond in a more serious and far-reaching way, especially given the number of contracts government departments hold with third-party companies that have access to sensitive information.
“People in this province know all too well the consequences of data breaches, especially after the 2021 healthcare breach,” said Dinn. “This is bigger than just PowerSchool – this is about government proactively protecting our data and maintaining the public’s trust that their personal information is safe. We cannot simply rely on companies to police themselves. Government needs to step up and take responsibility.”