More than 100 Palliser School Division staff had their personal medical information exposed in an e-mail breach, according to multiple sources..The school division, named after explorer John Palliser, was created in 1995 and serves about 8,400 students in a number of community and faith-based schools in Calgary and across southern Alberta..According to a teacher who has asked to remain anonymous for fear of reprisal from their employer, an e-mail was sent out on Friday at 2:32 p.m. advising staff of an update to COVID-19 testing procedures..“I looked at the e-mail and normally it says ‘Palliser staff’ but this time every name was visible,” the teacher told the Western Standard indicating there were 104 names and e-mail addresses listed..The teacher estimated there are about 500 teachers and 200 administrators in the Palliser division..“So, this e-mail was sent to all staff who are part of their Administrative Procedure (AP) group, who are basically all the staff members who are unvaccinated, and they forgot to blind-cc it,” the teacher confirmed..The unidentified teacher is part of two Telegram messaging groups for teachers and indicated they started to “blow up” after the e-mail was sent..“Everyone was angry. I mean, this was the reason we were all so scared to share our personal medical information. There was even some senior admin listed in the e-mail,” said the teacher..“And what seemed really sketchy is that when some of us teachers tried to respond to the e-mail to point out what happened, all our e-mails bounced back stating the address was blocked.”.Less than 20 minutes later, the teacher said the exact same e-mail came through, only this time all the recipients were not visible..“It just really felt deceptive, like they were trying to somehow hide what they had done,” said the teacher..According to the teacher, one person in the Telegram group said they felt the breach was a good thing because now the unvaccinated staff can, “band together and send encouraging messages to each other.”.“But when that person tried to e-mail everyone, they received 104 undeliverable e-mail notifications,” explained the teacher..“They blocked us from communicating with each other while they were running around behind the scenes like a chicken with its head cut off, which made me even more angry.”.The teacher said many others confirmed through the Telegram groups they had tried to call Palliser’s HR department in Lethbridge but were told the HR department was unavailable..“This just feels like a real breach of trust and it’s something we were afraid would happen,” said the teacher..“This is the exact reason why people were so adamant they didn’t want to have to share their personal medical information from the start.”.“It’s not about the HR person that made the mistake, it’s a bigger issue. Our board put a system in place that was supposed to protect our private medical information and it didn’t..“They put more security on accessing a student’s exam results than our private medical information.”.Another concern for some of the teachers is the division and discrimination they have seen in the schools as a result of the vaccination policy..“In some cases, it’s really blatant. This has really opened people up to discrimination when it’s already very divided in every school,” said the teacher..That same evening, the teacher said another e-mail was sent out from Palliser at 5:17 p.m. addressing what had happened along with an apology..“It was really cut and dry,” said the teacher, adding, “there was an apology but they also said they don’t plan to alter or cancel the policy in light of what happened.”.The teacher said others checked with their “vaccinated” friends who work for Palliser and discovered the e-mail admitting to the breach was only sent to the unvaccinated group. .“They only apologized to us as a group of unvaccinated staff and didn’t feel the need to acknowledge their error to everyone even though some of us have implored them to do so,” explained the teacher..“They said the breach did not involve the other group, but that is completely not true because, through their error, they indirectly revealed the status of all the vaccinated people by eliminating people’s names..“So, everyone was affected, but not all might know it yet, and they deserve to be made aware of the breach.”.According to the last e-mail to the AP group, Palliser said it would be reporting the error to the Freedom of Information office..“I think they should just cancel this policy,” said the teacher..“How do we know this isn’t going to happen again? The implications are very huge.”.The teacher indicated many staff are outraged by the breach and are considering legal action..The Western Standard has also learned from multiple sources many of the staff affected by this breach plan to refuse to submit their test results until a formal investigation is launched..“They didn’t hold up their end of the bargain by this breach, so neither are we until we can be sure it won’t happen again,” communicated one staff member on Telegram..“They will not be receiving any more of my private medical info because of their inability to be trusted with it,” said another teacher from the Telegram group..The Western Standard contacted the Palliser School Division for comment and was sent this response on Monday:.“It was discovered that an inadvertent disclosure of personal information comprising of email addresses occurred on Friday, January 14 when an email was sent to a group of staff with an update on the Division’s Administrative Procedure 133 – Semi-Weekly Testing Update. This communication, providing an update on the AP133, was provided to all staff and contractors that are working with Palliser School Division. However, in one email that was sent, the approved Palliser email addresses of a specific limited group of employees were visible to the people that received the email. There was no indication in the email how these employees were categorized or connected to each other. .“Immediately upon discovering the inadvertent disclosure, Palliser took steps to minimize this unauthorized disclosure and a decision was made to notify all affected staff of this incident. Palliser takes the confidentiality and privacy, as well the health and safety of its employees, with utmost importance. Given this, Palliser is sincerely sorry for the incident and is continuing to investigate how the email addresses were made visible and working with advisors to make sure it does not occur again..“In order to ensure that the Division has handled this situation appropriately, we will be reporting this unauthorized disclosure to the Office of the Information and Privacy Commissioner of Alberta (OIPC) to seek their further direction.”.Melanie Risdon is a reporter with the Western Standard.,.mrisdon@westernstandardonline.com
