BUSINESS

Rouge Valley Centenary's Privacy Breach Went On For Years

06/04/2014 01:47 EDT | Updated 06/16/2017 00:58 EDT
Image Source via Getty Images

A recent case of a hospital baby-napping has unsettled new parents around the country, and this latest news from a Toronto hospital is unlikely to calm fears.

Two staffers at Rouge Valley Centenary hospital in Scarborough sold information on new mothers to companies trying to sell Registered Education Savings Plans (RESPs), hospital officials allege.

As many as 8,300 patients may have had their private information compromised, the Toronto Star reports, including names, addresses and phone numbers. Patients contacted by the Star and other local news sources say they have been contacted by sales reps selling RESPs.

The two staffers no longer work for the hospital, CTV reports.

The privacy breaches took place between 2009 and 2013, and were first discovered in October, 2013. The hospital uncovered another staffer's alleged activities in March, 2014, according to local news source CP24.

The office of Ontario’s privacy commissioner and the Ontario Securities Commission are reportedly both investigating the breach.

Neither the hospital employees nor the companies allegedly involved were identified in news reports.

Some Rouge Valley patients are concerned the privacy problems may not be over.

Karthick Nanthakumar, uncle to three children born in recent years at the hospital, said he was worried the companies who have been calling his family to sell RESPs could sell the data on to others.

“They’re not going to stop at selling RESPs. They can do something else with it — they can do anything with it,” he said, as quoted at the Star.

A spokesperson said the hospital is treating this incident as a learning experience that can help “to improve what we do, so this kind of thing can be prevented.”