The company overseeing the federal government’s $900-million settlement deal with military members who experienced sexual misconduct in uniform is admitting to more privacy breaches, despite repeated promises to have fixed the problem.
Epiq Class Action Services Canada confirmed the additional errors after a third veteran came forward to The Canadian Press to report having received an email containing the personal details of a different claimant earlier this month.
The veteran, who asked not to be identified because she still works for the federal government, said the information was contained in an attachment as she was fighting Epiq after the company sent her settlement cheque to the wrong address.
The Federal Court appointed Epiq to administer the settlement process after the government reached an agreement in November 2019 with plaintiffs in three overlapping class-action lawsuits dealing with sexual misconduct in the military.
“I feel betrayed and worried that my personal information has been sent to other members,” the veteran said. “I submitted over 180 pages of documents and I’m sick with worry that someone has my information. It’s victimizing all over.”
Epiq has previously said the inadvertently released information does not include testimonials and other such documents, but only claimants’ names, contact details and randomly generated claim numbers.
It has nonetheless apologized for the errors since the first was reported in March, and repeatedly promised that it was taking the appropriate disciplinary and procedural steps to ensure more claimants are not affected.
The leaks also prompted a panel of claimants, lawyers and government officials tasked with overseeing the settlement to order an independent audit of Epiq’s claims process to prevent further problems.
The company has since retained an external auditor to review and recommend changes to its procedures, Epiq vice-president Angela Hoidas said in an email, adding: “We sincerely regret these additional disclosures.
“While inadvertent human errors have affected a small fraction of the claims we have successfully administered in this class, we believe that any inadvertent error is unacceptable, and have already taken substantial steps to improve our policies and procedures.”
Lawyer Jonathan Ptak, who represents some of the veterans and active service members involved in the three lawsuits settled by the government, said the audit has started.
Yet neither Epiq’s promises to address the problem nor the decision to order an audit stopped the latest breach, which according to a statement on Epiq’s website brings the total number of claimants whose private information has been compromised to 109.
While Epiq has not revealed the total number of actual incidents in which a breach has occurred, Defence Department spokeswoman Jessica Lamirande said the company has reported 20 individual breaches since Feb. 8.
That includes 15 previously unreported incidents discovered by the company during an internal review in late February.
“National Defence takes the issue of privacy very seriously,” Lamirande said in an email. “We have requested that Epiq investigate and take steps to ensure that this matter is contained, resolved, and does not happen again.”
Nearly 20,000 people have applied for compensation as part of the class-action settlement.
Retired master corporal Amy Green and fellow veteran France Menard said they have not heard anything more from the company, government or law firms involved in the settlement since receiving private information about other claimants from Epiq earlier this year.
“It’s disappointing, that’s for sure,” Menard said. “They’re trying to put everything under the rug.”
The veteran who most recently received another claimant’s information said she and others had already been having problems with Epiq even before the privacy breaches, including incorrect information and settlement payments sent to the wrong addresses.
The information sent to Menard and Green consists of the names of individual claimants as well as their claim numbers, which can be used to submit documents through a secure link on the class-action website.
Hoidas has said such documents would then be reviewed by Epiq, and that individual files cannot be accessed, but Menard and Green say they are unsatisfied with Epiq’s response, particularly given the sensitive nature of the claims and settlement deal.
While the office of the privacy commissioner said in March that it was looking into the issue after receiving a privacy breach report from Epiq, spokesman Vito Pilieci said there was no update to the watchdog’s probe.
—Lee Berthiaume, The Canadian Press