Two security breaches at Canada’s spy agency prompted employee suspensions last year, newly released documents show.
In the most serious case, a Canadian Security Intelligence Service employee was suspended for five days without pay following an incident involving information that “must be kept in the strictest of confidence and in full compliance with the need to know principle.”
The CSIS employee was found to be in violation of several aspects of the spy agency’s conduct policy, including provisions on security, performance of duties, integrity and compliance with direction.
The breach prompted an investigation by the agency’s internal security division, resulting in an “injury assessment” – an accounting of damage from a security lapse.
In deciding the employee’s fate, a senior CSIS official weighed the assessment and the fact the person had no prior disciplinary record.
“Notwithstanding the fact that your actions could have resulted in a more serious disciplinary measure, I have decided that a five-day suspension without pay is most appropriate,” wrote the supervisor.
The employee was also warned that any further breaches of the conduct policy could warrant more severe discipline, up to and including dismissal from CSIS.
In the second case, an employee was suspended for one day without pay over an unspecified security violation.
A letter to the employee says that before meting out a punishment, a CSIS supervisor had “taken into consideration the comments that you provided in your e-mail” and that the senior official appreciated “the clarifications you provided.”
The memos outlining the security incidents were among 11 heavily censored discipline reports from 2010 and 2011 released under the Access to Information Act.
CSIS spokeswoman Tahera Mufti refused to discuss what sort of information was compromised, any damage to national security, or whether the employees involved were required to take remedial training.
However, it appears from the records that both security cases involved inappropriate access to CSIS databases.
One insider familiar with security issues at the spy service said that while information leaks do happen once in a while, many policy violations simply stem from inexperience.
“They recruit young people. And young people sometimes do things that are kind of stupid – they don’t have the same judgment,” said the source, who asked not to be named due to the sensitivity of such cases.
Other disciplinary matters during the two-year period involved a range of issues, including problems with workplace behaviour, performance of duties, public reference to employment at CSIS, and activities outside the spy service.
Overall, CSIS director Dick Fadden identified 19 instances of non-compliance with operational policies in 2010-11. The nature of some of the violations prompted Eva Plunkett, then inspector general of CSIS, to express concern in her annual review.
The Conservative government recently abolished the inspector-general’s office, saying its duties would be handed to another watchdog.