ÎÚÑ»´«Ã½

Skip to content
Join our Newsletter

CSIS suspends 2 employees over lapses

Two security breaches at ÎÚÑ»´«Ã½'s spy agency prompted employee suspensions last year, newly released documents show.

Two security breaches at ÎÚÑ»´«Ã½'s spy agency prompted employee suspensions last year, newly released documents show.

In the most serious case, a Canadian Security Intelligence Service employee was suspended for five days without pay after an incident involving information that "must be kept in the strictest of confidence and in full compliance with the need-to-know principle."

The CSIS employee was found to be in violation of several aspects of the spy agency's conduct policy, including provisions on security, performance of duties, integrity and compliance with direction.

The breach prompted an investigation by the agency's internal security division, resulting in an "injury assessment" - an accounting of damage from a security lapse.

In deciding the employee's fate, a senior CSIS official weighed the assessment and the fact the person had no prior disciplinary record.

"Notwithstanding the fact that your actions could have resulted in a more serious disciplinary measure, I have decided that a five-day suspension without pay is most appropriate," wrote the supervisor.

The employee was also warned that any further breaches of the conduct policy could warrant more severe discipline, up to and including dismissal from CSIS.

In the second case, an employee was suspended for one day without pay over an unspecified security violation.

A letter to the employee says that before meting out a punishment, a CSIS supervisor had "taken into consideration the comments that you provided in your email."

The memos outlining the security incidents were among 11 heavily censored discipline reports from 2010 and 2011 released under the Access to Information Act.

CSIS spokeswoman Tahera Mufti refused to discuss what sort of information was compromised, any damage to national security, or whether the employees involved were required to take remedial training.

However, it appears from the records that both security cases involved inappropriate access to CSIS databases.