The City of Lévis makes efforts to comply with the requirements of the Access to Information Act, but gaps remain in the protection of personal information and in computer risk management, notes the general auditor (VG) in her annual report.
Francine Tessier submitted her 2024 report Monday to the municipal council. It was made public on Tuesday morning.
The VG notes a “clear will of the city to control the risks associated with personal information collected from citizens”. A budget of $ 2.075 million was devoted to it.
However, even if the law on the protection of personal information entered into force in September 2024, the city of Lévis “did not finish its work to comply,” confirms the VG in an interview. There are therefore gaps.
Risks
“In Lévis and in all organizations, [le principal risque]it is the risk that there is flight or theft of personal information and that there are serious damages that are caused “to citizens. Another risk is that that information is not used for the purposes for which it had been collected.
In Lévis, the city did not signal a leak or improper use, indicates the VG. “There were no serious elements, but there are small elements that occurred [pour lesquels] City management has taken action. “
The VG stresses that the analysis of risk management training needs has not been carried out, “and no training has been offered in this regard”. However, employees need this training, she insists. In addition, it remains an “ambiguity on the responsibilities of the speakers”.
The auditor advised the city, for the sake of prevention, to establish disciplinary measures in the event of fraud or embezzlement and to communicate them to the city’s employees, which Lévis accepted.
“Confidential” results
The results of the audit concerning the general computer controls are “confidential” and the public does not have access to it. Without giving the precise portrait, she says she observed that “there are certain risks” on the computer.
Nevertheless, it “observed a high level of efficiency for several” computer checks. “The action plan that was submitted to me is very responsible.”
As for the audit on organizations which obtained annual subsidies of $ 100,000 or more, the VG stresses that the organizations complied there “satisfactorily”, although modifications had to be made to the financial statements of the Patro Lévis.
Favorable welcome
In a press release, the city of Lévis said they welcomed the recommendations.
“The City began the implementation of concrete measures aimed at improving risk management linked to personal information, strengthening general computer controls and ensuring better monitoring of subsidies of $ 100,000 and more,” said the municipality.
The last VG report to Lévis dates back to 2021 because there was no verifier in office since. The VG estimates that for 67 of the 78 recommendations, “the action plans implemented made it possible to correct the shortcomings”. “The main recommendations still in application concern the management of assets and the management of major projects.”
