Data protection and the pursuit of evil-doers

Black comedy was perfected when George W. Bush began using the term “evil-doers” to refer to those who do nasty things to Americans. The first time I heard the term used on TV, it wasn’t so funny as simply odd. Not even Superman in the Silver Age comics would stoop to refer to Lex Luthor or Braniac as “evil-doers.”

What does this have to do with data? Well, the U.S. government is actively pursuing “evil-doers.” Keep that in mind for a second.

In British Columbia, the Medical Services Plan (MSP) handles our financial contributions to, and use of, universal Medicare. A couple of months ago, a local news station raised concerns about data privacy. B.C. is planning to select Maximus Inc. in Virginia (I can’t help but think of Russell Crowe in Gladiator) to “develop a new service delivery scheme” for MSP and PharmaCare, the plan that helps low-income folks buy prescription drugs.

The quotation above is from Business in Vancouver in its April 13, 2004 edition. Their article had a little more detail than the short, fear-mongering piece on TV. My first thought, and hopefully yours, was, “Why the hell did they send this work to the U.S.? Surely someone here could have improved the delivery of those programs.”

But in the article, a nastier wrinkle arose. According to BiV, Maximus “falls under the scope of the U.S.A. Patriot Act.” This Act was designed to allow U.S. law enforcement agencies to spy on and take swifter action against — you guessed it — “evil doers.”

The B.C. Government and Service Employees Union (BCGEU) has raised a red flag and is pressuring the government to do something. Not to be cynical or anything, but I just can’t help imagining that job losses are in store for the BCGEU. Nevertheless, the assertion is that the FBI could access medical data, which is all highly confidential. According to the BCGEU, the Patriot Act “specifically prohibits a company that has complied with an FBI demand for information to reveal that is has done so.”

So imagine that the B.C. government performs privacy audits a year later. It asks some poor IT worker if he or she had provided information to unauthorized persons. Pretend that months earlier a large FBI agent had been standing on his or her neck and asked for a printout of names and address with surnames that match certain ethnic patterns.

If questioned directly, the best the IT worker could do is put on the finest possible Captain Willard face (as portrayed by Martin Sheen in Apocalypse Now) and say, “Sir, I am unaware of any such activity or operation — nor would I be disposed to discuss such an operation if it did in fact exist, sir.”

Colin Hansen, the B.C. Health Services Minister, is saying “There’s no indication that the U.S. government’s intention was to access private medical information from nationals of other countries.” Perhaps, but that doesn’t mean that they won’t and, were they to find a reason, U.S. laws permit it. Later in the article Hansen is quoted as saying, “The contract will not be signed until we can get that [privacy] assurance.”

What assurances can Maximus realistically provide? Homeland security trumps data privacy every time. My worry is that Maximus will try this one on for size: “No problem; we’ll keep the servers in Canada.”

I have no idea if this is true, but it’s sufficiently Dilbert-like to be possible. It’s not so far removed from Paul Martin telling us that he sold his company to his sons and therefore has no conflict of interest. (I wonder what they talk about at the Martin Christmas dinner.)

Regardless, not one non-Canadian should have access to MSP data.

Which makes me wonder . . . how does offshore outsourcing work? If my personal data is input into and they have servers in India, but if staff in the U.S. manage the data, whose privacy laws win? Oh my gosh, there are “evil-doers” everywhere!

Robert Ford is a consultant in Vancouver who is now considering keeping his personal data on parchment and hiding it in the furnace room.

Related Download
Improving the State of Affairs With Analytics Sponsor: SAS
Improving the State of Affairs With Analytics
Download this case study-rich white paper to learn why data management and analytics are so crucial in the public sector, and how to put it to work in your organization.
Register Now