Federal privacy chief urges law revamp

Not only do Canadians have increasing concerns about how their personal information is being protected, they feel it’s less secure than it was 10 years ago.

This was one of the findings of a survey released by federal Privacy Commissioner Jennifer Stoddart’s office (OPC). EKOS Research Associates was commissioned by the OPC to poll Canadians in March 2007 about a variety of privacy issues.

“I think the perception is that (Canadians are) continually hearing about instances like identity theft or actually experiencing it themselves,” said Colin McKay, spokesperson for the privacy commissioner.

“I think that we all feel a little more exposed because one of the benefits of technology is you get to share information so easily, and people just feel there’s more of an opportunity to lose their information.”

Stoddart’s 2006-2007 Annual Report on the Privacy Act (tabled in Parliament on Wednesday) also addressed her office’s concerns about the number of travel-related security programs that have been put into place.

McKay said the report identified travel-related programs by the government that collect some form of information. These include programs for business travellers like the Nexus Border Crossing program, which eases travel into the U.S. for pre-approved business people.

“The amount of information they’re accumulating about people under the guise of these travel-related programs and what’s missing from our point of view, is a more horizontal and strategic look at how they’re collecting this information and for what purpose,” said McKay.

Commissioner Stoddart stated in her presentation to Parliament that one of the ways in which concerns regarding travel-related security programs could be addressed would be to review and modernize the Privacy Act, Canada’s public sector privacy law that was passed in 1982.

McKay said one of the tools the PCO uses to monitor what the government is doing when it collects personal information is the Privacy Impact Assessment policy (PIA), a tool that is supposed to be used every time a government agency is considering a new program, or revising an old program.

“It’s meant to prompt people that are developing policies or programs to think through why they’re collecting information, what they’re going to be using it for, and how they’re going to store it safely,” McKay said.

“When we say we need reform of the Privacy Act, there are a number of components in there but one of them is this perception that the government needs to have a better understanding of how it’s collecting information, and what it’s doing with it.”

Philippa Lawson, executive director of the Canadian Internet Policy and Public Interest Clinic, agreed that the Privacy Act needs to be reviewed and strengthened.

There needs to be stronger protection, she added, and noted that the privacy commissioner’s Annual Report identified areas where the current Privacy Act is deficient and needs to be changed.

“This is legislation from the early 1980’s when people were using Commodore type computers,” said Lawson.

Lawson said the threats to individual privacy raised by new technologies and the incredibly sophisticated and expansive uses these technologies gather, manipulate, and share people’s personal information is dramatically different in 2007.

“The threats are much higher, and there’s no question we need to re-evaluate to what extent the regime drafted in the early 80s is still relevant,” she said.

McKay noted that in the EKOS survey, Canadians reported they felt they were taking steps to protect their personal information, such as hiding their PIN number when using their debit card.

“But nearly half of them are still carrying around their SIN card in their wallet,” said McKay. “It’s a nine-digit number, there’s no reason why you need to carry it around, and it’s the most useful piece of information if someone wants to steal your identity.”

McKay said because of this juxtaposition between awareness and behaviour, Canadians still need some guidance in figuring out what steps they need to take, and what steps businesses and governments have to take to protect their information.

Lawson said the points that the Privacy Commissioner is making are ones that need to be made, “…and I hope that the government is listening,” she said.

“I just hope that the government reads this (Annual Report) and takes it seriously because when you look at the Throne Speech that just came out, it doesn’t seem to be reflecting these kinds of concerns, and it seems to be ignoring the mounting concern of the Canadian public.”

Key survey findings by EKOS Research Associates commissioned by the Office of the Privacy Commissioner of Canada:

– Seven in 10 Canadians feel they have less protection of their personal information than they did 10 years ago.

– 60 per cent of Canadians continue to agree that health information is one of the most important types of personal information that needs protection through privacy laws.

– Only a small proportion of Canadians believe that government (17 per cent) and businesses (13 per cent) take protecting personal information very seriously.

– Four in five Canadians place great importance on having strong privacy laws. Despite this, more than half report they are not aware of any privacy laws currently in place.

– While 65 per cent of Canadians have memorized their Social Insurance Number, 46 per cent continue to carry their SIN card with them.

Related content:

Opinion: The hazards of GPS tracking

Canadian firms stand guard for Patriot Act abuse

Biometrics Institute seeks smartcard privacy resolution

U.S. Homeland Security revives air passenger screening program

Related Download
Improving the State of Affairs With Analytics Sponsor: SAS
Improving the State of Affairs With Analytics
Download this case study-rich white paper to learn why data management and analytics are so crucial in the public sector, and how to put it to work in your organization.
Register Now