Ontario’s privacy chief has reported record-breaking numbers of privacy complaints against health-care and public sector organizations last year. But at least one Canadian analyst is not ready to cast the first stone against these institutions.
Ontario Privacy Commissioner Ann Cavoukian has disclosed in her Annual Report that the number of privacy complaints filed under public sector privacy laws has reached 170 in 2006, the highest in the past nine years.
Similarly, privacy-related complaints under the Personal Health Information Protection Act reached 183 in 2006, also a record high.
The high numbers, however, are likely due to the increasing volume of digital information being created today, rather than a shortcoming on the part of the government, according to James Sharp , vice-president of customer segments research at IDC Canada Ltd.
“I really think it’s just the sum total of the number of transactions and the amount of management that is causing incremental leakage of personal and private data,” says Sharp. And the probability of more data leakage increases as the world’s creation of digital data accumulates, he adds.
IDC earlier revealed a study that showed an impending information overload in the digital realm. The study indicated that the amount of digital information that will be created globally between 2006 and 2010 will increase from 161 exabytes to 988 exabytes. One exabyte is equivalent to about one billion gigabytes.
It is therefore inevitable that as more information becomes digitized, the likelihood of those data being subjected to unauthorized exposure becomes greater, says Sharp. The key is in assessing the threat and the risks of such data leakages, he adds.
“The biggest issue isn’t just amassing the data, but its appropriate disclosure. As we amass more and more information, two things are going to happen: one, we will have more information leaks , and two, we are going to have a much more focused effort on continuing to create compensating controls around those privacy losses,” says the analyst.
Those that were previously working under an autonomous set-up, where one group is responsible for only one area of health care, are now forced to collaborate and share information as provincial health care becomes more regionalized, which presents more of a business process challenge than a technological one, says Sharp.
Challenges around privacy protection also remain the biggest barrier to the deployment of electronic health records , says Sharp. “The issue is really who owns that (health) record, who is it disclosed to, on what basis and under whose authority?”
In her report, Cavoukian also stresses the need for provincial and municipal government organizations and health information custodians to “develop a culture of privacy.”
“Organizations that fall under Ontario’s three privacy Acts must not only educate staff about privacy legislation and privacy information policies and practices…they must (also) work towards ensuring that privacy becomes embedded into their institutional culture and that staff understand how serious a privacy breach can be,” says Cavoukian.
The commissioner also called on government officials to be more open and transparent by providing easier public access to information, particularly on government procurements .
If a recent IDC Canada survey is any indication, government organizations are already recognizing the urgency of addressing information transparency and privacy protection issues.
The market research firm probed government organizations in the federal, provincial and municipal levels across Canada on their top policy and program priorities for the next 12 to 18 months. Transparency, accountability and compliance landed at number two among federal and provincial governments, with respectively 46 per cent and 37 per cent citing them as priority, says Alison Brooks , senior government analyst.
Identity management is also moving up the priority hierarchy among government organizations, adds Brooks. “It’s privacy, access and security issues all at the same time…There are definitely some cost efficiencies that are being dangled if you can get the right constellation of privacy, security and access across the board,” she says.