Security, privacy don’t conflict, says Canadian privacy commissioner

IT security experts often focus on hunting down malware makers and vulnerabilities in organizations, while government privacy commissioners work separately at protecting personal data.

Sometimes it seems they have conflicting goals.

But the federal privacy commissioner has told a Montreal security conference that its time the two groups worked closer.

“It is imperative that cyber security specialists and data protection authorities like the OPC, (Office of the Privacy Commissioner) work even more closely together to improve the defences in the private sector, and ensure privacy protection is a guiding principle in cyber security efforts,” Jennifer Stoddart told a meeting of the Messaging Malware and Mobile Anti-Abuse Working Group on Wednesday.

The group includes telecommunications and security companies.

Exchanging knowledge and honing of best practices “is essential for more effective cyber security,” she said in prepared remarks released to the media. “Better cyber security is a prerequisite for effective privacy protection,” she added.

As an example, she said, her office and the Dutch Data Protection Authority collaborated last year on a joint investigation of WhatsApp, a mobile app developer based in California with hundreds of millions of customers worldwide, because it contravened privacy laws both in Canada and in the Netherlands. The company agreed to improve its privacy protection.

Last May 19 privacy enforcement agencies, including Stoddart’s, collaborated in an Internet sweep to examine the posted privacy policies of almost 2,200 websites and nearly 100 apps.

Almost a quarter of the websites and apps had no privacy policy available, the investigation found. Mobile apps were especially poor with more than half lacking a privacy policy entirely and more than 90 per cent raising concerns about how they present information on their privacy practices.

The sweep “highlighted the importance of organizations explaining their privacy practices in a fashion that is both transparent and concise,” she said. “People need and deserve such explanations so they can make meaningful decisions in exercising control over their own personal information.”

According to a survey done by her office, Canadians overwhelmingly said they want to be notified if an organization they have given personal information to suffers a data breach or loss. At the same time almost 60 per cent doubted they get it.

“This dual expression of public concern and pessimism should act as a warning flag for those in IT executive suites . . . and to those on the IT front lines as well,” Stoddart said. The potential harm to organization brands from data breaches is significant and on the rise. That alone should be an incentive to make cyber security and accountability a greater business priority.”

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now