Ottawa, October 17, 2007 — Canadians overwhelmingly
feel their personal information is less well protected than it was a decade
ago, and they are right to be worried, says the Privacy Commissioner of
Canada, Jennifer Stoddart.
Commissioner Stoddart’s 2006-2007 Annual Report
on the Privacy Act was
tabled today in Parliament. At the same time, the Privacy Commissioner’s
Office released new research confirming that Canadians are unsure of how their
personal information is protected, and by whom.
Increasingly, Canadians’ personal
information is being exchanged with law enforcement and security agencies in
other countries. The government has claimed that this transborder flow of information
will improve transportation safety and enhance our national security.
“We are particularly concerned about the number of travel-related security
programs that have been put in place,” says Commissioner Stoddart. “Parliament
may not be sufficiently informed about how these programs work and their individual
and collective impact on the privacy rights of Canadians.”
The increased
collection of personal information under these programs increases the risk
that Canadians will be the victims of inappropriate data matching, intrusive
data mining, or the unintended consequences of the disclosure of personal information.
This increases the risk of surveillance, rendition and unwarranted attention
from law and security enforcement both at home and abroad.
These concerns could be
addressed, in part, by a review and modernization of the Privacy Act.
As the Annual Report notes, “Parliament passed
Canada’s public sector privacy law back in 1982 – the same year
the Commodore 64 computer hit the market. At the time, both were considered
pioneering.”
The Privacy Act, unfortunately, is not equipped
to deal with the pressures imposed by tremendous technological change. In fact,
Canada’s private
sector privacy law, the Personal Information Protection and Electronic
Documents Act, provides more protection for Canadians.
As the results of an audit of the government’s Privacy Impact Assessment
(PIA) Policy confirm, government departments are not doing enough to
protect Canadians’ personal information as they plan new programs or
redesign existing programs.
“While we did not identify cases of pervasive
non-compliance, many institutions are not fully meeting their commitments under
the policy and, by extension, the intent or spirit of the Privacy Act,” says
Commissioner Stoddart.
Under the PIA policy, federal institutions are required to assess
the potential privacy risks of programs before they are implemented. These
institutions must also identify the measures in place to protect personal information
as it is collected, stored, used, disclosed and ultimately destroyed.
The Office of the Privacy Commissioner
audit found that some institutions made serious efforts to apply the PIA policy
but many are lagging behind. PIAs are sometimes completed well after the program
has been implemented and, in some cases, not done even when potential privacy
issues are evident.
“Privacy protection should be a key consideration in the initial framing
of a program or service,” says Commissioner Stoddart. “Current PIA
reports offer little assurance to Canadians who want to understand how a government
service or program will affect their privacy.”
Canadians not only want to be reassured that their personal information
is being protected; they also want to be informed when it is disclosed inappropriately.
Research conducted for the OPC shows that a majority of Canadians (seven
in ten) expect to be informed if a security breach leads to the disclosure
of information – whether
that information is sensitive or not.
That research, a survey of 2,001 Canadians conducted by EKOS Research Associates
earlier this year but released for the first time today, also found that:
Seven in ten Canadians feel their personal information is less protected
than it was ten years ago.
A bare majority of Canadians agree that they have enough information to
know how new technologies might affect their personal privacy.
About seven in ten Canadians believe that they are doing a relatively good
job of protecting their own personal information.
Despite this, almost half of Canadians (46 per cent) carry a Social Insurance
Number (SIN) card in their wallet, although this number is a key piece of
information used by identity thieves.
“These survey results underline that we – my Office, privacy advocates,
regulators and consumer protection authorities – have
to work harder to reassure Canadians that their privacy rights are protected,” says
Commissioner Stoddart. “We also have to give them the information and
tools so they can better protect their own information.”
The Privacy Commissioner of Canada is mandated by Parliament to act as an ombudsman,
advocate and guardian of the privacy and protection of personal information rights
of Canadians.
To view the reports:
Annual Report to Parliament 2006-2007 – Report on the Privacy Act (Adobe format)
Backgrounder: Findings of a 2007 poll commissioned by the Office of the Privacy Commissioner of Canada
2007 EKOS Research Associates survey: Canadians and the Privacy Landscape
Assessing the Privacy Impacts of Programs, Plans, and Policies (Adobe Format)
— 30 —
For more information and/or media interview requests, contact:
Colin McKay
Office of the Privacy Commissioner of Canada
Tel: (613) 995-0103
E-mail: cmckay@privcom.gc.ca
