2010 Consumer Privacy Consultations

2010 Consumer Privacy Consultations

Canadian Advisory Committee

The Canadian Advisory Committee for ISO/IEC JTC 1 Subcommittee 38 (CAC 38) notes with interest the Privacy Commissioner's report, Report on the 2010 Office of the Privacy Commissioner of Canada's Consultations on Online Tracking, Profiling and Targeting and Cloud Computing. In particular CAC SC 38 notes the report's identification of these Issues for Feedback:

  • We heard discussion about the need for standards and we urge organizations to develop strong personal information security standards. We would welcome further input on any work being done in this area in Canada and any suggestions on what the next steps should be. The OPC is open to any comments industry would like to make in that regard.
  • A suggestion was made that government undertake to develop such standards. We welcome further input on that suggestion.

In response to the Report's invitation, CAC 38 offers the following input.

The International Organization for Standardization (ISO, formed in 1947) and the International Electrotechnical Commission (IEC, formed 1906) launched a Joint Technical Committee (JTC 1, formed in 1987) to develop standards for the information and communications technologies (ICTs). In particular, the mission of JTC 1 is

JTC 1 is the standards development environment where experts come together to develop worldwide Information and Communication Technology (ICT) standards for business and consumer applications.

Additionally, JTC 1 provides the standards approval environment for integrating diverse and complex ICT technologies. These standards rely upon the core infrastructure technologies developed by JTC 1 centers of expertise complemented by specifications developed in other organizations.

At its 2009 Plenary meeting, JTC 1 formed a new Subcommittee, SC 38, on the subject of Distributed Application Platforms and Services. SC 38 includes cloud computing in its mandate. Its immediate objectives are to provide the definition, terminology, taxonomy and value proposition for cloud computing, asses the current state of global standardization, identify the requirements for JTC 1 SC 38 standardization from gap analysis and provide a set of standards development recommendations to SC 38.

The Standards Council of Canada, formed by act of Parliament in 1970, manages Canadian participation in JTC 1. In particular, a Canadian Advisory Committee for SC 38 has been formed to develop the Canadian input to JTC 1 SC 38. CAC SC 38 has 22 members representing the private sector, the public sector and academia.

The system of Canadian Advisory Committees is a well-established process for developing a representative Canadian input to the international standards development activities of JTC 1. In the vast majority of cases, experience has been that the ICT standards developed by JTC 1 are suitable for adoption in Canada. Moreover, the Canadian Advisory Committees are harmonized i.e. they are simultaneously recognized by the Canadian Standards Association and capable of developing Canadian standards. Thus if for any reason, it is determined that uniquely Canadian standards are required for cloud computing, CAC SC 38 is in a position to develop them and recommend their approval by CSA.

It is the opinion of CAC SC 38 that the suggestion made during the Privacy Commissioner's public consultations that cloud computing standardization be undertaken by government (solely) is inappropriate. Canadian requirements for cloud computing standards development, including but not limited to personal information security standards, can be left with confidence in the hands of the existing institutions that are proven and broadly representative of Canadian interests.