Canadian Public Relations Society Luncheon
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
May 16, 2002
Senior Director General
Communications and Policy
(Check Against Delivery)
It's a real pleasure to be here to-day to talk to fellow public relations professionals about a subject that I feel very strongly about - the protection of our privacy.
I would like to begin by talking about the parameters and meaning of privacy, and why I feel its protection is important for every Canadian-and our society as a whole. I'd also like to say a few words about the work of the Office of the Privacy Commissioner. I'll then focus on our public education role and some of our efforts to take privacy from something we generally think very little about and take for granted-to an awareness of privacy as one of the fundamental cornerstones of a free society.
First of all, why is privacy important? Privacy is a concept that everyone understands at a very basic level. I'm sure that all of us have a sense of what it feels like to have our privacy threatened, even if only in small ways. No one likes to feel that someone, literally or metaphorically, is watching us over our shoulder.
Though we all value privacy, it's not always clear what people mean when they talk about it. Privacy has proven to be a very difficult concept to define. Probably the most famous definition of privacy-"the right to be let alone-is now more than hundred years old. Louis Brandeis, one of the people who used this phrase in an article published in the Harvard Law Review in 1890, went on to become a Justice of the U.S. Supreme Court. One of Canada's Supreme Court Justices, Gérard La Forest, has argued that privacy is "at the heart of liberty in a modern state." La Forest's comment suggests that we can't be truly free if our every move is watched, our every activity known, and our every preference monitored.
Defining privacy is difficult because it's hard to capture the challenges of protecting privacy in the 21st century. That's because it is so easy for our privacy to be invaded from a distance, completely unbeknown to us. It used to be quite a task to assemble a detailed profile on someone when information was kept in paper files. Now with the Internet and electronic data bases, it's possible for someone to assemble detailed information about us, within minutes, without our knowledge. Or even more frightening, someone may be making decisions that affect us, or forming opinions about us, based on information that may not be accurate or that we didn't even know existed. The scary part is that we may never know what's being said or assumed about us - we often have no control over the information gathered about us.
This is why the Privacy Commissioner of Canada, George Radwanski, defines privacy as "the right to control access to oneself and to personal information about oneself."
To me privacy has several different dimensions-territorial privacy, bodily privacy, the right to have a private life and informational privacy.
We can all relate to territorial privacy, the notion that we need to have a sphere of private space in our homes or our car. That's one reason why we close our curtains when we come home at night. It's not that we're trying to hide something. We just instinctively need our privacy, our freedom from being observed. If we're on a bus or a plane, and someone starts reading over our shoulder, we usually feel uncomfortable. What we're reading isn't secret; it's just that our privacy-our space-is being invaded.
And we can certainly understand bodily privacy, the protection of our bodies against invasions such as drug testing or even more invasive bodily searches. We can also expect that our thoughts and opinions should be private. One of the reasons why George Orwell's 1984 is so frightening is that the society Orwell describes is one in which it is almost impossible to have private thoughts and opinions.
But, what we don't often think about is the concept of informational privacy, the idea that we can, and should, control the collection and handling of personal data such as credit information, our personal medical records, and even records of our purchases.
This concept of informational privacy is critical to our understanding of many contemporary privacy issues. Just as people don't have the right to look in your window, or search through your personal effects without cause, organizations shouldn't be able to collect and disclose information about you without your consent.
When people have the ability to control access to and information about themselves, it gives them the sense of dignity that comes from having control over one's identity, a sense of autonomy and a reasonable measure of confidentiality.
Some people have argued that without privacy, individuals can't effectively exercise free will. And free will-the freedom to go about your lawful business and to make decisions that affect you-is essential in a democratic society.
So it's important to understand that privacy is not just an individual good-it's not just something that's nice to have. It's a public good. And it's even more than that, it is a fundamental human right, recognized by the United Nations.
Our society as a whole has a stake in its preservation. That's why protecting privacy can't be left to the good will of businesses and other organizations. Once your privacy has been lost, or violated, whether a result of human error or a willful act, it's lost forever-you can't get it back. That's why protecting our privacy and preventing violations of our privacy is so important.
And that's why governments have a responsibility to promote and protect privacy.
It's also why we have a Privacy Commissioner who reports directly to Parliament, and why the federal government passed two comprehensive laws to promote and protect privacy. The Privacy Act applies to the federal government; the Personal Information Protection and Electronic Documents Act, the PIPED Act for short, applies to the private sector.
Let me briefly summarize what the PIPED Act for the private sector says.
- Apart from some very limited exceptions, no private sector organization covered under the law can collect, use or disclose personal information about someone without his or her consent.
- It can collect, use or disclose that information only for the purpose for which they gave consent. And even with consent, it can only collect information that a reasonable person would consider appropriate under the circumstances.
- People have the right to see the personal information that is held about them, and to correct any inaccuracies.
- And if people believe that their rights have been violated, they can complain to the Privacy Commissioner of Canada.
Right now, the PIPED Act applies to all personal information that's collected, used, or disclosed in commercial activities by federal works, undertakings, and businesses. That means, primarily, banks, airlines, telecommunications companies, broadcasters, and transportation companies. It also applies to the personal information of employees in these organizations. And it applies to personal information held by provincially-regulated organizations if it's sold, leased, or bartered across provincial or national boundaries.
Beginning in January 2004, the Act will apply across the board-to all personal information collected, used, or disclosed in the course of commercial activities by all private sector organizations.
There's one special circumstance, however, that's an exception. That's where a province has passed privacy legislation that's "substantially similar" to the PIPED Act. Where that's happened, the federal government can declare that the provincial Act will apply to commercial activities that take place within the province's boundaries.
The end-result of this will be that by 2004 we'll have seamless privacy protection.
The Privacy Commissioner of Canada is an independent Officer of Parliament, appointed to champion the privacy rights of all Canadians. His mandate has two major components: oversight of two privacy laws and public education.
Part of his oversight responsibilities involves investigating complaints. To date, we have received approximately 230 complaints under the PIPED Act and in a typical year we receive approximately 1,500 Privacy Act complaints.
When investigating complaints, the Commissioner has the power, under both Acts, to order the production of documents, enter premises, and compel testimony. However neither the current Commissioner nor his predecessors have had to use these powers; cooperation has always been voluntary.
The Commissioner is an ombudsman. When dealing with disputes his objective is to find a solution that works for everyone. If he finds an organization is violating privacy, he'll suggest how the problem can be fixed.
The Commissioner doesn't have order-making powers. In fact, the Commissioner really has no power per se, but he has one extremely important weapon-public opinion. If an organization refuses to mend its ways, we can make the problem known publicly-and then rely on publicity and public opinion to move things forward. As public relations professionals, you are more aware than most of the tremendous power of publicity.
Although the threat of adverse publicity can be a powerful inducement to convince organizations to change their ways, this isn't the only reason or even the main reason we publicize our findings.
The PIPED Act gives the Commissioner and his Office a mandate to educate Canadians about their privacy rights, to promote respect for privacy, and to make private sector organizations aware of their responsibilities to respect the privacy of individuals.
We take this mandate very seriously and it is one of our most powerful tools. It's crucial that the Commissioner and his staff inform Canadians about their legislated privacy protections, and remind private sector organizations of their responsibilities under the Act.
When I joined the office in September 2000, we had a tiny communications staff, a small web site, no communications strategy, and a low public profile. Very few people I spoke with knew very much, or thought very much, about privacy. In the past two years, we've built a communications shop and we have a Commissioner who strongly believes in openness, transparency, the power of the media, and the importance of helping Canadians understand why it is so important to protect their privacy.
The Commissioner's position, and mine, is that an informed public is the best way to ensure privacy is protected.
That's why we put a lot of time and energy into speaking engagements. Almost every week, the Commissioner gives a major address somewhere across the country, or indeed the world, as we are invited to a number of international conferences. In the first sixteen months since the PIPED Act came into effect, the Commissioner and Senior staff have given over 110 speeches to a variety of audiences and groups around the world.
We don't just wait to be invited to give speeches to get our message out. We issue press releases and public statements. We meet with newspaper editorial boards - the Commissioner has given over 270 media interviews since he was appointed.
Our office has conducted two major advertising campaigns to raise awareness-a print campaign in 2001 and a national radio campaign in March of this year. These ads reached millions of Canadians and resulted in a significant increase in inquiries to our office.
Now, I believe the message is getting out. Stories about privacy are in the media every day. Privacy is an issue that has tremendous depth. Identity theft, video surveillance, workplace privacy, the abuse of the Social Insurance Number, genetic privacy-these are all issues that the public can relate to. People are, I believe, becoming aware of what privacy means to them and are increasingly taking steps to protect it.
I don't have to tell you about the importance of communications-it's your business. But I would like you to think about making privacy a communications priority within the organizations you represent.
And I would urge you not to think about privacy just as a legal requirement, although if you are in the private sector your organization will almost certainly become subject to the PIPED Act or substantially similar provincial legislation.
I would urge you to think about how your organization's approach to privacy affects the public image of your organization and the loyalty of your customers or clients.
If a firm's customers are likely to approve of what the firm wants to do with their personal information, they'll be gratified if it shows them the respect of asking them anyway. There's a competitive advantage in being known as a company that respects privacy. If they're unlikely to approve, the company simply shouldn't be doing it, because there's a distinct competitive disadvantage in being known as a company that violates privacy.
Take the case of Eli Lilly, the pharmaceutical company. A few months ago, Eli Lilly disclosed the e-mail addresses of more than 600 people taking Prozac. Eli Lilly had offered patients taking this drug an e-mail reminder service. The privacy breach took place when an e-mail, sent out to announce the end of the program, listed the e-mail addresses of all the people who had signed up for the service.
This simple act violated the privacy of hundreds of people, created a lot of negative publicity for the company, and resulted in an investigation by the U.S. Federal Trade Commission.
I also would urge your organization to be up-front with your customers or clients about the information you're collecting and how you are going to use it. And make sure you have consent-it's legal requirement, but it's also good business.
The whole reason organizations collect and analyze personal information is to find out who is going to want their products and promotions. The key to that is getting people's solid, affirmative consent to the use of their personal information.
If people don't trust businesses, if they see businesses twisting consent or unjustifiably inferring it, they'll undermine the system. They'll refuse to give information, or give false information. They'll swamp companies with complaints. They'll reject things that might be of benefit to them, out of sheer anger and frustration and resentment. And they'll look for competitors who do respect their privacy.
So, the competitive advantage goes to the firm that respects privacy. Good privacy is, in the end, good business.
Your challenge as communications and public relations specialists is to understand the issue and to be a voice for privacy within your organization. The last thing you want is a public relations disaster. Just imagine what it must have been like to have been tasked with controlling the damage caused by the Eli Lilly incident I mentioned.
Let me give you some ammunition to help you convince your colleagues that the public cares about privacy.
According to some recent surveys:
- Two-thirds of Canadians feel that there is no real privacy because governments and businesses can learn anything they want about people; and
- A majority of Canadians feel they have less personal privacy in their daily lives now than 10 years ago and that the threat of an invasion of their personal privacy will continue to increase in the future.
Does this mean we should all give up and accept the advice of Scott McNealy, the C.E.O. of Sun Microsystems, who is famous for muttering three years ago that "you already have zero privacy - get over it?" Clearly, I believe the answer is no. We haven't lost the battle, but we are at a crossroads-and Canadians agree. More than two-thirds of Canadians agree that "privacy will be one of the most important issues facing our country in the next ten years."
Rather than give up, we have to fight as never before to protect this vital human right.
Help us spread the word. The fact is, we can't do it alone. We need the help of every Canadian and that includes you.
- Date modified: