Promoting the Trust Agenda — Privacy & Security
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
E-Commerce to e-Economy: Strategies for the 21st Century
September 28, 2004
Panel Discussion by Jennifer Stoddart
Privacy Commissioner of Canada
(Check against delivery)
Good afternoon and thank you. I am very pleased to be here today for this discussion of the impact of trust in developing the e-economy. It has been said that without trust in a relationship, you have nothing, and this is very true in the context of electronic commerce and e-government. The expansion of e-commerce and Government Online in Canada depends on trust. Canadians need to be sure that when they transmit personal information online to conduct business in the private or public sectors that the information is secure, and that it won't be misused.
Right now, that is quite a challenge. We know that most Canadians don't shop online, and that many simply do not trust Internet as a secure place to do transactions. We know that Government Online services, while convenient, are underutilized, again because of a basic lack of trust in the security of the transaction and the safety of the information. The trust that is essential for participation is not there.
Frankly, Canadians are sceptical — and perhaps quite rightly so.
In our daily work at the Office of the Privacy Commissioner of Canada, we see a lot of reasons for people to mistrust business and government departments when it comes to handling personal information. We see daily examples of companies and government agencies that talk the talk but don't walk the walk in their information handling practices. We receive complaints under both Acts about mismanagement of personal information that run the gamut from sloppiness to misrepresentation.
Canadians are highly sensitized to the issue of identity theft and the fact that it is one of the fastest growing crimes on the planet. You can hardly pick up a paper without reading about it. Many Canadians have been affected by identify theft, or know someone who has been, and they are worried. There has been a significant increase in efforts by thieves to access large databases of personal information held by private companies and government agencies. Criminals have broken into government offices to steal computer hard drives, bribed or compromised employees into obtaining personal data for them, and have hacked into databases.
At the same time, spam is huge and growing problem, and has gone far beyond being a time-wasting nuisance. Spam has become more malicious, embedding programs that hi-jack modems and run secret programs. Phishing attacks are of great concern and have serious potential to disrupt e-commerce by further eroding consumer trust in Internet transactions.
Adding to the mixture of fear, suspicion and distrust is the explosion in the technology available for the monitoring of Internet traffic, including the increasing facility to link databases. The current push by law enforcement agencies to increase surveillance of ISPs, e-mails and websites plays into this, as does the boom in profiling online customers for marketing purposes.
The potential of Government On-Line to provide seamless service to the public necessitates linking data bases across departments and among different levels of government. This breaks down the traditional "silos" of personal information that were put in place to protect the informational privacy rights of Canadians.
However, even in this atmosphere of risk, there are some significant and meaningful steps that can be taken in the public and private sectors to help ensure better protection for personal information and to promote a higher level of trust.
In the private sector, the Personal Information Protection and Electronic Documents Act promotes trust by ensuring compliance with the principles of fair information management. We're working in collaborative partnerships in the private sector to help get this message across, to ensure that businesses understand their obligations and that consumers understand and demand their rights.
A customer's knowledge of how information is to be used and consent for those uses is vital and gives meaning to the rest of the principles. The onus is on the business to provide the knowledge that informs consent. We are working with the private sector towards a better understanding of consent and to promote best practices. And we would like to demystify the process significantly. A 14-page privacy notice does not necessarily do a better job on knowledge and consent than a one-page privacy notice. Long and tangled privacy notices are at best confusing and frustrating. At worst they infer consent for just about any use for the personal information that could be imagined and make a mockery of the spirit of the law. Clear language in privacy notices is essential.
Our tools for oversight of PIPEDA include audits for compliance and privacy practice reviews, as well as investigations of complaints and informal consultations. Case summaries published on our website can provide business and consumers with valuable insights into how the Act is applied in various situations.
In the public sector, we have found the Privacy Impact Assessment (PIA) an extremely valuable tool in helping departments assess how they handle personal information. It is Treasury Board policy that government departments undertaking electronic service delivery involving personal information do PIAs — we would like to see this taken further by making this policy a legislative requirement.
Indeed, it is my belief that there is a need for a general legislative overhaul of the Privacy Act itself so that it better reflects the electronic realities of the day. Certainly, the extent of e-government and the restructuring of information management that is necessary for Government On-Line to be a success were not envisioned when the Act was first drafted, and I look forward to discussing this further with the rest of the panel today.
Report a problem or mistake on this page
- Date modified: