Privacy Preoccupations: The policies and practices of the Office of the Privacy Commissioner of Canada
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Remarks to the Public Sector Executive Network
January 26, 2010
Address by Chantal Bernier
Assistant Privacy Commissioner of Canada
(Check against delivery)
I want to say that I appreciate this opportunity to speak to all of you about a matter near and dear to my heart: The protection of privacy in a changing and challenging new world.
As a former ADM in the Government of Canada, I am well aware of the challenges you face, whether you happen to work at the federal, provincial, territorial or municipal level.
Amid the daily crush of financial, administrative, policy and human resource issues, I suspect you may be asking yourself: Where does the protection of privacy fit in? How big a priority should it be? And how do you go about safeguarding privacy when the challenges are so many, varied, and always growing?
And yet, as I will discuss further, it is a cornerstone of our democracy – it is the space to exercise fundamental freedoms and to protect personal integrity.
I understand I have been given a generous span of time to address these and other related questions. I assure you I won’t be talking for all that time. On the contrary: I hope to be able to stimulate a discussion with you, so that we can all profit from a rich exchange of ideas and experiences.
For now, though, let me just tell you what I do intend to talk about, and I encourage you to jump in anytime with questions or comments.
In a nutshell, I will be following a trajectory from the theoretical to the practical.
How do we, at the Office of the Privacy Commissioner of Canada understand the concept of privacy at the start of this new decade? Why is it important? Why is its protection so crucial – now, surely, more than ever?
First, I will outline the four trends and influences that we foresee as posing the greatest challenge to privacy in the years ahead.
Secondly I will explain the role of the OPC in the face of these pressures.
Thirdly, I will move to a few concrete cases that bring to light our challenges and approaches.
Finally, I will put to you a few questions for the future of privacy in the context of the public sector.
So, let me begin with some context.
Earlier this month at the technology industry’s Crunchies awards in San Francisco, Facebook founder Mark Zuckerberg suggested to an interviewer that people’s perception of privacy has changed over time.
According to news reports, Mr. Zuckerberg said, and I quote: "People have really gotten comfortable, not only sharing more information and different kinds, but more openly and with more people."
Mr. Zuckerberg’s comments triggered a spirited debate about the meaning of privacy in the digital age. Some people even suggested privacy is dead, hearkening back to Sun Microsystems co-founder Scott McNealy’s infamous comment of 11 years ago – and I quote: "You have zero privacy anyway; get over it."
Now, these quotes come from the private sector where respect for the right to privacy is governed by a completely different legal paradigm than in the public sector. In the private sector, it is a matter of contractual fairness, in the public sector it is a matter of human rights.
So these quotes are from a different paradigm but they still beg a relevant question for us, public officials: as human rights are shaped by social values, is the right to privacy changing according to changing social values? Is it disappearing?
I will be interested in your views on this, but for now, let me just paraphrase Mark Twain by saying that reports of the death of privacy are vastly exaggerated.
Indeed, I believe there is no question that privacy is a live and deeply held value.
And what is definitely not changing is the notion of control. People understand that privacy is something they can opt to relinquish. They can – and often do – choose to reveal things about themselves.
But they do not appreciate any organization – whether government or commercial – simply helping itself to their personal information, without their knowledge and consent.
The content of privacy may evolve with society or be experienced differently by different individuals but its core is immutable: and that is control over disclosure of one’s personal information.
The right to privacy is the right to control the disclosure of your personal information. And no one, how ever broadly they wish to broadcast their information, wants to relinquish that control.
That control protects us from intrusions on our person. It allows intimacy and facilitates freedom of expression and thought. It protects our reputation. In short, it allows us to protect our place, our sense of self, in our social environment.
At the end of the day, privacy is the space we need in order to exercise our other freedoms and civil rights.
How does this notion of control play out in the public sector where government, not the individual, determines what information to disclose?
- The notion of control in the context of government is exercised collectively rather than individually: we take a position as a society in relation to how much we want the state to know about us and we make our representations in that regard through our various democratic venues;
- Our right to privacy in relation to government is grounded in human rights; in fact the courts have recognised the right to privacy as quasi –constitutional right and it is enshrined in sections 7 and 8 of the Charter of Rights and Freedoms; the individual right to control personal information is exercised through that legal regime;
- Interpretation of the Charter in that regard dictates that any curtailment of privacy must be submitted to four criteria which we call the four part test – according to these criteria every government policy that infringes on privacy in any way to be scrutinized :
- Is the curtailment of privacy necessary?
- Is it proportionate to the necessity?
- Is it effective?
- Is there a less invasive alternative?
That is the normative framework of the OPC is protecting to the right to privacy in Canada and I will try t illustrates this now and in sharing with you our main challenges, our role in relation to these and some concrete examples of cases.
- Priority challenges The main pressures on the right to privacy
Our analysis of trends brought to identify four main pressures on the right to privacy, which we have defined as our policy priorities, are:
- national security,
- information technology,
- genetic information, and
- The protection of personal identity.
But, like anything of value, privacy is constantly under threat. It must be safeguarded with vigour, vigilance and care.
With that in mind, our Office has identified four key trends and influences that we feel will pose the greatest challenges to privacy. This is where we will focus our efforts in terms of our policy, research, public education and investigative work over the next few years.
The first area is national security – a field I came to know well during my time at Public Safety.
Not a day goes by that we don’t hear of some new national security initiative. Just mention the words “airport” or “Olympics,” and you will know what I mean.
And there are so many others: As I will describe in more detail shortly, for instance, a legislative initiative to increase online surveillance powers by police and national security agencies was being debated in the Commons until Parliament was prorogued.
It is pretty much a given that any initiative aimed at strengthening public safety and security will have an impact on privacy.
But that does not mean that the twin objectives of security and privacy need be at odds.
On the contrary, they complement each other, morally and functionally. Morally, both privacy and safety characterize the society in which we have chosen to live. Functionally, they work together to streamline and focus each other.
At times, however, we have to question whether the appropriate balance has been struck.
Our specific challenge here, not just as the OPC, but as a society, in the current context can be summarized to these:
- As the threat has moved from states to individuals, national security rests more and more on personal information;
- And as the threat is more and more diffused, it is less calculable and therefore generates overly broad responses that impact privacy
- As national security authorities need to maintain secrecy, it is all the more difficult to keep them accountable, particularly with respect to the protection of privacy.
This last element is both a collective and an individual challenge.
While secrecy is often justified, it also presents unique problems for individuals caught in the dragnet. How, for instance, do you prove your innocence if you cannot find out what the authorities know about you? How did they get the information? Are they sharing it with others? What if they are misinterpreting it? What if it is dead wrong?
In the ordinary workaday world, privacy laws give you the right to know when others are collecting your personal information, to verify that it is correct, and to have some say over its use.
And collectively, how do we ensure authorities are accountable for measures they keep secret? The best we can do is for the OPC to fully play its role in relation to the part test in reviewing policies and programs as well as in s supporting individuals in the exercise of their right to privacy. But I will come back to that when I explain our role.
Another key challenge for us rests in technology.
For decades, information technologies have been enhancing our lives in countless ways. Most people today can barely imagine a world without the Internet and the many other advances that computers and the digital age have brought.
But every technological innovation also introduces new risks to privacy. With the power of modern computers, there is today no practical limit to how much personal information can be collected, stored and used. That, in turn, makes it increasingly difficult, if not impossible, for individuals to control their personal data.
Just with the advent of email, the challenges to privacy are
- Unprecedented creation of recorded personal information
- Unprecedented breadth of diffusion of personal information
- Unprecedented risk of breaches with unprecedented magnitude of consequences.
And there is more to come if we are not careful: let me simply mention the risk of cyber attacks on government electronic infrastructure or the inherent risks to government social networks like GCpedia.
A third priority concern for us is in the emerging arena of genetic technologies.
Until now, we have been preoccupied with safeguarding relatively prosaic bits of personal information, such as names, addresses, phone numbers and credit card numbers.
Imagine the value of personal information derived from an individual’s genetic code, which really is the ultimate identifier.
Genetic information can be used for many wonderful and amazing purposes. But it can also be used in ways that intrude on our dignity and sense of self.
Moreover, it is difficult to exercise control over things we do not understand and, at the frontiers of science, genetic technologies challenge our capacity to grasp their full implications. The science is evolving faster than the surrounding laws and ethical frameworks. Privacy rights are often ensnared in the ensuing social debate.
Control over our own genetic material is also complicated by other factors. How, for example, can we give meaningful consent for the use of a tissue sample, when it can be stored for decades and used for purposes we cannot even dream of today?
In this regard, our minds are focused on two main issues:
- How to balance the individual right to privacy against the collective right to medical research?
- How to ensure meaningful consent in the context of such complex, scientific issues as genetics and how can that consent be meaningful in relation to yet unknown possible uses?
- How can the information be kept secure in a context of centralized databanks, often crossing national frontiers?
The final priority area for our Office is what we refer to as the protection of identity integrity. And by that I am referring to people’s right to control the personal information that defines them to the rest of the world.
The fact is that, even if you never post a single word or image on the Internet, you are still leaving an electronic footprint. Today, with surveillance cameras, smart phones and global positioning systems, you create a rich trail of data about your movements, behaviours and preferences.
Each bit of data alone may mean little. But, gathered up, cross-referenced and analyzed, all these pieces can yield an extremely detailed profile. Taken together, this can become your identity.
Managing your identity is a challenge, especially when you do not really control how it was created, or how it is used or shared with others.
And it can be used for good or ill. You might, for example, enjoy VIP treatment at a shop you visit often. Or you could find yourself bombarded by irritating ads and wondering what happened to your privacy.
OPC as privacy guardian
Those are, of course, only four of the many issues we deal with every day at the Office of the Privacy Commissioner of Canada, and there are many, many more.
In fact, if you look at the more than 12,000 calls and letters we receive in a typical year, the issues are many and varied. But one that continues to bedevil us, year after year, is the unauthorized disclosure of personal information.
In our most recent report to Parliament on the Privacy Act, we noted that public servants, in the vast majority of cases, take very seriously their responsibilities for the secure handling of personal information.
And yet, we cannot ignore the exceptions.
In one case, for instance, a Justice Canada official on a business trip to Kingston lost a briefcase containing the personal information of 145 taxpayers, including their social insurance numbers and some details of their investments in a tax shelter. The briefcase was not locked and was never recovered.
I mention this case because, banal though it is, it reflects a problem that occurs with surprising – and frustrating – frequency. It is exactly the sort of incident that, with a little more training and awareness, ought to be stamped out, once and for all.
More dramatic was the case of Agriculture Canada, in which a hacker using amateurish, off-the-shelf software was able to infiltrate two servers, exposing about 60,000 personal data records of farmers enrolled in a federal loan guarantee program.
The department, to its credit, took immediate steps to assess the damage and minimize further system compromises.
Other complaint investigations
Our office also investigates other types of complaints under the Privacy Act, mostly related to people’s troubles in gaining access to their own personal information held by government.
Indeed, we handled nearly 1,000 complaints in the past fiscal year, and more than half of those related to access problems. The next biggest area of concern – about one-fifth of the complaints we investigated – related to the time it takes institutions to respond to requests for personal information.
Overall, it should come as no surprise that, the more personal information an institution holds, the more likely it will be to attract complaints. As such, we found that Correctional Service of Canada, Human Resources and Skills Development Canada, and the RCMP garnered the most complaints.
The Canada Revenue Agency and the Department of Justice were both in the top-10.
Audit and Review
Two other vital functions of our Office are carried out by the Audit and Review Branch.
The purpose of privacy audits is to gauge the extent to which select federal departments and agencies adhere to the Privacy Act and other data-handling directives, principally issued by Treasury Board.
At the start of last year, for instance, we published audits on three agencies that handle large amounts of personal information – Elections Canada, Service Canada and the Canada Revenue Agency.
That was followed by two other significant privacy audits: One on FINTRAC, the Financial Transactions and Reports Centre of Canada, and the other on the federal Passenger Protect Program, more commonly known as Transport Canada’s “no-fly list.”
This year, we will be reporting on the privacy implications of the government’s widespread use of BlackBerrys and other wireless devices.
In all cases so far, we have highlighted areas for improvement. In general, we have found that institutions are committed to addressing the gaps, and tend to respond to our recommendations in whole or, at least, in large part.
The other key function of the Audit and Review Branch is to review Privacy Impact Assessments that are submitted to us by federal departments and agencies.
The PIA process aims to encourage institutions to consider the potential privacy implications of new or substantially amended programs or other initiatives, and to demonstrate that they have taken steps to mitigate any negative impacts.
One of our higher-profile PIA reviews of late involved the new millimetre-wave security scanners already being deployed at airports across Canada. As many of you will know, we had an opportunity to monitor the development and pilot testing of this initiative, and to reassure Canadians that important privacy safeguards are built in.
Other PIAs we are currently reviewing look at the technological infrastructure of the RCMP’s sex offender registry, and a Correctional Service of Canada pilot project involving the electronic monitoring of prisoners.
We are also consulting with the Public Service Commission in connection with a PIA on the commission’s Political Impartiality Monitoring Approach. PIMA is about ensuring that public servants understand their rights and obligations when it comes to engagement in the political process. However, we are also concerned about the level of surveillance involved in the approach, since social networking sites and media clippings are monitored for evidence of political bias among government workers.
I want to underline that, at least in the ideal, the PIA process is actually a process. We work with organizations throughout the development of their initiative, and then monitor progress after the program is rolled out.
In the case of the airport scanners, for instance, we are continuing to meet with CATSA, the Canadian Air Transport Security Authority, because we know that things do not always work out in practice as they appeared on the drawing board.
Policy and Parliamentary Affairs
In addition to complaints investigations, privacy audits and privacy impact assessments, another vital function of our Office is to monitor the development of laws, regulations and policies that could affect privacy.
Indeed, our officials appeared before committees in the House and Senate on 19 occasions in 2009. The recent prorogation of Parliament has lowered the heat for the time being, but we know that many files we have weighed in on in the past may be resurrected after the legislature resumes in March.
One item that will remain at the very top of our watch list is lawful access.
You may recall, just before the summer break last June, the government introduced Bills C-46 and C-47. These were known, respectively, as the Investigative Powers for the 21st Century Act and the Technical Assistance for Law Enforcement in the 21st Century Act.
Those bills, in conjunction with other pieces of legislation – such as one aimed at curbing child pornography (Bill C-58) and another to speed up warrant approvals (Bill C-31) – would expedite and broaden the circumstances under which police and security agencies could intercept a new generation of communications.
Newer tools, such as online chat, peer-to-peer messaging or Voice-Over-Internet-Protocol services like Skype, would all fall under the new umbrella, as would PIN-to-PIN messaging on BlackBerrys or text-messaging on mobiles.
In short, the bills would compel any company providing a telecommunication service in Canada – from Facebook or Google to Rogers or Telus – to build intercept capabilities into their networks, making it easier for authorities to require them to preserve or turn over communications from specific users.
And for a range of data related to a subscriber's identity – full name, home address, e-mail, phone number or IP addresses, for instance – these would need to be provided without a warrant.
Later that summer, privacy commissioners and ombudsmen from across Canada unanimously supported a joint resolution urging Parliamentarians to exercise caution as they consider legislation aimed at creating an expanded surveillance regime.
Our Commissioner subsequently wrote to parliamentarians, again underscoring our significant concerns about privacy aspects of the bills.
We understand the challenges faced by law enforcement and national security authorities at a time of rapidly changing communications technologies.
Even so, whenever new surveillance powers or programs are proposed, the government must demonstrate that the measures are necessary, effective and proportionate to the invasion of privacy. They must, moreover, be the least invasive alternative available.
To date, the government has not shown that the additional powers it hopes to gain through the bills are, in fact, justifiable against these four criteria.
I know I have covered a lot of ground, and I do want to leave time for questions and discussion. So to sum up:
Our Office recognizes that governments often pursue policies or directions that may infringe on privacy rights.
But what is important from our perspective is that the actions be justifiable and the infringement on privacy be identified, minimized and, as far as possible, mitigated.
More specifically, we want evidence that, where the state deems it necessary to collect, use or disclose personal information, it do so with the utmost care and respect.
Because, even with changing social norms, privacy remains a cherished value. So let me now turn to you and ask you to comment on theses questions:
- Is the notion of privacy changing?
- Should it change? Should we just forget about it and move on as some social networking CEOs would like us to do?
- How does curtailment of privacy affect democracy? Where invasion of privacy is justified by suspicion, of everyone, are we entering an adversarial rapport between state and citizen?
- So how do we, public officials continue to protect the core value of privacy – being the right to control the disclosure of personal information, in an evolving context in relation to the balance between individual privacy and collective interests?
In whatever circumstances, our job is to make sure the balance is at least fair and I look forward to our discussion in this regard.
Thank you for your attention.
- Date modified: