Privacy Does Matter
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Notes for the keynote address to Privacy Issues Forum 1998
Wellington, New Zealand
September 2, 1998
Privacy Commissioner of Canada
(Check Against Delivery)
If I do nothing more useful here today, I want to reenforce,for both the committed and the doubters,the essential truth of the theme for your fifth annual forum: Privacy Does Matter.
Privacy matters. Yet we so take our privacy for granted in a democracy; it is so self-evident that it has almost ceased to be evident. Think about it. Privacy is the value at the foundation of the secret ballot, doctor-patient confidentiality, solicitor-client privilege, wiretapping law, the concept that our homes are our castles, and our society's fierce defence of the autonomy of the individual.
Privacy is not the political correctness Flavour of the Month. Far from it. It is a bedrock human value which a former Canadian Supreme Court Justice described as "at the heart of liberty in the modern state". Nor is it an individual right enjoyed at the expense of society as a whole. Respecting one another's privacy is an integral ingredient in the glue of mutual respect which helps hold a free society together. Respecting the boundaries that we choose to draw around ourselves makes the difference between a life of liberty, autonomy and dignity, and a hollow and intimidating existence under a cloud of constant oppressive surveillance.
Whether to reveal or conceal the details of our lives are decisions for us to make, not for others, and certainly not for the state,except in the most limited and exceptional circumstances.
Privacy matters. Never has this value been more vital to an individual's free existence,nor more threatened,than in the technologically advanced societies in which we live. And never have the challenges and the threats been couched in sweeter and more reasonable language than in democracies committed to free speech, personal safety, caring social programs and,most ominous of all, efficient government.
This is a critical time for this value we take for granted. Nothing but bold steps will save it. Surveillance,that tool of oppressive totalitarian regimes,is now within the reach of virtually everyone with the desire and the few dollars it takes to buy the sophisticated equipment. By surveillance, I don't mean the guys in trench coats or ubiquitous cameras, although the proliferation of cameras and microphones in both public places and businesses in North America is astonishing. What I am talking about is the unseen surveillance through the computer databases of governments and businesses both large and small.
The power of new information systems to record, to mine, to match and to manipulate data has grown exponentially since passage of the Canadian Privacy Act. Consider my own tiny office as an example. When the Act took effect in 1983, three secretaries had word processors, the Commissioner and one staff member had typewriters. Although our equipment has never been state-of-the-art, we were probably like many government offices. Computing, where it happened at all, was done on mainframes which, despite their then-impressive size, simply stored and retrieved static data.
Today, everyone in the office has personal computers on their desks. The de-facto standard desk-top computer today has 32 megabytes of memory, substantially more powerful than those old mainframes. And in an office setting, they seldom stand alone but are linked into internal networks which enable us to share data. But more critical to our privacy than the memory capacity is the new machines' ability to collect, exchange, manipulate, analyze and store the data.
The more the machines can do, the more we seek new and creative uses for them and the data they store. This is function creep, or with apologies to Canadian author WP Kinsella, "If you build it, they will find new and sometimes dubious uses for it".
There is no debate about modern societies living without electronic information processing. But the quid pro quo for using these systems is providing legal protection for the individuals whose personal data can be amassed, mined, manipulated and disclosed, often,one might even argue, usually, without their knowledge or consent.
Our countries now face an economic, social and technical environment that few legislators, bureaucrats and privacy advocates contemplated as little as ten years ago, let alone in 1982 when the Canadian law was drafted. We have gone though an economic boom, a recession, a recovery and now the Asian flu.
The economy has forced governments of all persuasions to regard their collective bottom lines with steely eyes and hearts. We are presumably all taxpayers here, and we can certainly support efforts to streamline and economize. We all have to do it in our own lives. But as our economies turned leaner and meaner, our societies seem to be turning nastier. Our vaunted commitment to those social values of mutual support and caring, and our ability to allow for some slush in the system in order to protect our neighbours from real deprivation,while maintaining our democratic freedoms, appear to be under siege.
We also appear to have become more fearful for our safety. Besieged by a media focused on crime stories, yet in the face of statistics reporting generally falling crime rates, many seem ready, even eager,to accept living more circumscribed lives if that will guarantee safety for themselves and their families. In our pursuit of the risk-free life, we are building ourselves electronic Gulags.
When a society under these pressures is offered technologies which promises to pare the bottom line, catch the cheats and criminals, identify those leading unhealthy lives, manipulate consumers to enhance the bottom line, and winnow out the dead wood, the temptations are very hard to resist. The risk we court is making a Faustian deal which could be terminal for a good deal more than privacy laws. This is the gentle slope to surrendering our freedom. The effect could be deadly for the soul of our societies.
I don't want to sound apocalyptic here. There is going to be altogether enough of that as we approach the millennium. But I do want us to consider not just the impact of some of the individual initiatives you will discuss later, but also their cumulative effect on our social values.
I would like to turn to two issues which concern me and, judging from your program, one of which clearly concerns you too. The first is the need for comprehensive privacy law that sets the same rules for all entities be they private or public. The second is the construction of integrated health information systems and the threats they pose to patients.
In Canada, at least, the patchwork of legal protection is no match for current information technology in the hands of efficient governments, aggressive corporations and the new hybrids which may be part federal, part provincial, commercialized government, private contractors or blends of all of the above. Which law governs? The short answer is; who knows?
Canada like Australia and the United States, is a federation,although possibly a more fractious one. The federal privacy law, which I oversee, covers only the operations of the national government, such as our defence department, the national pension and unemployment insurance plans, the RCMP, foreign affairs and immigration. Federal privacy law does not cover health care, education and welfare which are the provinces' turf. Most but not all provinces have privacy laws governing their own operations.
But only in Quebec does the law regulate the private sector. Not only does this create anomalies; it leaves the other 23 million Canadians out in the cold. For example:
- when a Montrealer goes shopping at the world's oldest department store, the Hudson Bay Company, she enjoys privacy rights her cousin in Calgary doesn't have at his local Bay store;
- when her credit information is sent to Equifax, Canada's largest credit bureau, her information is protected by law; her Calgary cousin's information is not;
- our Montrealer has privacy rights if she banks with the local caisse populaire or credit union which operates under Quebec privacy law, but none if she chooses the Bank of Montreal which, although federally chartered, is private sector and so not covered under federal privacy law.
I have no right to know what information businesses hold on me, how they got it, how they use it, whether it is accurate, with whom they share it and how they will keep it. Corporations increasingly regard client data as a resource which they own and can mine, use and sell as they wish. The more widely my information is shared, the more likely it will be used to decide what services I will be offered, what benefits I may receive and what jobs I may qualify for, all without my permission or input. Equally dangerous is that these decisions could be made based on faulty information which I have no right to correct. The legal patchwork is threadbare and drafty, and Canadians want something altogether better at keeping their personal data warm at nights. They want a common set of rules, perhaps something akin to what New Zealanders already enjoy.
Spurred on by two factors, the Canadian government has decided to act. The first factor is the coming European Directive and its possible impact on data transfers to countries without adequate privacy law,of which Canada is one. The second and, let's be frank, likely more decisive factor is the advent of electronic commerce and all the opportunities it offers. Not for nothing is Industry Canada the lead department in the initiative. The government has recognized that a knowledge-based economy is driving global growth and is determined to make Canada the most connected nation in the world. And it wants to create an environment which will see Canada out in front of the pack in developing electronic commerce. Fair enough, after all there are jobs and business at stake. When you're the proverbial mouse living next to an elephant like the United States, speed may be the only thing in your favour.
However, the government also understands that they have to build trust in the system, Canadians will not shop, bank and file taxes on line knowing they risk sharing their personal lives with more than 40 million people worldwide. An ongoing survey found recently that more than 80 per cent would refuse to provide their credit card number when buying over the Internet. I have to wonder about that other 18 per cent! The number who would refuse to conduct transactions electronically drops below 50 per cent when offered the opportunity to know and control how the business would use their personal information. Even so, the advocates of e-comm clearly have a lot of heavy rowing ahead of them.
Whatever the motivation for the government's plans, I am not looking this particular gift horse in the mouth. The government now appears poised to introduce privacy legislation to govern the private sector in Parliament this autumn.
What precisely any law will say I do not know. But I can tell you very briefly what advice I gave:
- Keep it simple. Avoid registering databases which will become costly, burdensome and bureaucratic, and likely a huge irritant to business. I also counselled against sectoral codes as impractical in the current North American business environment;
- Build a level playing field. The last thing we need is data havens within the country, provinces with more lenient laws to attract less scrupulous business. If necessary, I suggested the federal government might consider using its power to regulate interprovincial trade and commerce;
- Give it teeth. The scheme needs independent oversight with strong investigative powers but which is simple for consumers and non-confrontational for business;
- Put the onus on business. Business should be obliged to deal with complaints initially. This is their opportunity to understand, deal with and hopefully learn from the experience. Also require business to audit their information practices periodically and act on the findings;
- Educate public and business. No law will be effective without consumer and business understanding. Business must bear the primary responsibility for informing its clients and employees. I also asked for both a specific education mandate and money to increase public awareness. At the moment I have neither.
Whatever the details, there is now a consensus, or at least in some quarters grudging acceptance, that individuals need actionable legal rights to control their personal information.
Health Information Systems
I want to focus now on the privacy implications of the new health information networks.
You may recall my saying that health care was a provincial matter in Canada so what business is it of mine? I'm tempted to say unless you want a dissertation on Canadian Constitutional law and history, you don't want to know. What it comes down to is the federal government collects the taxes and earmarks some of the moneys transferred to the provinces for health care. A blue ribbon panel of health experts was assembled by the Prime Minister to make recommendations on how best to improve Canadians' health and the health care system. Among the recommendations were those aimed at improving the information available through a national health information network. The federal government responded by setting aside $50 million to establish a Canadian Health Information System with Health Canada in the lead role. That put the initiative squarely into federal jurisdiction.
Putting health care information into an electronic system has important real life implications for us all. Respect for privacy is the essence of the doctor-patient relationship. And while the privacy of that relationship was never iron-clad; there were always the risks in paper records and office gossip, leaks were generally contained within a small circle.
The circle expanded with conversion to on-line billing and government collection and storage of some health information. Now the cost and efficiency pressures are on, among them delivering health care across the country, assessing why people get sick, and determining who is using (and abusing) the system and why.
These are important issues that affect us as both patients and taxpayers. We would all want the doctor to have access to critical medical details if we are wheeled unconscious into an emergency room while away from home. Most of us accept, and indeed support, providing clinical information for legitimate medical research. And most of us can accept that we need to protect the system from abuse. But the quid pro quo for these legitimate aims should not,and need not,be an on-line network that expands that doctor-patient communication to a cast of thousands.
Information technology has, as someone put it, made the practice of medicine into a spectator sport in the United States where private insurance companies pay the piper and, increasingly, are calling the tune.
Consider a recent story in the New York Times which describes an apparently growing practice by American psychotherapy patients to pay the cost of therapy sessions out of their own pockets, or forgo the treatment altogether, rather than have detailed counselling information finding its way into the hands of insurance administrators and perhaps eventually their employers who contribute to the plan. The threat may be enough for patients to withhold vital information from the person who most needs it,the doctor.
The Canadian system puts much less power in the hands of insurance companies, which only supplement the core publicly funded system. But it puts a great deal more into the hands of health bureaucrats, witness a recent story. Supported by her doctor, an Ontario woman sought breast reduction surgery to alleviate chronic pain in her back and shoulders. The health bureaucrats responded by demanding photographs before agreeing to foot the bill. The story hit the papers and met a storm of protest.
While the intent was to ensure that a public system was not paying for cosmetic surgery, the public thought that was surely a medical decision to be made by the doctor and patient. Nor did it take much imagination to see what might happen to the photographs. A compromise was worked out but the story had one salutary effect; it lifted the lid on the role bureaucrats increasingly play in determining our medical care and the limited control patients have over their medical information.
I confess there is another aspect of state control that makes me nervous, and that is a view that a publicly funded health system somehow justifies greater intrusions. As the links between life style, poverty and health become clearer, so grow the temptations for the health bureaucracy to follow, assess, and then influence our choices so that we will not become a burden on the system. I can just picture it now:
"Mr. Phillips, your weight is climbing; did you exercise three times last week? Mr. Phillips, your cholesterol count is up; are you eating your broccoli? Mr. Phillips, your support for your local brewery has become perhaps a tad too enthusiastic."
While understandable, this is effectively medical surveillance. This is the role we happily give our primary health provider, our family physician, but not to the health system's cast of thousands. Medical research is invaluable, of course. But patients have a right to decide whether they wish to participate. The onus is on the system to make the case to the patient to participate. Rendering the information anonymous is one solution to encouraging patients to participate.
Medical information, and the circumstances under which we provide it, are unique. We are a captive audience when we are sick or hurt. At that vulnerable moment when we want our health restored, we feel compelled to provide intimate details of our lives we would otherwise choose to keep private. Health care providers need any and all personal information that might be helpful during a crisis. But this intimate information, once revealed, may soon become part of a "womb-to-tomb" electronic medical record.
At that point, the patient (and, arguably, the doctor) will have lost control. The details could become accessible far beyond the physician with whom the patient has established a trust relationship. Information could be shared with the broader health care system and perhaps also a present or future employer, an insurance company and the credit bureau. Information we volunteered for medical treatment could be used for unrelated purposes, with devastating effect.
There are three key messages I would like to offer anyone considering and integrated electronic health information system:
- First, privacy, security and confidentiality are three distinct concepts; protecting one does not necessarily take care of the others;
- Second, privacy is a social value that must not be viewed as amenable to a trade-off against other benefits to society such as an efficient health care system, and
- Third, meaningful privacy guarantees are a prerequisite to public confidence in a health network, and thus a foundation for its construction.
Loss of privacy should not be the inevitable cost of health care. One approach being tried in Canada is specific health privacy laws. The provinces of Alberta. Ontario and Manitoba have all drafted such laws with varying degrees of success. In the face of substantial opposition, Alberta and Ontario have withdrawn theirs for further consultation and redrafting. Opponents observed that far from protecting medical information, the bills seemed designed to facilitate its sharing.
Another possible approach is a national health privacy code which could serve as the benchmark against which any provincial legislation can be measured. I think patients would take some comfort from knowing that their doctors could endorse such a law.
Any code should:
- carefully define "health care information"
- define who "owns" the information
- permit individuals to identify specific aspects of records as sensitive, thereby restricting or prohibiting access to that information for purposes other than the patient's care
- require the structuring of health care records to allow different levels of access, depending on both the sensitivity of the information involved, and the use of the information (administrative or research, for example)
- require electronic health care records to separate out the fields that can be used to identify individuals
- establish a uniform consent form releasing personal information
- require the keeping of audit trails
- impose obligations respecting the security of the information
- develop protocols for third party access to personal information
- establish oversight mechanisms, or use existing data protection oversight bodies, to review legislative and policy issues relating to health care information and privacy, approve secondary databases and computer linkages, examine new technologies and their impact on health care information, advise on legislative amendments and, generally, carry out oversight to protect privacy
- ensure transparency of the collection, use and disclosure of personal information
- require those holding personal health care information to inform individual patients of their rights relating to that information
- provide civil rights of redress and statutory penalties for misuse of information.
Doctors of course are in the front line of the debate. They, after all, will be the primary data collectors. Recognizing that this is not how their patients see them, and not wanting to play Trojan Horse for the system which includes a long line of secondary users, the Canadian Medical Association has stepped into the debate. It has drafted a comprehensive privacy code built on an assumption that privacy is both a human right and a social value. It posits as its basic principle the need to obtain patient consent for virtually any form of information exchange. The draft is thoughtful and thorough and I commend it to anyone interested in more detail in this issue. Should it stand it will be nothing less than a Hippocratic Oath for the information age.
So where does this leave us? In Canada, at least, we await the final report of that blue ribbon panel. We are working with Health Canada on the privacy issues in the hopes of influencing the final design. And the Canadian Medical Association was to consider its draft code at its annual meeting in late August. So the jury is out.
My advice to any government contemplating integrated health networks is to use to the maximum the privacy expertise already available. Get it right the first time and public (and privacy commissioners') support will follow. Fail and eroding public confidence will take the system down with it. And if it cannot be done without the wholesale abolition of existing rights, it ought not to be done at all.
- Date modified: