Research

Public Opinion Surveys

Canadians and the Privacy Landscape

Submitted to the:
Office of the Privacy Commissioner of Canada
March 2007

EKOS Research Associates Inc.

EKOS Research Associates Logo


Top of PageTable of ContentsExecutive Summary

The Office of the Privacy Commissioner of Canada (OPC) is an advocate for the privacy rights of Canadians with the power to investigate the handling of personal information in both the public and private sector. In order to assist the public in the protection of its personal information, there is an ongoing need to understand how the Canadian public’s views on privacy issues continue to evolve in this increasingly complex environment. It was within this context the OPC commissioned EKOS Research Associates to undertake a survey of Canadians.

The research findings for this study have been drawn from the results of a 15 minute telephone survey with a random sample of 2,001 Canadians, aged 16 years and older. Surveying on the study was undertaken between March 13th and March 26th 2007. The results of the study build on the previous public opinion research that the OPC has undertaken to both assess how certain trends are evolving as well as establishing new benchmarks in emerging areas.

What emerges from the research is a telling picture of Canadians and the privacy environment. Key findings from this year’s survey include:

  • A large proportion of Canadians continue to worry about their privacy and have high expectations of strong privacy laws, and think that businesses and the government need to take their responsibilities in this regard more seriously. And although Canadians are slightly more positive in their assessment that both businesses and governments are taking the protection of personal information seriously, there continues to be significant room for improvement. The following are examples of changes Canadians expect in the privacy environment:
    • Modernization of the Privacy Act — As no changes have been made to the Act since its inception in 1983, Canadians overwhelmingly agree that it may require some changes that take into consideration the role technology has had in Canadian society.
    • Penalties and laws — A significant proportion of Canadians believe that there are sanctions and penalties in place when their information is not adequately protected, suggesting the provisions most Canadians assume to be in place are not in fact as strong as their expectations.
    • Breaches of information — Canadians overwhelmingly reject the notion that there is no need for disclosure rules when it comes to information breaches. In fact, the majority feel that government agencies and individuals should be notified regardless of the sensitive nature of the information (and this view has been strengthened over the course of the last year.)
  • Although Canadians value their privacy, there continues to be a strong need to raise awareness of the safeguards in place and their rights within the various laws across the country.
    • Awareness of laws and institutions that protect Canadians’ privacy remain very low. Furthermore, Canadians report having similar low levels of awareness about their own privacy rights.
    • While many Canadians do not fill out warranty cards, they are not particularly aware of the fact that doing so is not always necessary for warranties to be legal or that these cards are often used for marketing purposes.

While Canadians’ concerns are higher on a number of fronts and have evolved in nature, a number of broad trends have been remarkably stable over the past ten to fifteen years. Most importantly, privacy continues to mean very different things to Canadians, although today it is increasingly centred around the protection of their personal information. At the same time, this report illustrates how difficult it is to make broad-based assumptions for all Canadians about particular uses of personal information and what is and what is not acceptable. What is acceptable to one Canadian may be entirely unacceptable to another. Looking forward, this is clearly likely to remain true.

Top of PageTable of Contents1. Introduction

1.1 Background

With more and more Canadians embracing new technology and its potential to change our daily interactions with people, governments and businesses, there remains a significant need to ensure that personal information is kept safe and secure from any unauthorized use. With data breaches, such as stolen credit card numbers of thousands of Winners/Home Sense consumers in the previous year, it is not entirely surprising that Canadians are concerned with the protection of their personal information. Traditional worries of credit card fraud and identity theft in addition to newer issues such as Social Insurance Number theft have all been compounded by the use of new technologies in our day-to-day interactions.

Today, as in the past, the privacy landscape is known to be far from black and white, and remains very context driven. Equally important, the landscape continues to be volatile, reflecting changes on many fronts ranging from the emergence of new technologies to national security issues to the growing interconnectedness of databases to the growing flow of personal data across international boundaries. It was only a few years ago that Radio Frequency Identification Devices were not part of the privacy debate in a large way. Similarly, what seemed to be an overnight success of YouTube is another vivid example of the way in which a person’s privacy could be affected in a way that was not imaginable only a few years ago.

The Office of the Privacy Commissioner of Canada (OPC) is an advocate for the privacy rights of Canadians with the powers to investigate complaints, conduct audits under two federal laws, publish information about information handling practices in the public and private sectors, conduct research on privacy issues, and promote awareness and understanding of privacy issues by the Canadian public.

Given this last role, there is an ongoing need to understand how the public’s views on privacy issues continue to evolve in this increasingly complex environment, as well as establish new benchmarks in emerging areas relevant to the OPC’s mandate. It was in this context that EKOS Research Associates was commissioned to undertake a survey of Canadians. This particular research assignment will build on previous public opinion research undertaken by the OPC to both assess how certain trends are evolving and establish new benchmarks in emerging areas, including:

  • Better understanding the evolving nature of Canadians’ privacy concerns, particularly in relation to personal information;
  • Issues relating to PIPEDA that should be examined in the context of Parliament’s current review of the legislation, as well as those relating to the Privacy Act that should be examined in the context of a possible review of the legislation;
  • The privacy implications of new technologies; and
  • Revisiting a selected number of measures relating to awareness of laws and institutions, and overall confidence in the adherence to relevant laws by government and the private sector.

Top of PageTable of Contents1.2 Research Methodology

The research findings for this study have been drawn from the results of a telephone survey with a random sample of 2,001 Canadians, aged 16 years and older.  Surveying on the study was undertaken between March 13th and March 26th 2007. The interviews averaged a little over 15 minutes in length.

The survey instrument was designed in close consultation with the Office of the Privacy Commissioner of Canada (OPC) to examine issues relating to the Canadian privacy landscape, as well as awareness and perceptions of Canadian privacy laws and the office itself. Once the questionnaire items were approved, the questionnaire was programmed into EKOS’ computer-assisted telephone interviewing (CATI) software. In addition to programming the actual text of each question, instructions to the survey interviewer (such as instruction to read or not read available responses), question/response randomization (batteries of questions and some responses to questions are randomized to minimize an order bias) and skip logic are integrated at this stage. In order to gauge the flow and clarity of the survey instrument, the questionnaire was pre-tested through a series of telephone interviews with actual respondents in English and French before starting the fieldwork. The objective of the pre-test was to ascertain the clarity of the questions, the flow of the sequencing, the overall length of the interviews and any factors that may affect the response rate. A small number of revisions were made to the survey instrument in order to clarify certain questions and to adjust the focus of others before the final survey was fielded. The final version of this survey is appended to this report in Appendix A.

Once data collection was complete, the results were statistically weighted by age, gender and region to ensure that the findings were representative of the Canadian population 16 years of age and over. With a sample size of 2,001, the results from this survey may be considered statistically accurate to within +/- 2.2 percentage points, 19 times out of 20.

Top of PageTable of Contents2. Overall Findings

This year’s survey of the Canadian public has reinforced many of the trends in public opinion that have been observed in relation to privacy-related issues in the past few years. In some areas, public opinion has been very stable with high levels of concern being evident. In other areas, there have been and continue to be subtle changes that characterize how the Canadian public views things. The survey has also shed light on a number of other areas that should help inform some of the future directions and challenges that lie ahead.

The Broad Privacy Landscape

  • Similar to the late 1990s, privacy continues to mean very different things to Canadians, and the public points to a wide range of imagery when asked about their top-of-mind imagery. Despite this, Canadians increasingly think first about the protection of their personal information. Against this backdrop, this report illustrates how difficult it is to make broad-based assumptions for all Canadians about particular uses of personal information and what is and what is not acceptable. What is acceptable to one Canadian may be entirely unacceptable to another.  Going forward, this is likely to remain the case.
  • While it is difficult to make assumptions about the acceptability of particular uses of personal information, it is still clearly evident that a number of broad trends remain true in 2007. As a starting point, Canadians remain extremely concerned about the protection of their personal information. This is particularly true in relation to identity theft, which has emerged in a relatively short period of time to become a major concern to Canadians.
  • The difficulty in making assumptions about what is and what is not acceptable is reinforced by the clear hierarchy in concerns that exist in both the types of information that might need to be given to an organization and the specific organization that is involved. Some Canadians are not comfortable giving any information to any organizations. Others are comfortable giving most information to various organizations. Generally speaking, Canadians are much more concerned giving some types of information compared to others, with the highest levels of concerns relating to what would typically be considered sensitive information (e.g., financial information, a person’s Social Insurance Number, a person’s health history).  Likewise, Canadians are much more comfortable giving information to certain types of organizations compared to others. Canadians are most comfortable giving information to their doctors, the police, governments and the banks. They are, in comparison, far more concerned about doing the same with telemarketing companies, Internet Service Providers and even polling and social research companies. These patterns have been remarkably stable from the late 1990s.

Canadians and Protecting their Privacy

  • Despite a slight overall improvement in the proportion of Canadians that believe both governments and businesses take protecting personal information seriously, there remains significant room for improvement.  Against this backdrop, it is not surprising at all that few Canadians believe that strong privacy laws are not important. That said, however, Canadians continue to place greater importance on having strong privacy laws, and this year’s study points to the highest levels of importance observed since tracking on this question began in 2005. 
  • It is somewhat disturbing, however, that large numbers of Canadians remain poorly informed about existing laws and that awareness levels have not improved at all in the past few years. In fact, more than half report not being aware of any laws that are currently in place. There continues to be a need to raise Canadians’ awareness of the laws and institutions in place and what rights they have.
  • There have been a number of high-profile data breaches in both Canada and the United States in the past year or so. While there are laws in the United States that require disclosure of such breaches, no such laws currently exist in Canada today.  In broad terms, Canadians overwhelmingly reject the notion that there is no need for disclosure rules when it comes to information breaches. In fact, the majority feel that government agencies and individuals should be notified regardless of the sensitivity of the information (and this view has been strengthened over the course of the last year.)

The Privacy Act

  • Canadians firmly believe that laws need to be updated in response to the rapid evolution of information technology. Compared to last year, there has been a 7 percentage point increase in the proportion of Canadians saying the need for the modernization of privacy laws is high. Similarly, the modernization of the Privacy Act in particular is seen by increasing numbers of Canadians as being an important priority for the federal government. Those assigning the highest levels of importance are up 5 percentage points compared to a year ago.
  • Not surprisingly, many Canadians do not have a good understanding as to what penalties and sanctions can be imposed for privacy breaches under the Privacy Act. That said, the findings suggest that the provisions most Canadians assume to be in place are not in fact as strong as their expectations.

Warranty Cards

  • While large numbers of Canadians avoid filling out warranty cards, many do so without knowing that these cards are often not necessary to have legal warranty. At the same time, a significant number of Canadians are also unaware that companies often use warranty cards for marketing purposes.

New Technologies and Privacy

  • Despite an enormous uptake of new technologies, Canadians remain far from confident in the abilities of their technological knowledge in relation to privacy. Most disturbing, there have been virtually no improvements in this broad indicator going back to the start of the decade.
  • Spam is something which has become an everyday reality of the Information Age, and considerable efforts are underway to combat its continued growth. In that regard, few Canadians perceive that spam is not a significant problem, in general and in their personal life.
  • Despite a fair amount of discussion in privacy circles, Canadians remain generally unaware of radio frequency identification tags being installed in products to allow companies to track the movement of their products. In fact, awareness levels are down slightly from 2006.

Social Insurance Numbers

  • Many Canadians continue to keep their SIN cards in their wallets (albeit on a downward trend). The argument could be made that carrying one's SIN card in a wallet is largely unnecessary and that it has the potential to increase a SIN being used inappropriately if a wallet was either lost or stolen.
  • Canadians overwhelmingly believe that any changes to how SIN information is used by government departments and agencies should require a review process, with many expressing improved comfort if an independent body, such as the OPC, was involved in the review process.
  • On an encouraging note, most Canadians do not provide their SIN to companies or businesses when asked, although some still do. Most disturbing, significant numbers of Canadians are still being asked by companies or stores with the common perception that such requests are inappropriate.

Top of PageTable of Contents3. The Broad Privacy Landscape

  • Privacy continues to mean different things to different individuals. When asked about their top of mind imagery of “privacy”, Canadians point to a range of things as they did at the end of the 1990s. Despite the wide range of imagery, however, Canadians increasingly think about the confidentiality of their personal information when it comes to privacy – while 18 per cent pointed to these types of issues back in 1999, it has now risen to almost 1 in 3. Canadians’ verbatim quotes from this question also underscore these differences.
  • In addition to meaning different things to different people, another key aspect of the current privacy landscape is the fact that the overwhelming majority of Canadians perceive having less protection of their personal information than they did ten years ago. This is a view held by seven in every ten Canadians, and it has changed little in the past few years.
  • There is, at the same time, a considerable segment of the public that believes protecting the privacy of Canadians will be one of the most important issues facing the country over the next ten years. While tracking on this measure is down slightly in the past two years, almost two in every three Canadians hold this view. Reflecting the widespread and growing concerns surrounding identity theft, it is not surprising that even more Canadians believe that protecting individuals from this type of fraud will be one of the most important issues over the next ten years.
  • As mentioned earlier, privacy concerns are far from black and white and they are very context driven. This is evident from the findings that show Canadians have a clear hierarchy of concerns when it comes to both the types of information they may be asked for, and the types of organizations who may be asking for any information. The concern is very high for some types of information, and much lower for other types. Likewise, the concern is very high when dealing with some organizations, and much lower for others. In terms of types of information, there has been a notable rise in the number of Canadians concerned about providing their Social Insurance Number to various organizations. These results are also consistent with the large numbers of Canadians who believe there are few types of personal information that are important to protect than a person’s health history.

Top of mind imagery of privacy

Privacy continues to mean different things to different individuals. When asked about their top of mind imagery of “privacy”, Canadians point to a whole range of things. Despite the wide range of imagery, Canadians increasingly think about the confidentiality of their personal information – while 18 per cent thought of this back in 1999, it has now risen to almost 1 in 3 Canadians.

Confidentiality of personal info (general): 32; Secrecy/others not knowing personal info: 18; Security/protection/encryption/passwords: 7; Home/family/bedroom: 6; Being left alone/no solicitiation/seclusions: 6; Invasion/lack of privacy: 4; Confidentiality of personal info (companies): 3; Confidentiality of personal info (Internet): 3; Tracked by government: 2; Freedom/Non-interference/Anonymity: 2; Other: 8; DK/NR: 9.
Q: When I mention the term privacy, what is the first thing that comes to mind?
(Base: All Canadians; Mar. 2007, n=2001)
*Tracking from 1999

Top of mind imagery of privacy (examples of verbatim quotes)

  • “My personal things.”
  • “Something that belongs to me and not someone else. Something I don’t want getting around.”
  • “Spying – the Patriot Act ?”
  • “The Privacy Act ?”
  • “Government leaks, personal information being leaked somehow ?”
  • “How unprivate things are these days ?”
  • «Undesirable calls, identity thefts in banks or credit card numbers? »
  • “Identity theft ?”
  • “The ability to retain information and distribute at your discretion.”
  • “Technical privacy, the Privacy Act has to be upgraded, people can find ways that might appear to be legal because there is nothing in law that says they cannot do it ?”
  • “PIPEDA ?”
  • “Locking the door when I go to the bathroom ?”
  • « Passports with biometric microchips ? »
  • “I would like all my information kept private because it seems information goes abroad very quickly these days especially with computers ?”

Protection of personal information compared to ten years ago

Today, Canadians continue to overwhelmingly feel they have less protection of their personal information than they did ten years ago — a view held by 7 in 10.

Disagree -- 2005: 16, 2006: 16, 2007: 18; Neither -- 2005: 12, 2006: 11, 2007: 11; Agree -- 2005: 71, 2006: 71, 2007: 70.
Q: I feel I have less protection of my personal information in my daily life than I did ten years ago.
(Base: All Canadians; Mar. 2007, n=2001)

Major issues facing Canada in the future

Although the proportion of Canadians that believe in the importance of protecting personal information in the future continues to decline marginally, almost 3 in 4 believe that protecting Canadians against identity theft will be one of the most important issues facing the country in the future.

Importance of protecting Canadians against identity theft in the next ten years
Disagree -- 2007: 15; Neither -- 2007: 11; Agree -- 2007: 73.
Q: Protecting Canadians against identity theft will be one of the most important issues facing our country in the next ten years.
(Base: All Canadians; Mar. 2007, n=2001 * half sample)
Importance of protecting personal information of Canadians in the next ten years
Disagree -- 2001: 14, 2005: 17, 2006: 18, 2007: 21; Neither -- 2001: 16, 2005: 13, 2006: 15, 2007: 14; Agree -- 2001: 69, 2005: 70, 2006: 66, 2007: 65.
Q: Protecting the personal information of Canadians will be one of the most important issues facing our country in the next ten years.
(BASE: All Canadians; Mar. 2007, n=2001)

Levels of concern providing certain types of information

While there are some Canadians who are concerned about providing any information to any organization, there is a clear hierarchy in concerns depending on the type of information that might be given. Canadians continue to be most concerned about their financial information, their SIN, and health history. This pattern has been remarkably consistent since the end of the 1990s, although the level of concern with giving out a person’s SIN is notably higher today.

Credit card number -- 1999: 5.4, 2007: 5.3; Social insurance number -- 1999: 4.8, 2007: 5.3; Financial situation -- 1999: 5.1, 2007: 5.1; Health history -- 1999: 4.7, 2007: 5.0; Buying habits -- 1999: 4.5, 2007: 4.7; Internet sites visited -- 1999: 4.1, 2007: 4.6; Phone number -- 1999: 3.8, 2007: 3.8; Name -- 1999: 3.7, 2007: 3.6; Address -- 1999: 3.5, 2007: 3.5.
Q: How concerned are you about giving...to ?.?
(Base: All Canadians; Mar. 2007, n=approx. 1,000) *Internet users only

Levels of concern providing information to certain types of organizations

Similar to the concerns about different types of information, Canadians report very different levels of concern about providing different types of information to different types of organizations. In fact, the hierarchy in concerns is even more pronounced when it comes to the types of organizations. Concern levels are most pronounced with telemarketing companies, ISPs, polling and research companies, and least pronounced with governments, the police and doctors.

Telemarketing companies -- 1999: 5.7, 2007: 6.1; Internet service providers -- 1999: 5.3, 2007: 5.4; Polling and research firms -- 1999: 4.8, 2007: 5.2; Cable companies -- 1999: 4.69, 2007: 4.9; Telephone companies -- 1999: 4.7, 2007: 4.9; Companies responsible for credit checks -- 1999: 4.6, 2007: 4.7; Insurance companies -- 1999: 4.6, 2007: 4.6; Canada Post -- 1999: 4.2, 2007: 4.2; Banks -- 1999: 3.9, 2007: 4; Governments -- 1999: 3.9, 2007: 3.8; Police -- 1999: 3.3, 2007: 3.4; Doctors or hospitals -- 1999: 3.3, 2007: 3.4.
Q: How concerned are you about giving...to ?.?
(Base: All Canadians; Mar. 2007, n=approx. 800)

As in previous years, Canadians continue to agree that one of the most important types of personal information that requires protection under privacy laws is health information.

Importance of privacy laws in protecting health information

3 in 5 Canadians continue to agree that health information is one of the most important types of personal information that needs protection through privacy laws.

Disagree -- 2005: 15, 2006: 20, 2007: 22; Neither -- 2005: 23, 2006: 19, 2007: 17; Agree -- 2005: 59, 2006: 59, 2007: 60.
Q: There are few types of personal information that are more important to protect through privacy laws than personal health information.
(Base: All Canadians; Mar. 2007, n=2001)

Top of PageTable of Contents4. Canadians and Protecting their Privacy

  • Despite a slight overall increase in the proportion of Canadians that believe both governments and businesses take protecting personal information seriously, there remains significant room for improvement as only a small proportion of Canadians believe protection of personal information is taken seriously. In fact, less than one in five Canadians believes that governments take these responsibilities very seriously. The proportion is even smaller in relation to the private sector.

  • Few Canadians say that strong privacy laws are not important. That said, however, Canadians continue to place greater importance on having strong privacy laws. Most recently, 4 in 5 place a high level of importance on strong laws (the highest observed to date and up 6 percentage points since 2005).

  • Although a significant proportion of Canadians place a high level of importance on laws to protect personal information, large numbers of Canadians remain poorly informed of the laws that do exist. In fact, more than half report not being aware of any laws currently in place. Similarly, a small number understand their privacy rights or know which government institutions exist that oversee privacy related issues. Most disturbing is the fact that these different measures of awareness have not improved at all in the past few years. In this context, there continues to be a need to raise Canadians' awareness about the laws and institutions in place and what their rights are.

  • There have been a number of high-profile data breaches in both Canada and the United States in the past year or so. While there are laws in the United States that require disclosure of such breaches, no such laws currently exist in Canada today.  In broad terms, Canadians overwhelmingly reject the notion that there is no need for disclosure rules when it comes to information breaches. In fact, the majority feel that government agencies and individuals should be notified regardless of the sensitive nature of the information (and this view has been strengthened over the course of the last year.)

Although still divided, Canadians are slightly less likely to believe that governments and businesses are not taking their responsibility to protect Canadians’ personal information seriously. That said, there is still considerable room for improvement.

Seriousness governments and businesses take in protecting personal info

Despite an overall improvement in the proportion of Canadians that believe both governments and businesses do not take protecting personal information seriously, there remains significant room for improvement as only a small proportion of Canadians believe protection of personal information is taken very seriously.

Perceived seriousness of federal government protecting citizen personal information
Not seriously (1-2) -- 2006: 20, 2007: 16; Moderately seriously (3-5) -- 2006: 62, 2007: 64; Very seriously (6-7) -- 2006: 14, 2007: 17.
Perceived seriousness businesses take in protecting consumer personal information
Not seriously (1-2) -- 2006: 34, 2007: 24; Moderately seriously (3-5) -- 2006: 51, 2007: 59; Very seriously (6-7) -- 2006: 11, 2007: 13.
Q: In your opinion, how seriously does the federal government take its responsibility to protect citizen personal information. Please use a scale from 1 to 7, where 1 is not at all seriously, 7 is extremely seriously and 4 is somewhat seriously. And on the same scale, how seriously do businesses take their responsibility to protect consumer personal information?
(BASE: All Canadians; March 07, n=2001)

Importance of strong privacy laws

Canadians continue to place greater importance on having strong privacy laws. 4 in 5 place a high level of importance on having strong laws (the highest observed to date).

Low importance (1-2) -- 2005: 2, 2006: 2, 2007: 3; Moderate importance (3-5) -- 2005: 24, 2006: 20, 2007: 17; High importance (6-7) -- 2005: 74, 2006: 77, 2007: 80.
Q: How important is it to you personally to have strong laws to protect Canadians' personal information? Please use a scale from 1 to 7, where 1 is not at all important, 7 is extremely important and 4 is somewhat important.
(Base: All Canadians; Mar. 2007, n=2001)

Awareness of laws that deal with protecting personal information

Although a significant proportion of Canadians strongly place a high level of importance on laws to protect personal information, large numbers of Canadians remain poorly informed about the laws that do exist. In fact, more than half report not being aware of any that are currently in place.

Yes, clearly -- 2005: 20, 2006: 20, 2007: 19; Yes, vaguely -- 2005: 28, 2006: 23, 2007: 26; No -- 2005: 52, 2006: 56, 2007: 54.
Q: Are you aware of any laws that help Canadians deal with privacy and the protection of personal information?
(Base: All Canadians; Mar. 2007, n=2001)

Awareness of rights in how governments and businesses use personal info

Not surprisingly, with low awareness of privacy laws, almost 3 in 5 are not aware of their rights in relation to how governments and companies collect and disclose personal information.

Yes, clearly -- 2007: 12; Yes, vaguely -- 2007: 27; No -- 2007: 60.
Q: And are you aware of your rights when it comes to how governments and companies collect, use and disclose your personal information?
(Base: All Canadians; Mar. 2007, n=2001)

As Canadians increasingly express the importance of having strong privacy rules and regulations in place to provide proper security for personal information, a surprisingly small proportion have a high level of awareness about the laws or government departments in place to assist them with privacy-related issues. Within this context, there continues to be a need to raise Canadians' awareness about the current laws in place and what their rights are.

Awareness of specific laws

Despite similarly lower levels of awareness, Canadians who report some awareness of privacy laws are increasingly able to name specific laws. In fact, awareness of the Privacy Act has increased while those who are unable to name any laws continues to decrease.

Privacy Act -- 2005: 33, 2006: 33, 2007: 39; PIPEDA -- 2005: 8, 2006: 9, 2007: 9; Freedom of Information -- 2005: 6, 2006: 9, 2007: 5; Personal Health Information Protection Act -- 2005: 3, 2006: 5, 2007: 4.
Charter of Rights -- 2005: 3, 2006: 3, 2007: 3; Other -- 2005: 2, 2006: 14, 2007: 18; Unable to name law -- 2005: 46, 2006: 36, 2007: 34.
Q: Which laws are you aware of?
(Base: Those report “vague” to “clear” awareness of privacy laws; Mar. 2007, n=895)

Awareness levels of specific laws and institutions that can assist Canadians with any invasion of privacy are considerably low. While the proportion of Canadians that know about the Privacy Act and the Privacy Commissioner has increased, knowledge of other laws and institutions is particularly low. Furthermore, Canadians are relatively unaware of their own rights in relation to personal information collected by governments and businesses.

Awareness about federal institutions

Canadians are even less familiar with the institutions who oversee privacy related issues. Most recently, more than 3 in 4 of all Canadians say they are unaware of any federal institution that would help deal with privacy issues and the protection of personal information in case of inappropriate collection, use and disclosure.

Yes, clearly -- 2005: 7, 2006: 8, 2007: 8; Yes, vaguely -- 2005: 13, 2006: 13, 2007: 14; No -- 2005: 78, 2006: 77, 2007: 77.
Q: And are you aware of any federal institutions that help Canadians deal with privacy and the protection of personal information from inappropriate collection, use and disclosure?
(Base: All Canadians; Mar. 2007, n=2001)

Awareness of specific federal institutions

Although there has been a reduction in the proportion of Canadians that could not name or did not know of a federal institution that assisted in privacy matters, awareness of several institutions also fell.

Privacy Commissioner -- 2005: 24, 2006: 26, 2007: 21; Justice agencies -- 2005: 4, 2006: 1, 2007: 1; Law enforcement -- 2005: 4, 2006: 5, 2007: 4; Canada Revenue Agency: 2005: 4, 2006: 5, 2007: 3.
Consumer protection agencies -- 2005: 3, 2006: 3, 2007: 5; Human Rights Commissioner -- 2005: 3, 2006: 2, 2007: 2; Government Ombudsman -- 2005: 2, 2006: 1, 2007: 2; Other -- 2005: 4, 2006: 11, 2007: 4; DK/NR -- 2005: 50, 2006: 48, 2007: 57.
Q: Which federal institutions are you aware of?
(Base: Those report “vague” to “clear” awareness of privacy laws; Mar. 2007, n=461)

Rating knowledge of privacy rights

Almost half of all Canadians would rate their overall knowledge of their privacy rights under various laws as poor. In fact, only 1 in 5 express an above average amount of knowledge (and down slightly from last year).

Very poor -- 2001: 23, 2005: 13, 2006: 8, 2007: 11; Poor -- 2001: 37, 2005: 34, 2006: 33, 2007: 36; Neither good nor bad -- 2001: 26, 2005: 33, 2006: 32, 2007: 32; Good -- 2001: 11, 2005: 15, 2006: 22, 2007: 16; Very good -- 2001: 2, 2005: 3, 2006: 4, 2007: 3.
Q: How would you rate your knowledge of your privacy rights under the various laws protecting your personal information?
(BASE: All Canadians; Mar. 2007, n=2001)

Rating own protection of personal information

Despite the overall poor knowledge of personal rights under various privacy laws, Canadians believe they are doing a relatively good job at taking the proper precautions in protecting their own personal information (although there continues to be room for improvement).

Very good -- 2006: 17, 2007: 17; Good -- 2006: 53, 2007: 52; Neither good nor bad -- 2006: 21, 2007: 22; Poor -- 2006: 8, 2007: 6; Very poor -- 2006: 1, 2007: 2.
Q: In your day to day life, how good of a job would you say you are doing to protect the privacy of your own personal information?
(BASE: All Canadians; March. 07, n=2001)

Notification of information breaches

Canadians overwhelmingly reject the notion that there is no need for disclosure rules when it comes to information breaches. In fact, the majority feel that government agencies and individuals should be notified regardless of the sensitive nature of the information (and this view has been strengthened over the course of the last year.)

Breach involving SENSITIVE information
Notify affected individuals -- 2006: 19, 2007: 13; Notify government agencies -- 2006: 6, 2007: 7; Notify both -- 2006: 68, 2007: 77; No need to notify anyone -- 2006: 4, 2007; 1; DK/NR -- 2006: 3, 2007: 1.
Breach involving NON-SENSITIVE information
Notify affected individuals -- 2006: 21, 2007: 20; Notify government agencies -- 2006: 9, 2007: 7; Notify both -- 2006: 61, 2007: 66; No need to notify anyone -- 2006: 6, 2007: 5; DK/NR -- 2006: 3, 2007: 2.
Q: Sometimes, personal information that is held by a company about their customers might be compromised, either due to criminal activity or due to a flaw in the company's security system. If a company were to experience a breach involving SENSITIVE/NON-SENSITIVE personal information, which of the following best describes your views? Would you say that companies should be required to ...
(Base: All Canadians; Mar. 2007, n=2001 *half samples)

Top of PageTable of Contents5. The Privacy Act

  • Promulgated in 1983, the Privacy Act is the federal legislation that oversees the federal public sector’s information practices. Despite a dramatically different environment from the 1980s, the Act has not been substantially updated since coming into effect. Although a large segment of the public has low levels of awareness about current laws in place to protect the personal information of Canadians, many increasingly believe that there is a strong need to modernize the Privacy Act to keep pace with the new threats faced by new technology. In fact, those who say there is a great need to modernize the Act has increased 7 percentage points since last year.
  • Closely related and reflecting a rising importance of strong privacy laws, Canadians are assigning a higher priority for the federal government to modernize the Privacy Act. Most recently, 1 in 2 Canadians assign the highest levels of priority to this task, up 5 percentage points from last year.
  • Canadians’ opinions vary considerably as to which federal privacy laws need to be stronger. While a significant proportion believe laws covering the private sector need to be stronger than those overseeing government, similar numbers say the reverse or that they need to be equally strong.
  • Knowledge of the sanctions/penalties under the Privacy Act for offending government departments, agencies and employees is relatively low. That said, there is little separation between the proportion of Canadians that believe a sanction/penalty is in place compared to those that believe a sanction/penalty should be in place. That said, the findings suggest that the provisions most Canadians assume to be in place are not in fact as strong as their expectations.

Canadians increasingly believe the Privacy Act to be outdated to many of the current threats faced in the privacy landscape. Most agree that modernization is necessary and should be a major priority for the government.

Need to modernize the Privacy Act

Although a large segment of the public has low levels of awareness of current laws in place to protect the personal information of Canadians, many increasingly believe that there is a strong need to modernize the Privacy Act to keep pace with the new threats faced by new technology.

Low extent (1-2) -- 2006: 4, 2007: 3; Moderate extent (3-5) -- 2006: 26, 2007: 22; High extent (6-7) -- 2006: 67, 2007: 74.
Q: The Privacy Act requires federal government departments and agencies to respect privacy rights by limiting the collection, use and disclosure of personal information. The Act also gives individuals the right to access and request correction of personal information about themselves held by these federal government organizations. The Act has not been substantially updated since coming into effect in 1983. On a scale from 1 to 7, where 1 means no extent whatsoever, 7 means a great extent, and 4 means to some extent, to what extent do you believe there is a need to modernize the Privacy Act to ensure the Act is keeping pace with new technology and is providing appropriate checks and balances to government use of personal information.?
(BASE: All Canadians; March 07, n=2001)

Priority at which to modernize the Privacy Act

Reflecting a rising importance of strong privacy laws, Canadians are assigning greater importance to modernizing the Privacy Act. Most recently, 1 in 2 Canadians assign the highest levels of priority to this task, up 5 percentage points from last year.

Low extent (1-2) -- 2006: 4, 2007: 4; Moderate extent (3-5) -- 2006: 49, 2007: 45; High extent (6-7) -- 2006: 45, 2007: 50.
Q: What priority should the federal government place on modernizing the Privacy Act? Please rate your response on a 7-point scale where 1 means the lowest priority, 7 means the highest priority and the midpoint 4 means a middle priority.
(BASE: All Canadians; March 07, n=2001)

Public and private sector privacy laws

Canadians’ opinions vary considerably as to which federal privacy laws need to be stronger. While a significant proportion believe laws covering the private sector need to be stronger than those governing government, similar numbers say the reverse or that they need to be equally strong.

Federal privacy laws covering fed. govt. depts. and agencies NEED to be stronger than those covering the private sector -- 2007: 31; Federal privacy laws covering the private sector NEED to be stronger than those covering fed. govt. depts. and agencies -- 2007: 33; Both laws need to be equally strong in terms of privacy protection -- 2007: 27; DK/NR -- 2007: 8.
Q: Today, there are different federal privacy laws that cover the activities of the private sector and those of federal government departments. Which of the following best describes your views?
(BASE: All Canadians; March 07, n=1152)

Knowledge of the sanctions/penalties under the Privacy Act for offending government departments, agencies and employees is relatively low. That said, there is little separation between the proportion of Canadians that believe a sanction/penalty is in place compared to those that believe a sanction/penalty should be in place. This suggests that most Canadians assume that the provisions they believe to be in place are, in fact, stronger than they actually are.

Financial penalties and the Privacy Act

While 2 in 3 Canadians believe that federal government departments can have financial penalties imposed on them for not preventing an information breach, almost 8 in 10 believe a financial penalty should be imposed should a government department fail in this aspect.

Yes -- CAN financial penalties be imposed: 64, SHOULD financial penalties be imposed: 79; No -- CAN financial penalties be imposed: 28, SHOULD financial penalties be imposed: 17.
Q: Do you think that financial penalties can be imposed on a federal government department if it was found to be responsible for not having done enough/And SHOULD financial penalties be imposed on that department if it was found responsible for not having done enough to prevent an information breach?
(Base: All Canadians; Mar. 2007, n=2001)

Sanctions on public servants and the Privacy Act

Canadians are far more likely to believe that public servants can be sanctioned for inappropriate action with an overwhelming majority believing the government department involved should be taken to federal court for financial damages in the case of an information breach.

Yes -- CAN sanctions be imposed: 87, SHOULD sanctions be imposed: 93; No -- CAN sanctions be imposed: 9, SHOULD sanctions be imposed: 4.
Q: Do you think that sanctions could be imposed on public servants if it turned out they had acted inappropriately, ranging from disciplinary action to being dismissed/And SHOULD sanctions be imposed on public servants if it turned out they had acted inappropriately, ranging from disciplinary action to being dismissed?
(Base: All Canadians; Mar. 2007, n=2001)

Financial damages and the Privacy Act

Although not as strong as sanctions on public servants, Canadians are likely to believe that the government could be taken to Federal Court to seek financial damages for individual who had their information breached. Similarly, a large proportion believe these sanctions should be in place.

Yes -- CAN be taken to federal court: 70, SHOULD be taken to federal court: 88; No -- CAN be taken to federal court: 21, SHOULD be taken to federal court: 8.
Q: Do you think that a federal government department could be taken to Federal Court to seek financial damages for individuals who had their information breached/And SHOULD it be possible to take a federal government department to federal court to seek financial damages for individuals who had their information breached?
(Base: All Canadians; Mar. 2007, n=2001)

Top of PageTable of Contents6. Warranty Cards

  • Generally speaking, large numbers of Canadians avoid filling out warranty cards with only a small proportion doing so regularly.
  • Awareness levels of what warranty cards are used for and why companies use them vary. Almost half of all Canadians are unaware that warranty cards are often not necessary to ensure a consumer has a legal warranty while a significant number of Canadians were unaware that companies often use warranty cards for marketing purposes.

Generally speaking, large numbers of Canadians avoid filling out warranty cards with only a small proportion doing so regularly. For the most part, a majority of Canadians are unaware that warranty cards are often not necessary for a legal warranty and that many companies use them for marketing purposes.

Filling out warranty cards

The proportion of Canadians that do not fill out warranty cards is equal to the amount that fill them out some of the time. Only 1 in 10 report always filling out warranty cards.

Always fill them out -- 2007: 11; Fill them out some of the time -- 2007: 43; Do not fill them out -- 2007: 46.
Q: When Canadians purchase certain types of products, they are asked to complete the WARRANTY CARD and to send it in to the manufacturer. How often would you say you fill out these warranty cards? Would you say you typically ...
(Base: All Canadians; Mar. 2007, n=2001)

Awareness of practices relating to warranty cards

The majority of Canadians are unaware that warranty cards are not necessary to ensure legal warranty. Furthermore, a significant proportion are unaware that companies use warranty cards to collect personal information from their customers.

Yes, clearly -- 2007: 38; Yes, vaguely -- 2007: 12; No -- 2007: 48.
Q: Are you aware that warranty cards are often not needed to ensure that you have a legal warranty?
(Base: All Canadians; Mar. 2007, n=2001)
Yes, clearly -- 2007: 46; Yes, vaguely -- 2007: 13; No -- 2007: 40.
Q: And are you aware that many companies use product warranty cards to collect personal information for marketing purposes such as sending you information in the mail and telemarketing calls?
(Base: All Canadians; Mar. 2007, n=2001)

Top of PageTable of Contents7. New Technologies and Privacy

  • Canadians are far from confident in the abilities of their technological knowledge in relation to privacy. In fact, only half of all Canadians feel confident that they know how new technologies might affect their personal privacy. There have been few improvements in these perceptions despite an enormous growth in the use of many of these new technologies. Not surprisingly, growing numbers of Canadians believe that well publicized concerns are not overblown and have merit.
  • Canadians believe that much of the pessimistic publicity attributed to the negative consequences of technology on the protection of personal information is warranted.
  • Spam is something which has become an everyday reality of the Information Age, and considerable efforts are underway to combat its continued growth. In that regard, few Canadians perceive that spam is not a significant problem. In fact, the overwhelming majority — almost 3 in 4 — believe that it is more than a moderately significant issue. And while fewer Canadians believe that it is as significant a problem for them personally, the proportion who say that it is more than a moderately significant issue is still almost 1 in 2.
  • Despite a fair amount of discussion in privacy circles, Canadians remain generally unaware of radio frequency identification tags being installed in products to allow companies to track the movement of their products. In fact, awareness levels are down slightly from 2006.

Canadians are far from confident with their knowledge of new technologies and how they might affect personal information. In fact, only half of all Canadians hold this view. There have been few improvements in these perceptions despite enormous growth in the use of many of these new technologies. Not surprisingly, growing numbers believe that well publicized concerns are not overblown and have merit.

Knowing how new technology affects privacy

Despite spectacular growth in Canadians’ use of new technologies, they are no more informed about the potential privacy implications compared to 2000. In fact, only half of all Canadians agree they have enough information to know how new technology might affect their personal information.

Disagree -- 2000: 29, 2001: 27, 2003: 27, 2005: 34, 2006: 31, 2007: 32; Neither -- 2000: 18, 2001: 16, 2003: 15, 2005: 17, 2006: 17, 2007: 16; Agree -- 2000: 50, 2001: 53, 2003: 54, 2005: 47, 2006: 51, 2007: 51.
Q: I feel confident that I have enough information to know how new technologies might affect my personal privacy.
(Base: All Canadians; July 06, n=2001)

Negative consequences of new technology and personal information

Perhaps due to highly publicized breaches of personal information in the previous years, Canadians are more likely to disagree that the claims about the negative consequences of technology on the protection of personal information are overblown.

Disagree -- 2005: 38, 2006: 39, 2007: 45; Neither -- 2005: 24, 2006: 18, 2007: 18; Agree -- 2005: 35, 2006: 40, 2007: 36.
Q: I think the claims about the negative consequences of technology on the protection of personal information are overblown.*
(Base: All Canadians; Mar. 2007, n=2001)

Perceptions of spam

Few Canadians perceive that spam is not a significant problem. In fact, the overwhelming majority — almost 3 in 4 — perceive that it is more than a moderately significant issue. And while fewer Canadians believe that it is as significant a problem for them personally, the proportion who say that it is more than a moderately significant issue is almost 1 in 2.

Not at all significant (1) -- 2007: 5; (2-3) -- 2007: 4; Moderately significant (4) -- 2007: 15; (5-6) -- 2007: 32; Extremely significant (7) -- 2007: 40.
Q: Spam is defined as unsolicited "junk" email set to large numbers of people to promote products or services. How significant a problem is spam today? Please use a scale from 1 to 7, where 1 is not at all significant, 7 is extremely significant, and 4 is moderately significant.
(BASE: All Canadians; Mar. 2007, n=1152)
Perception of spam on them personally
Not at all significant (1) -- 2007: 5; (2-3) -- 2007: 4; Moderately significant (4) -- 2007: 15; (5-6) -- 2007: 32; Extremely significant (7) -- 2007: 40.
Q: And using the same scale, how significant a problem is spam for you personally?
(BASE: All Canadians; Mar. 2007, n=1152)

Awareness of radio frequency identification tags

More than 3 in 5 Canadians have not heard anything about this technology. In fact, despite the growing debate on RFIDS in privacy circles, most Canadians remain very unfamiliar with the technology in the first place.

Not at all significant (1) -- 2007: 5; (2-3) -- 2007: 4; Moderately significant (4) -- 2007: 15; (5-6) -- 2007: 32; Extremely significant (7) -- 2007: 40.
Q: Radio frequency identification or RFID tags use wireless technology and are designed to allow things to be tracked and monitored. When installed in products, they allow companies to keep track of products in warehouses and retail stores. Before this survey, have you ever read or heard about radio frequency identification tags?
(Base: All Canadians; Mar. 2007, n=1152)

Top of PageTable of Contents8. Social Insurance Numbers

  • While the majority of Canadians with a SIN have their number memorized, a little more than 1 in 3 have not memorized it.
  • This, in part, explains why large numbers of Canadians continue to keep their SIN cards in their wallets (although many who have memorized their SIN also do so). The argument could be made that carrying a SIN card in a wallet is largely unnecessary and that it has the potential to increase a SIN being used inappropriately (if a wallet was either lost or stolen). In the past year, almost a third of Canadians have been asked for their SIN by a store or company, with the majority of those being asked for this information feeling that it was inappropriate.
  • Canadians overwhelmingly believe that any changes to how SIN information is used by government departments and agencies should require a review process, with half of those expressing an improved comfort if an independent body, such as the Privacy Commissioner of Canada, were involved in the review process.
  • The majority of Canadians do not provide their SIN to any company or business when asked, although about 1 in 5 in five does so at least some of the time. In the past year, about a third of Canadians have been asked by a company or store for their SIN. Among those who have been asked for this information, more than half felt that the requests were inappropriate.

While the majority of Canadians with a SIN have their number memorized, a sizeable proportion — a little more than 1 in 3 — have not memorized it. This, in part, explains why large numbers of Canadians continue to keep their SIN cards in their wallets (although many who have memorized a SIN also do so). The argument could be made that carrying their SIN card in a wallet is largely unnecessary and that it has the potential to increase a SIN being used inappropriate (if a wallet was either lost or stolen). In the past year, almost a third of Canadians have been asked for their SIN by a store, with the majority of those being asked feeling that it was inappropriate.

Canadians and memorizing their SIN

Large numbers of Canadians, little over 1 in 3, have not memorized their SIN — in part explaining why many continue to carry their SIN card on them.

Yes -- 2007: 65; No -- 2007: 35.
Q: Have you memorized your Social Insurance number?
Base: Canadians with a SIN; Mar. 2007, n=1981)

Where Canadians keep their SIN card

While there is limited need to carry one’s SIN card on them, there continues to be large numbers who do so (albeit on a downward trend).

In wallet/on person -- 2005: 62, 2006: 58, 2007: 46; At home -- 2005: 20, 2006: 22, 2007: 28; Secure location outside of home -- 2005: 8, 2006: 5, 2007: 10; Card is lost/not sure where card is located -- 2005: 7, 2006: 6, 2007: 9; Other -- 2006: 3, 2007: 2.
Q: Where do you keep your Social Insurance Number card?
(Base: Canadians with a SIN; Mar. 2007, n=1981)

Importance of review process for new uses of SIN

When it comes to governments using SIN information in new methods, Canadians agree that a review process should be undertaken first.

Little extent (1-2) -- 2007: 9; Some extent (3-5) -- 2007: 38; Great extent (6-7) -- 2007: 48.
Q: Currently, federal government departments and agencies are not allowed to use Social Insurance Numbers in any way that is not specifically outlined through policies and regulations. Thinking about possible NEW uses of the SIN by federal government departments and agencies in the future, to what extent is there a need for a review process before they are allowed to collect and use Social Insurance Numbers in a NEW way? Please use a scale from 1 to 7, where 1 means no extent whatsoever, 7 means a great extent, and 4 means to some extent.
(Base: All Canadians; Mar. 2007, n=2001)

Comfort level with independent bodies providing review

While there are sizeable numbers who say it would have no impact, almost 1 in 2 Canadians say the involvement of an independent body, such as the Office of the Privacy Commissioner of Canada, would make them more comfortable when it comes to any review of proposed new uses of the SIN.

Much more comfortable -- 2007: 13; More comfortable -- 2007: 37; No more or no less comfortable -- 2007: 37; Less comfortable -- 2007: 7; Much less comfortable -- 2007: 2.
Q: When it comes to any review of proposed new uses of the SIN, would the involvement of an independent body such as the Office of the Privacy Commissioner of Canada make you much more comfortable, more comfortable, less comfortable, much less comfortable, or make you no more or no less comfortable?
(Base: All Canadians; Mar. 2007, n=2001)

Giving SIN information to businesses

While almost 4 in 5 Canadians would not provide their SIN to companies and stores that ask for this information it is still a little concerning that about 1 in 5 would do so at least some of the time.

Give them your SIN most of the time -- 2007: 5; Give them your SIN some of the time -- 2007: 16; Not give them your SIN -- 2007: 79.
Q: Individuals may be asked for their Social Insurance Number by different companies or stores that they deal with. When you are asked by a company or store, would you typically ...
(Base: All Canadians; Mar. 2007, n=1981)

Businesses asking for SINs

Although most Canadians have not been asked to provide their SIN by a company in the past year, more than half that have provided this information felt that such a request was inappropriate.

Have not been asked in the past year -- 2007: 65; 1 to 2 times -- 2007: 21; 3 to 4 times -- 2007: 8; 5 times or more -- 2007: 5.
Per cent of Canadians that thought these requests were not appropriate
Yes -- 2007: 54; No -- 2007: 45.
Q: Excluding your bank/financial institution, how often have you been asked in the PAST YEAR for your Social Insurance Number by a company or store that you have dealt with/Did you feel that any of these requests for your Social Insurance Number were not appropriate?
(Base: All Canadians/ Canadians asked to provide SIN; Mar. 2007, n=1981/612)

Top of PageTable of ContentsAppendix A: Survey Questionnaire

INTRO

Hello, my name is ... and I'm calling from EKOS Research Associates. We are conducting a short survey on behalf of the Government of Canada on a number of issues currently in the news. It is totally voluntary and all responses will be kept strictly confidential. We are talking to people 16 years and over who are permanent residents of Canada. May I begin?

SEX

DO NOT ASK

Gender of respondent

  1. Male (1)
  2. Female (2)

TRM4

When I mention the term privacy, what is the first thing that comes to mind?

  1. Response (specify) (01)
  2. DK/NR (99)

INU

In the past 3 months, have you used the Internet either at home or elsewhere?

  1. Yes (1)
  2. No (2)
  3. DK/NR (9)

PREIF

There are some questions in the survey about what people feel or think about personal information. By personal information we mean any information about an individual's identity, ranging from name, age and address to health history, employment status and income.

AGR_1

Please rate the degree to which you agree or disagree with the following statements using a 7 point scale where 1 means you strongly disagree, 7 means you strongly agree and the mid-point 4 means you neither agree nor disagree.

DAI6B

I feel I have less protection of my personal information in my daily life than I did ten years ago.

  1. 1 Strongly disagree (1)
  2. 2 (2)
  3. 3 (3)
  4. 4 Neither agree nor disagree (4)
  5. 5 (5)
  6. 6 (6)
  7. 7 Strongly agree (7)
  8. DK/NR (9)

PDI6B

Protecting the personal information of Canadians will be one of the most important issues facing our country in the next ten years.

PDI6C

Protecting Canadians against identity theft will be one of the most important issues facing our country in the next ten years.

ENO6

I feel confident that I have enough information to know how new technologies might affect my personal privacy.

OBLN2

I think the claims about the negative consequences of technology on the protection of personal information are overblown.

FT6

There are few types of personal information that are more important for privacy laws to protect than personal health information.

PRE5

I am going to read a list of different types of information and different types of organizations. For each of the following, how concerned are you about giving the following information to the organization named. Please use a scale from 1 to 7, where 1 means you are not at all concerned, 7 means extremely concerned, and 4 means you are moderately concerned.

TYPE OF INFORMATION

  1. your name (01)
  2. your social insurance number (02)
  3. your financial situation (03)
  4. your address (04)
  5. your health history (05)
  6. your phone number (06)
  7. your buying habits (07)
  8. your credit card number (08)
  9. which Internet sites you visit (09)

TYPE OF ORGANIZATION

  1. telephone companies (01)
  2. banks (02)
  3. companies responsible for credit checks (03)
  4. doctors or hospitals (04)
  5. insurance companies (05)
  6. the police (06)
  7. polling and social research companies (07)
  8. governments (08)
  9. cable companies (09)
  10. telemarketing companies (10)
  11. Internet service providers (ISP) (11)
  12. Canada Post (12)

GVA4

How concerned are you about giving... to ?

  1. 1 Not at all concerned (1)
  2. 2 (2)
  3. 3 (3)
  4. 4 Moderately concerned (4)
  5. 5 (5)
  6. 6 (6)
  7. 7 Extremely concerned (7)
  8. DK/NR (9)

GVB4

How concerned are you about giving... to ?

GVC4

How concerned are you about giving... to ?

GVD4

How concerned are you about giving... to ?

GVE4

How concerned are you about giving... to ?

ILAW2

How important is it to you personally to have strong laws to protect Canadians' personal information? Please use a scale from 1 to 7, where 1 is not at all important, 7 is extremely important and 4 is somewhat important.

  1. 1 Not at all important (1)
  2. 2 (2)
  3. 3 (3)
  4. 4 Somewhat important (4)
  5. 5 (5)
  6. 6 (6)
  7. 7 Extremely important (7)
  8. DK/NR (9)

AWAR1

Are you aware of any laws that help Canadians deal with privacy and the protection of personal information?

  1. Yes, clearly (1)
  2. Yes, vaguely (2)
  3. No (3)
  4. DK/NR (9)

AWAR2

DO NOT READ - DO NOT PROMPT

Which laws are you aware of?

  1. Response (77)
  2. DK/NR (99)

AWR1B

And are you aware of your rights when it comes to how governments and companies collect, use and disclose your personal information?

  1. Yes, clearly (1)
  2. Yes, vaguely (2)
  3. No (3)
  4. DK/NR (9)

AWAR3

And are you aware of any federal institutions that help Canadians deal with privacy and the protection of personal information from inappropriate collection, use and disclosure?

  1. Yes, clearly (1)
  2. Yes, vaguely (2)
  3. No (3)
  4. DK/NR (9)

AWAR4

DO NOT READ - DO NOT PROMPT

Which FEDERAL INSTITUTIONS are you aware of?

  1. Response (77)
  2. DK/NR (99)

KNOW6

How would you rate your knowledge of your privacy rights under the various laws protecting your personal information? Would you say very poor, poor, neither good nor bad, good or very good?

  1. Very poor (1)
  2. Poor (2)
  3. Neither good nor bad (3)
  4. Good (4)
  5. Very good (5)
  6. DK/NR (9)

PACT6

The Privacy Act requires federal government departments and agencies to respect privacy rights by limiting the collection, use and disclosure of personal information.

The Act also gives individuals the right to access and request correction of personal information about themselves held by these federal government organizations.

The Act has not been substantially updated since coming into effect in 1983.

  1. Continue (1)

EXPA6

On a scale from 1 to 7, where 1 means no extent whatsoever, 7 means a great extent, and 4 means to some extent, to what extent do you believe there is a need to modernize the Privacy Act to ensure the Act is keeping pace with new technology and is providing appropriate checks and balances to government use of personal information.?

  1. 1 No extent whatsoever (1)
  2. 2 (2)
  3. 3 (3)
  4. 4 Some extent (4)
  5. 5 (5)
  6. 6 (6)
  7. 7 A great extent (7)
  8. DK/NR (9)

PUPA6

What priority should the federal government place on modernizing the Privacy Act? Please rate your response on a 7-point scale where 1 means the lowest priority, 7 means the highest priority and the midpoint 4 means a middle priority.

  1. 1 Lowest priority (1)
  2. 2 (2)
  3. 3 (3)
  4. 4 Middle priority (4)
  5. 5 (5)
  6. 6 (6)
  7. 7 Highest priority (7)
  8. DK/NR (9)

P1

It is possible that Canadians' personal information held by a federal government department could be compromised, either due to criminal activity, unauthorized uses, a flaw in the government's systems or practices, or even accidentally. If a federal government department were to experience a breach involving citizens' personal information, which of the following is true today?

P2

If a fed. govt. department were to experience a breach ...
Do you think that financial penalties can be imposed on a federal government department if it was found to be responsible for not having done enough?

  1. Yes (1)
  2. No (2)
  3. DK/NR (9)

P2B

And SHOULD financial penalties be imposed on that department if it was found responsible for not having done enough to be prevent an information breach?

  1. Yes (1)
  2. No (2)
  3. DK/NR (9)

P3

If a fed. govt. department were to experience a breach ...
Do you think that sanctions could be imposed on public servants if it turned out they had acted inappropriately, ranging from disciplinary action to being dismissed?

  1. Yes (1)
  2. No (2)
  3. DK/NR (9)

P3B

And SHOULD sanctions be imposed on public servants if it turned out they had acted inappropriately, ranging from disciplinary action to being dismissed?

  1. Yes (1)
  2. No (2)
  3. DK/NR (9)

P4

If a fed. govt. department were to experience a breach ...
Do you think that a federal government department could be taken to federal court to seek financial damages for individuals who had their information breached?

  1. Yes (1)
  2. No (2)
  3. DK/NR (9)

P4B

And SHOULD it be possible to take a federal government department to federal court to seek financial damages for individuals who had their information breached?

  1. Yes (1)
  2. No (2)
  3. DK/NR (9)

CMP1

Today, there are different federal privacy laws that cover the activities of the private sector and those of federal government departments.

Which of the following best describes your views?

  1. Federal privacy laws covering federal government departments NEED to be stronger than those covering the private sector (1)
  2. Federal privacy laws covering the private sector NEED to be stronger than those covering federal government departments and agencies (2)
  3. (DO NOT READ) Both laws need to be equally strong in terms of privacy protection (3)
  4. (DO NOT READ) DK/NR (9)

NOTF1

READ LIST

Sometimes, personal information that is held by a company about their customers might be compromised, either due to criminal activity or due to a flaw in the company's security system. If a company were to experience a breach involving (Permute : SENSITIVE/NON-SENSITIVE) personal information, which of the following best describes your views? Would you say that companies should be required to ...

  1. notify individuals who are affected (1)
  2. notify government agencies who oversee Canada's privacy laws (2)
  3. notify both individuals and government agencies (3)
  4. There is no need to notify either individuals or government agencies (4)
  5. (DO NOT READ) DK/NR (9)

IMPR6

In your day to day life, how good of a job would you say you are doing to protect the privacy of your own personal information. Would you say very poor, poor, neither good nor bad, good or very good?

  1. Very poor (1)
  2. Poor (2)
  3. Neither good nor bad (3)
  4. Good (4)
  5. Very good (5)
  6. DK/NR (9)

WC

READ LIST

When Canadians purchase certain types of products, they are asked to complete the WARRANTY CARD and to send it in to the manufacturer. How often would you say you fill out these warranty cards? Would you say you typically ...

  1. always fill them out (1)
  2. fill them out some of the time (2)
  3. do not fill them out (3)
  4. (DO NOT READ) Not applicable (4)
  5. (DO NOT READ) DK/NR (9)

WC2

IF YES, PROMPT FOR CLEAR OR VAGUE RECALL

Are you aware that warranty cards are often not needed to ensure that you have a legal warranty?

  1. Yes, clearly (1)
  2. Yes, vaguely (2)
  3. No (3)
  4. DK/NR (9)

WC3

IF YES, PROMPT FOR CLEAR OR VAGUE RECALL

And are you aware that many companies use product warranty cards to collect personal information for marketing purposes such as sending you information in the mail and telemarketing calls?

  1. Yes, clearly (1)
  2. Yes, vaguely (2)
  3. No (3)
  4. DK/NR (9)

RFID6

Radio frequency identification or RFID tags use wireless technology and are designed to allow things to be tracked and monitored. When installed in products, they allow companies to keep track of products in warehouses and retail stores. Before this survey, have you ever read or heard about radio frequency identification tags?

  1. Yes, definitely (1)
  2. Yes, maybe (2)
  3. No (3)
  4. DK/NR (9)

SPM

Spam is defined as unsolicited "junk" email set to large numbers of people to promote products or services. How significant a problem is spam today? Please use a scale from 1 to 7, where 1 is not at all significant, 7 is extremely significant, and 4 is moderately significant.

  1. 1 Not at all significant (1)
  2. 2 (2)
  3. 3 (3)
  4. 4 Moderately significant (4)
  5. 5 (5)
  6. 6 (6)
  7. 7 Extremely significant (7)
  8. DK/NR (9)

SPM2

And using the same scale, how significant a problem is spam for you personally?

  1. 1 Not at all significant (1)
  2. 2 (2)
  3. 3 (3)
  4. 4 Moderately significant (4)
  5. 5 (5)
  6. 6 (6)
  7. 7 Extremely significant (7)
  8. DK/NR (9)

SYFG6

In your opinion, how seriously does the federal government take its responsibility to protect citizen personal information? Please use a scale from 1 to 7, where 1 is not at all seriously, 7 is extremely seriously and 4 is somewhat seriously.

  1. 1 Not at all seriously (1)
  2. 2 (2)
  3. 3 (3)
  4. 4 Somewhat seriously (4)
  5. 5 (5)
  6. 6 (6)
  7. 7 Extremely seriously (7)
  8. DK/NR (9)

SRYB6

And on the same scale, how seriously do businesses take their responsibility to protect consumer personal information?

  1. 1 Not at all seriously (1)
  2. 2 (2)
  3. 3 (3)
  4. 4 Somewhat seriously (4)
  5. 5 (5)
  6. 6 (6)
  7. 7 Extremely seriously (7)
  8. DK/NR (9)

PR

The next questions are about the Social Insurance Number, otherwise referred to as the SIN number.

ISIN

Do you have a Social Insurance Number?

  1. Yes (1)
  2. No (2)
  3. DK/NR (9)

MSIN

Have you memorized your Social Insurance number?

  1. Yes (1)
  2. No (2)
  3. DK/NR (9)

KSIN

PROMPT IN NECESSARY

Where do you keep your Social Insurance Number card?

  1. In wallet/on person (01)
  2. At home (02)
  3. Secure location outside of home (e.g., safety deposit box, storage) (03)
  4. Card is lost/Not sure where card is located (04)
  5. Other, please specify (77)
  6. DK/NR (99)

USIN2

Currently, federal government departments and agencies are not allowed to use Social Insurance Numbers in any way that is not specifically outlined through policies and regulations.

Thinking about possible NEW uses of the SIN by federal government departments and agencies in the future, to what extent is there a need for a review process before they are allowed to collect and use Social Insurance Numbers in a NEW way?

Please use a scale from 1 to 7, where 1 means no extent whatsoever, 7 means a great extent, and 4 means to some extent.

  1. 1 No extent whatsoever (1)
  2. 2 (2)
  3. 3 (3)
  4. 4 Some extent (4)
  5. 5 (5)
  6. 6 (6)
  7. 7 A great extent (7)
  8. DK/NR (9)

USIN3

When it comes to any review of proposed new uses of the SIN, would the involvement of an independent body such as the Office of the Privacy Commissioner of Canada make you much more comfortable, more comfortable, less comfortable, much less comfortable, or make you no more or no less comfortable?

  1. Much more comfortable (1)
  2. More comfortable (2)
  3. No more or no less comfortable (3)
  4. Less comfortable (4)
  5. Much less comfortable (5)
  6. DK/NR (9)

USIN4

READ LIST

Individuals may be asked for their Social Insurance Number by different companies or stores that they deal with. When you are asked by a company or store, would you typically ...

  1. give them your SIN most of the time (1)
  2. give them your SIN some of the time (2)
  3. not give them your SIN (3)
  4. (DO NOT READ) DK/NR (9)

USIN5

Excluding your bank/financial institution, how often have you been asked in the PAST YEAR for your Social Insurance Number by a company or store that you have dealt with?

  1. Have not been asked in the past year (1)
  2. 1 to 2 times (2)
  3. 3 to 4 times (3)
  4. 5 times or more (4)
  5. (DO NOT READ) DK/NR (9)

USIN6

Did you feel that any of these requests for your Social Insurance Number were not appropriate?

  1. Yes (1)
  2. No (2)
  3. DK/NR (9)

DEMIN

These final questions are used for statistical purposes only.

HOU

Which of the following types best describes your current household?

  1. One person, living alone (01)
  2. One adult with child/children (02)
  3. A married or common-law couple, without children (03)
  4. A married or common-law couple, with children (04)
  5. Two or more unrelated persons (05)
  6. Living with relatives other than parents (06)
  7. More than one adult with child/children (07)
  8. Other (98)
  9. DK/NR (99)

EDU5

What is the highest level of schooling that you have completed?

  1. Public/Elementary school or less (grade 1-8) (01)
  2. Some high school (02)
  3. Graduated from high school (grade 12-13) (03)
  4. Vocational/Technical college or CEGEP (04)
  5. Trade certification (05)
  6. Some university (06)
  7. Bachelor's degree (07)
  8. Professional certification (08)
  9. Graduate degree (09)
  10. DK/NA (99)

AGE20

In what year were you born?

  1. Response (9999)

INC5

READ LIST IF NECESSARY

What is your annual household income from all sources before taxes?

  1. Less than $10,000 (1)
  2. $10,000 to $19,999 (2)
  3. $20,000 to $39,999 (3)
  4. $40,000 to $59,999 (4)
  5. $60,000 to $79,999 (5)
  6. $80,000 to $99,999 (6)
  7. $100,000 to $119,999 (7)
  8. $120,000 or more (8)
  9. DK/NR (9)

MINOR

READ LIST, CHOOSE ALL THAT APPLY

Do you consider yourself to belong to any of the following groups?

  1. A member of a visible minority (1)
  2. An Aboriginal person (2)
  3. A disabled person (3)
  4. (DO NOT READ) None (4X)
  5. (DO NOT READ) DK/NR (9X)

THNK

END OF INTERVIEW

Thank you very much for your cooperation.

  1. Complete (1D)

Top of PageTable of ContentsAppendix B: Field Report

Survey Design

The research findings for this study have been drawn from the results of a telephone survey with a random sample of 2,001 Canadians, aged 16 years and older. Surveying on the study was undertaken between March 13th and March 26th 2007. The interviews averaged 16.1 minutes in length.

The survey instrument was designed in close consultation with the Office of the Privacy Commissioner of Canada to examine issues relating to Canadians and the privacy landscape as well as awareness and perception of Canadian privacy laws. The final version of this survey (in English and French) is provided in Appendix A.

Sampling Strategy

EKOS used Survey Sample software to produce the sample for this project. This software samples by Random Digit Dial (RDD) methodology and checks its samples against published phone lists to divide the RDD into "Directory Listed" (DL) and "Directory Not Listed" (DNL) RDD components.

Once the sample was determined, the telephone numbers were imported into the surveying software system. Additional criteria were then added to the introduction of the questionnaire to select the individual respondent in the household. For this survey, the respondent had to be at least 16 years of age and a permanent resident of Canada.

Weighting

Once data collection was complete, the results were statistically weighted by age, gender, and region to ensure that the findings were representative of the Canadian population.

Weighting was done using the statistical software package, StatXP. This program carries out this task on the basis of the population marginal distributions for each variable considered in the weighting scheme (i.e. age, gender, and region). Weights were developed in an iterative fashion so that the distance between the weighted marginals and the actual population marginals is reduced.

With a sample size of 2,001, the results from this survey may be considered statistically accurate to within +/- 2.2 percentage points, 19 times out of 20. The sample sizes broken down by region, gender and age as well as the associated margins of error are summarized in Table 1.

TABLE 1
  Sample Size Margin of Error Unweighted Percentage Weighted Percentage
Region        
British Columbia 268 +/- 6.0 13.4% 13.5%
Alberta 192 +/- 7.1 9.6% 9.6%
The Prairies 137 +/- 8.4 6.8% 6.8%
Ontario 764 +/- 3.5 38.2% 38.1%
Quebec 484 +/- 4.5 24.2% 24.3%
Atlantic Canada 156 +/- 7.9 7.8% 7.8%
         
Gender        
Male 888 +/- 3.3 44.4% 49.0%
Female 1113 +/- 2.9 55.6% 51.0%
         
Age        
Less than 25 years 126 +/- 8.8 6.5% 15.2%
25-44 years 641 +/- 3.9 32.8% 39.1%
45-64 years 824 +/- 3.4 42.2% 29.9%
65 years and older 361 +/- 5.2 18.5% 15.8%
         
Overall 2001 +/-2.2 100.0 100.0

Response Rate

The response rate for this survey was 21.5 per cent. This is calculated by dividing the cooperative call backs (i.e. those who completed the survey, those who we spoke to but were ineligible, and the quota filled) by the functional sample. The functional sample is the sample remaining after numbers not in service, business/fax numbers, duplicate numbers and numbers blocked by the phone company are removed. Details are provided in Table 2.

TABLE 2
Total Sample 13,487 (A)
   
Numbers not in service 2,914
Business/Fax Lines 588
Duplicates 24
Numbers blocked by telephone companies 417
Total out of scope 3,943 (B)
   
Total functional sample 9,544 (C)
No answers 6,701
Retired (i.e. called 10 times without success) 2
   
Unresolved 6,703 (D)
Language difficulty 261
Other (e.g., require TDD telephone) 83
Unavailable 24
Break offs 21
Refusals 397
   
In-scope non responding 786 (E)
Completes 2001
Ineligible (e.g., no one old enough to complete survey) 54
   
In-scope responding units 2,055 (F)
   
Response Rate 21.5% (F) / (C)