There’s good news and bad news in the 2009 Annual Report from Ontario’s Office of the Information and Privacy Commissioner (IPC).
Released today, the report notes that “264 privacy complaints were filed with the IPC – the most ever in the 22 years”!
That’s bad news, in the sense that personal information is always vulnerable – and seemingly never more so than today. From lost PC memory sticks to Facebook privacy settings to home hydro meters, there are more and more ways that privacy can be compromised.
But it’s good news, says Brian Beamish, Assistant Commissioner for Access, IPC, in the sense that more companies are voluntarily disclosing privacy breaches or losses of personal information.
In the ‘old days’, they might not be willing to admit such breaches, and so possible remedial action would be much harder to implement.
“The growth area is what we would call institution-reported breaches, where the institution itself thinks it has been a victim of a breach or loss, and it has voluntarily reported to us. In some ways, that is a good thing. In the past, those kinds of instances simply would not have come to our attention,” Beamish explained. “Now, we do have an opportunity to work with the institution, to make sure that they don’t have a repeat occurrence, but also it gives us a chance to work with them to ensure that any subject affected by such breach is notified.”
It should be noted that the complaints received by the IPC were against a provincial or local government organization, under Ontario’s two Freedom of Information and Protection of Privacy Acts.
Complaints about private sector companies, however, are made to the Federal Privacy Commissioner, under PIPEDA legislation.
Nevertheless, the personal information protection in the private sector is very much a concern for the IPC.
“Never before has privacy been as vital to business as it is today,” affirmed Ontario Information and Privacy Commissioner Ann Cavoukian.
“Embedding privacy into accountable business practices will pay long-term dividends, securing a sustainable, competitive advantage for businesses,” she added.
That speaks to one initiative of the IPC, known as Privacy by Design. PbD encourages manufacturers, developers and users of new technologies to ensure that the necessary criteria to protect personal information are built right into the technology – not added on afterwards.
As the Annual Report states, it is ‘A Time for Innovation’ in privacy as well as technology.
For example, Commissioner Cavoukian again addressed key decision-makers in the North American ‘Smart Grid’ community through her Annual Report.
The infrastructure supporting the Smart Power Grid, like home Smart Meters, can let consumers know about their hourly and real-time energy use, and in the future, about usage at the individual appliance level. But a Smart Grid system that does not build in privacy from the get-go could be usurped to reveal sensitive details of hydro customers’ lives (like what time you cook, shower, or go to bed – or when you turn your house alarm on or off).
“The best response is to ensure that privacy is proactively embedded into the design of the Smart Grid, from end to end,” Cavoukian detailed. “The Smart Grid is presently in its infancy worldwide – I’m confident that many jurisdictions will look to our work being done in Ontario as the privacy standard to be met.”
AbD – Access by Design – is a parallel program to PbD, noted Beamish, one that seeks to build-in openness and transparency (as allowed by law) into government operations.
“Now is the time for it,” explained Beamish. “The public has an expectation that greater amounts of government information be made available, to the public, in an easily and accessible manner – on the Internet.
“As governments develop new (information) holdings, and new databases, we are telling them to think in advance how to make it accessible, how to build it so information can be extracted in meaningful and safe way, and follow those basic principles of transparency and accountability.”
As Beamish puts it, “It’s our information, not theirs!”
Getting access to government information about how it operates, and the way it makes decisions is crucial for citizens to evaluate how good (or not) their government is doing.
Beamish cited bids and tender documentation, meeting minutes and even member’s expense accounts as the kind of government information he wants us to have access to – but by design, not by another complaint.
I see it – somewhat ironically – like a Facebook page or a Twitter feed from the government. ‘Who are they seeing, and why? Where are they going later today? What are they doing now?’
Now, there’s user generated content we can all use!
So, what’s your tech? Is it protective of your privacy?
Check out more of our privacy coverage.