At perhaps one of our most vulnerable moments, when a deadly pandemic threatens the health, welfare, and well-being of everyone on the planet, concerns about protecting our personal data may seem secondary, even alarmist.
“I’ve got nothing to hide…” is a standard dismissive response to stated concerns over the health of our personally identifying data; the response frames a misplaced implication that criminality is the main reason to want privacy).
But privacy is not about hiding things – it is about protecting things.
Protecting things like sensitive health care and medical records. The academic files of school and college students. COVID benefit payments and employment status reports.
So even as our attention is transfixed on the novel coronavirus, that old disease called data insecurity threatens us still, perhaps even more so today.
That’s one reason why public consultations now being conducted by the Ontario government to improve the province’s privacy protection laws are so important.
But the deadline is just days away: through an online survey, written submissions, and scheduled townhall meetings on the Web, the consultations mark our chance to help create a legislative framework for privacy in the province’s private sector.
The overcollection, overuse, or inappropriate disclosure of personal information in publicly accessible places like businesses, commercial operations, workplaces, schools, and even the home not only compromises an individual’s right to privacy, it can infringe on their ability to communicate, organize and associate freely.
Today, that may even include the ability to survive the impacts of COVID-19. Just three recent examples why:
Protecting confidential health records and personally-identifying medical information is crucial at any time; now more than ever. That’s why word of just one privacy breach that resulted in the personal information of patients tested for COVID-19 being inappropriately posted online was so disconcerting.
And with so many students now online as a result of coronavirus control measures, word of a major data breach at a leading Canadian university causes great concern (not to mention the fact the breach was actually at a U.S.-based cloud computing company that provides data storage services to at least a dozen schools in the United Kingdom, United States, and Canada.
But if even you are not a student, and even if you (hopefully) have not tested positive as a COVID-19 case, the fact that thousands of Canadian government accounts have been hacked should concern you (and get you to participate in the consultations): attacks on the government’s GCKey service and CRA system, the ones used to make emergency relief benefits and other financial supports available to Canadians impacted by the pandemic shutdown of most offices and businesses.
With data hacks having that kind of impact and reach, you’d think absolutely everyone would have something to say about the need to strengthen privacy protections for our personal data.
The government seems to think so:
“Our government continually hears concerns regarding the province’s privacy protections,” said Lisa Thompson, Minister of Government and Consumer Services, when announcing the consultations. “This has only been further highlighted during the COVID-19 outbreak, which has resulted in Ontarians relying more on digital platforms to carry out day-to-day tasks. With the increased reliance on these platforms, there is a strong need to build public and consumer confidence and trust in the digital economy. I encourage all Ontarians to participate in these consultations as privacy is critically important to everyone.”
The province is seeking advice on ways to:
Increase transparency for individuals, providing Ontarians with more detail about how their information is being used by businesses and organizations.
Enhance consent provisions allowing individuals to revoke consent at any time, and adopting an “opt-in” model for secondary uses of their information.
Introduce a right for individuals to request information related to them be deleted, subject to limitations (this is otherwise known as “right to erasure” or “the right to be forgotten”).
Introduce a right for individuals to obtain their data in a standard and portable digital format, giving them greater freedom to change service providers without losing their data (this is known as “data portability”).
Increase enforcement powers for the Information and Privacy Commissioner to ensure businesses comply with the law, including giving the commissioner the ability to impose penalties.
Introduce requirements for data that has been de-identified and derived from personal information to provide clarity of applicability of privacy protections.
Expand the scope and application of the law to include non-commercial organizations, including not-for-profits, charities, trade unions and political parties.
Create a legislative framework to enable the establishment of data trusts for privacy protective data sharing.
Written submissions will be accepted until October 1, 2020; anyone can participate in the consultation and fill out the online survey.
# # #