While Privacy by Design (PbD) continues to grow at breakneck speed globally, having been recognized as the international standard for protecting privacy, and translated into 25 languages — a very real threat to privacy was emerging right here in Canada.
The anticipated reintroduction of so-called “lawful access” legislation, which died on the Order Paper when a federal election was called in March, commanded much of my attention this past fall. (At the time of this Annual Report, it had been presented to the new Parliament as Bill C-30). My office quickly launched an educational campaign to raise awareness about the serious privacy concerns I had about this proposed legislation which, in my view, would represent nothing less than a system of state-sanctioned surveillance.
With regards to access to information, I am happy to report that it has been another productive year. I spent much of 2011 consulting, collaborating and cooperating with Ontario’s hospitals to help them prepare for operating under the Freedom of Information and Protection of Privacy Act (FIPPA), which I have been looking forward to for many years. My message to them was to take a proactive, rather than a reactive approach to public disclosure, releasing information as part of an automatic process.
Further, I have been greatly encouraged by the ever-growing concept of Open Data. I am very supportive of this concept which calls for certain types of non-personal, general records to be made freely available to everyone to use and republish, without restriction.
All in all, 2011 proved to be a balanced year — it was the best of times, it was the worst of times; a year of great successes and yet, tremendous challenges.
At the beginning of this year, I could not have been happier with the progress we had made in advancing PbD globally. In fact, I was told on more than one occasion that it was “raining PbD.” This success gave me great faith that we could indeed protect privacy in this ever increasing world of online connectivity. That is why I was truly taken aback when I discovered mid-year that one of the greatest threats to privacy was materializing from within our very own country.
During the federal election, the government pledged to reintroduce lawful access legislation if re-elected. If passed in its original form, police would be given the ability to access subscriber data about identifiable individuals held by telecommunications service providers, at times without a warrant or any judicial oversight. This should be of concern to all of us living in a free and democratic society.
I was taken aback when the Honourable Vic Toews, federal Minister of Public Safety, made the claim that the personal information in question was no different than “information you would find in a phone book.” Nothing could be further from the truth! This assertion provoked me to draft an Open Letter to the minister. I also engaged the public by writing two op-eds for the National Post and maintained a running dialogue with the minister in a series of letters to the editor, where we respectfully exchanged our divergent points of view.
My message to the minister, and those who supported his view, was that the information in question was NOT the same as phone book information — far from it. Subscriber data, consisting of six fields — your IP address, email address and four other fields of personally identifiable information, goes far beyond what is available in a phone book. Moreover, it gets farther away from the simple assertion that it is the same as phone book information, once you take data linkages into account. New analytic tools and algorithms now make it possible to not only to link a number like an IP address with an identifiable individual, but also to combine information from multiple sources, ultimately creating a detailed personal profile of an identifiable individual.