The Canadian Parliament and Québec’s National Assembly have adopted laws guaranteeing the protection of personal information held by public bodies. Since 1982, Québec has held that, at least technically, “personal information is confidential”. Canada followed suit in 1983.
Privacy has also been ensured within Québec government institutions since the Charter of Human Rights and Freedoms was adopted in 1975.
We are free to choose whether or not to do business with private corporations, or to disclose our personal information.
Not so with the State. From the moment our birth is recorded with the registrar of civil status, we entrust a wealth of personal information to the State for countless purposes: getting a social insurance number or health insurance card, obtaining a driver’s licence, buying electricity, having deductions made on our payrolls, paying our taxes, and the list goes on. We have no choice but to give a wide variety of personal information to the State and trust that our information will be well protected.
Headlines these past few months have shaken our faith in the government authorities’ ability to protect our personal information. Here are some of the stories that have made the news regarding the State’s management of personal information:
- Our federal “privacy police” experienced a breach of confidentiality in the winter of 2014. A hard drive containing personal information on 800 federal government employees went missing at the Office of the Privacy Commissioner of Canada;
- In late April 2014, the Office of the Privacy Commissioner of Canada reported that such federal agencies as the Royal Canadian Mounted Police and the Canada Border Services Agency obtained information more than 1.2 million times a year (approximately 3000 requests per day) from Canadian telecom corporations, often without a warrant. Provisions allowing for the disclosure of information have moreover been contested before the courts by the Canadian Civil Liberties Association (CCLA);
- In May 2014, the Canadian government was censured when federal institutions collected and used data on Canadian citizens in a manner that appears to have violated privacy protection provisions. Pierre Trudel, a professor at Université de Montréal’s Centre de recherche en droit public decried the government’s lack of transparency when it comes to such practices;
- In late May 2014, the Auditor General of Nova Scotia revealed that the provincial student database did not adequately protect their personal information;
- In June of 2014, Radio-Canada revealed that CSSS de la Vieille-Capitale was investigating a theft of the medical records of some thirty patients that had been left in the car of a nurse associated with a CLSC in Haute-Ville;
- In June of 2014, the Globe and Mail reported that in an exercise conducted by the Department of Justice in December of 2013, 37% of employees failed to identify a phishing email scam that had been sent to them, while an average of 5% of the general population managed to do so;
- In June of 2014, Toronto’s Rouge Valley Centenary hospital revealed that employees had sold information on 8300 patients to a private corporation;
- In June 2014, information on 250 students was sent in a mass email to all parents of a primary school in British Columbia;
- At the end of June 2014, the Office of the Saskatchewan Information and Privacy Commissioner revealed it had been investigating multiple confidentiality breaches the previous year, including the transmission of documents containing medical information to a wrong fax number;
- In July 2014, 1600 British Columbians were informed that their personal information had been consulted without authorization through the PharmaNet network;
- In July of 2014, the media reported personal information leaks within Statistics Canada, at a time when the institution was getting ready to collect participants’ social insurance numbers as additional information in its new census questionnaires;
- In July 2014, the Office of the Privacy Commissioner of Canada confirmed that Chinese hackers had accessed National Research Council Canada’s databases, which store personal information. Afterwards, the chief of the Canada Communications Security Establishment confirmed that hackers are constantly trying to break into federal databases;
- On July 31, 2014, New Brunswick’s Office of the Access to Information and Privacy Commissioner published a report in which she concluded that a doctor had illegally accessed 141 medical records over a period of 28 months, that the individuals were not his patients, and that he had accessed some records up to 27 times;
- In early August 2014, the media reported that the records of 1628 patients of a hospital in Kamloops, British Columbia, had been mistakenly contacted and that hospital officials were unable to explain what had happened.
Taken individually, these events do not seem very significant. But together they raise serious doubts over the State’s ability to protect personal information.
The trend these last few years has been to grant increased powers to police departments, to fight terrorism for instance. This means the State will collect even more personal information on its citizens.
Do we have no choice but to give up on privacy protection?
According to John Adams, former head of a national electronic espionage department, we already have. He believes that Canadians can be split into two groups when it comes to their Internet habits: “One half is stupid, and the other half is stupid”!
An increasing number of privacy specialists criticize the current situation and the federal government. Michael Geist, a professor at the University of Ottawa, published an article in the Toronto Star on May 30, 2014 entitled “Why Has the Canadian Government Given Up on Protecting Our Privacy”, in which he attacks Bills C-13 and S-4 that were being examined at the time.
In the name of protecting the personal information of citizens, State initiatives have been roundly criticized:
- An agreement between the governments of Canada and the United States on the exchange of information between the two countries’ tax authorities raised a number of concerns regarding privacy protection;
- The Canadian government’s Bill C-13, Protecting Canadians from Online Crime Act, was sharply criticized by many as a considerable encroachment on privacy. Its critics included the new privacy commissioner who had been appointed by the Canadian government just a few days earlier;
- In mid-August 2014, there was a major wave of protest when Canada Post considered requiring medical certificates to justify making an exception and continuing with home mail delivery.
The courts are providing solutions. One notable example of this is the Court of Appeal of British Columbia, which recently upheld a conviction against a municipal councillor for breach of privacy. Federal and provincial privacy offices are also taking many interesting initiatives. For instance, in early June of 2014, the Ontario commissioner filed proceedings against Toronto’s police department to stop them from disclosing information on suicide attempts.
Without going so far as to waive our privacy, we must strike a fair balance between the advantages of computerizing data and interconnecting databases so that services offered by the State are more efficient, and providing an appropriate framework for these types of practices. There is no such thing as zero risk, but increased vigilance and blowing the whistle on poor privacy protection practices will raise public awareness.
The “paper age” is over, and we must adapt to new paradigms. But that takes time. Adapting to new technologies is not just a matter of learning to use them. We need to consider their ethical use, agree on an acceptable code of conduct and educate our children on these practices. It will definitely take at least one generation to balance the various interests and instill the notion of privacy in this new environment.
The latest stories making the news reveal that the population is beginning to adapt, has started setting limits and is now determining which risks are acceptable and which ones are not.
Some politicians are working for change, perhaps by asking for a public probe into government practices that will shed light on this issue.
We believe the best possible course would be to establish transparent State practices, as was suggested by the editorial writer Josée Boileau. This would be the best way to open up the debate and invite citizens to view the State’s management of their personal information with a critical eye.
We would like to close by mentioning the openmedia.ca/ourprivacy initiative. This group posted a petition that has rallied tens of thousands of people with the following text:
"More than ever, Canadians need strong, genuinely transparent, and properly enforced safeguards to secure privacy rights. We call on Government to put in place effective legal measures to protect the privacy of every resident of Canada against intrusion by government entities."