Ontario is the world’s first jurisdiction to automate the enforcement of privacy laws, according to the province’s information and privacy commissioner.

Ann Cavoukian Wednesday said the province is working with IBM to create the world’s first tool to automatically tell government officials and business executives whether they are adhering to privacy legislation.

“No one is doing anything in this area except us,” she said. “We’re very excited about this, and the response has been very good so far.”

IBM has specifically developed a new computer language called Enterprise Privacy Authorization Language (EPAL) to perform this task, and it will soon be tested in one of the Ontario government’s many departments.

While EPAL is expected to save a lot of time and money, it is too early to quantify just how much, said Tarun Khandelwal, security specialist with IBM. “We get a chance to take away from this and build enhancements into the future, delivering technology based on the requirements for different organizations,” Khandelwal added.

An XML-based language, EPAL will automate the processes related to privacy policies of such online transactions as fishing and hunting licenses, said Cavoukian.

Currently, when applicants fill out an online form, they are asked if they consent to releasing their information to private businesses. Often such information is requested for marketing purposes. Currently, the list of those who consent and those who do not must be manually separated before it’s released.

“(EPAL) will automate wherever it can and take it down the decision tree as far as possible,” said Cavoukian. “Once the final decision is made, through human intervention, it’s captured in the system. So the next time a decision has to be made, that person will have an inventory of all the previous decisions to guide them. It provides a structured approach that acts as a teaching aid as well.”

Essentially, EPAL promises to standardize decision-making, added Cavoukian. Often, areas of privacy policy can be complex and hard to understand, especially when new laws are introduced.

“It’s not so easy to learn how to comply with a new law if you’re totally unfamilar with it,” said Cavoukian, adding this point is especially relevant now. As of January 2004, the federally-regulated private sector will be subjected to a new federal privacy law. “By automating the law or privacy policy, you’ll immediately have a tool that will assist you.”

This will hopefully limit the amount of inadvertent non-compliance that can result when people do not grasp a certain aspect of privacy legislation, added Cavoukian.

IBM is developing the language now. The next step is to select a government department to pilot the system, which will last for six months.

“One thing I would hazard a guess at is there will be more and more businesses coming on board,” said Cavoukian. “My guess is that we will have a couple businesses come forward who see the benefits of this and say: ‘Yes, we’d consider piloting.’”

Comment: info@itbusiness.ca

Share on LinkedIn Share with Google+