Privacy commissioners at the federal and provincial level are both honing their approach to the challenges of protecting personal information rights in a digital age.
Technology is often seen as either a way to enhance privacy, or a detriment to it. But both the Jennifer Stoddart, the Privacy Commissioner of Canada and Ann Cavoukian, the Information and Privacy Officer of Ontario, think it can be different.
Privacy should just be part of technology by default.
The federal commissioner’s office announced Monday a public consultation with Canadians on privacy issues related to technology. The concern is online business models are becoming more popular and the ability of marketers to create profiles of Web surfers becoming too easy.
Meanwhile the provincial commissioner’s office is preparing for its second annual Privacy by Design conference Jan. 28 in Toronto. Cavoukian has penned a book, white papers, and even blogged about her concept on ITBusiness.ca. In a nutshell, technologies should be designed to protect privacy and maintain security by default.
Privacy not at odds with technology, says Ann Cavoukian
“People didn’t resonate very personally with privacy five or 10 years ago,” says Ken Anderson, assistant privacy commissioner of Ontario. “But it’s all come home to us as technology has become so personalized.”
In its call for written submissions and interested panelists, the federal commissioner’s office gives examples of technologies that can help identify or track a person’s online behaviour.
They include deep packet inspection, browser cookies, and global position systems.“Individually, they each pose a threat to individuals,” says Colin McKay, director of research, education and outreach with the office. “Collectively, they represent a trend towards profiling and targeting of consumers.”
The federal office will be taking written submission from the public until March 15. The feedback will be used as fodder for the next review of Canada’s privacy law, the Personal Information and Protection and Electronic Documents Act (PIPEDA).
Cavoukian’s Privacy by Design conference will feature several companies that give examples of technology encompassing both privacy and security principles without compromising one for the other. Presenters include T-Mobile, GS1 Canada, and Toronto-based data security firm CryptoMill Technologies.
Privacy and technology needn’t come into conflict with one another, says Nandini Jolly, founder and CEO of CryptoMill.
“As more of the world is getting digitized, you have to have integration,” she says. “It’s a hand in glove kind of thing. You can’t afford not to do it.”
The provincial office was impressed with CryptoMill’s quick response to news about a data breach involving a lost USB key with 84,000 patient records in Durham Region, Anderson says. The firm offered a fix to the H1N1 vaccination clinics being run across the province, which was the source of the leak.
“They’re baking privacy right into what they do and working at the next level,” McKay says.
The digital media environment is littered with personal information, Jolly says. The recent phenomenon of social networking has led to many users posting personal details on the public Web, and marketers eagerly harvesting the information with any tools they can.
“It’s an ugly mess.”
CryptoMill promotes prevention instead of reaction when it comes to protecting sensitive information. The company says its SEAhawk line of products offer easy and automatic encryption for enterprises, SMBs, and individual professionals. The software, it says, protects data that may be transported on a laptop or USB key and ensures only those with the right authority are able to access it.
It’s inevitable that a business will experience a loss of sensitive information at some point, Jolly says.
“People will be careless and lose things whether it’s a USB key or a pair of Chanel glasses. It’s a human pattern that lead us to a point where you’re guaranteed to have some exposure.”
Have that data encrypted so it is useless to others when they find — or steal — it.
Technology was a major focus for the Privacy Commissioner of Canada over 2009. Here office conducted complaints-driven investigations into Bell Canada’s use of deep packet inspection on its Sympatico Internet service, and into Facebook’s compliance with PIPEDA. The investigations led to recommendations that Bell start informing customers about its practices, and that Facebook conduct a major overhaul of its privacy controls.
The office is asking for expressions of interest from those looking to take part in formal discussion panels. A Toronto-based event will be in April, and a Montreal-based panel will be held in May.
Follow Brian Jackson on Twitter.