Canada’s chief privacy czar wants to put more funding into hiring technological experts to conduct research on new and emerging technologies such as radio frequency identification devices and ubiquitous computing.
The Office of the Privacy Commissioner expects a 40 per cent increase in funding over two years from 2000 figures.
“We had asked for a substantial increase in our budget,” Jennifer Stoddart, the Privacy Commissioner of Canada, said in an interview following the release of her 2005 report on the Personal Information Protection and Electronic Documents Act (PIPEDA). “We have now been assured that this is in the government’s main estimates for this year.”
Parliament is set to review PIPEDA later this year. In a few weeks, the commissioner will publish a paper on her Web site that will cover key issues related to the legislation, which started to take effect in 2001. These include employee information, product information and notice requirement when a data breach has occurred. The office is also pressuring the government to consider a similar review of the Privacy Act, which governs the federal public sector. Stoddart will release her annual report on the Privacy Act later this month.
She expects to hire a half a dozen more auditors in the coming year. The money will also help the office deal with complaints faster, launch complaints on its own initiative, beef up its auditing and review section, review privacy impact assessments and conduct research, she said.
“This is an increasingly complex area,” said Stoddart. “It’s an area that to many citizens is invisible. It’s a virtual world we’re in now. Unlike some other worlds, we can’t depend on citizens coming to us because it’s hard for them to know or see.”
Philippa Lawson, executive director and general counsel of the Canadian Internet Policy and Public Interest Clinic (CIPPIC) at the University of Ottawa Faculty of Law, said it’s a good sign that the commissioner is looking to get tough on businesses that don’t comply with PIPEDA. “She’s recognizing that she’s got to step up on the enforcement side of things,” said Lawson. “That means following through when companies do not follow through on recommendations, taking cases to court where that’s warranted and naming companies who are not complying. Hopefully we’re going to see more of that.”
Part of Stoddart’s report was devoted solely to the commissioner’s findings on RFID. One of the threats RFID poses is the ability to track an individual’s movement. “Identifying items people wear or carry could associate them with particular events — for example, political rallies or protests,” the report said.
While it would be possible to do this, said Bartek Muszynski, president of Richmond, B.C.-based RFID system integrator NJE Consulting Inc., it would cost billions of dollars.
“It’s not something you can do behind a person’s back,” he said. GPS technology is not compatible with RFID, he said.