TORONTO – Big data can benefit a wide range of government programs, but only if personal information collected is secured and employee access is limited, Ontario’s privacy commissioner said on Thursday.
Though Brian Beamish believes that municipal, provincial, and federal governments alike have much to gain from big data, which he says could be used in sectors ranging from education to the environment to health care, it will require fundamental changes to privacy legislation involving government, citizens, and the private sector alike.
“The information is available, and if analyzed properly can have a positive impact on the allocation of resources, program design and evaluation, and delivery of services,” Ontario’s Information and Privacy Commissioner says, noting that in his opinion, “the public overestimates the extent to which this is already happening.”
Under Ontario’s current access and privacy laws – led by the Freedom of Information and Protection of Privacy Act (FIPPA); the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA); and the Personal Health Information Protection Act (PHIPA), which collectively apply to more than 1500 institutions, including ministries, provincial agencies, boards and commissions, postsecondary schools, hospitals, pharmacies, and other health care providers – government-affiliated institutions are encouraged to withhold whatever information they presently collect from each other, he noted.
FIPPA and MFIPPA especially, which were originally drafted in 1990, reflect the needs and expectations of a different time, Beamish says: IT was less prevalent, data and analytics types were less complex, and personal information use was more discrete, resulting in a model of data protection where secondary uses of personal information are largely prohibited and government institutions are divided into silos with restricted information sharing privileges.
“If you look at something like the Child and Family Services Act, a system in which multiple players have information, I think the public would expect that those people talk to each other to find out what’s working, or whether we’re getting help to kids that need it in the best way possible,” Beamish says.
Current legislation also decrees that any personal information collected must be certified as “necessary,” while big data, which Beamish called “equal parts buzzword and concept,” tends to be indirectly obtained.
“I think the public wants the government – expects the government – to deliver services as effectively as possible,” he says. “That said, I think if the privacy risks aren’t recognized and addressed – if the public gets a sense that their privacy is not being respected – there is a definite possibility, or likelihood that public support for these activities will suffer.”
Big data carries other potential risks as well, Beamish acknowledged: since by definition it’s often collected automatically, and without a goal in mind, it may be inaccurate, lack information, disproportionately represent specific populations while excluding others, or be poorly collected, and applied based on pseudo-scientific insights confusing correlation with causation.
The worst-case scenario, therefore, could be not only a surveillance state, but poorly delivered government services, he says.
The challenge: Creating big data legislation without sacrificing privacy
Beamish admits that addressing big data through provincial legislation is not a question that will be easily answered, and certainly not anytime soon, but his Jan. 26 speech, scheduled to coincide with Data Privacy Day, laid out some basic guidelines that he says will form the backbone of a big data guidelines report that his office plans to release this spring.
“I think the public perception of big data – ‘The government has a dossier on me, the government knows everything I’m doing.’ – is based on a fear,” he says. “And it’s a rational fear. People are nervous – they think there’s one spot where any civil servant can go and find out about their life, and that needs to be addressed.”
One method the private sector uses to assure skittish customers their data isn’t being used for nefarious purposes is de-identification – making the data anonymous – which Beamish says could work, but needs to be undertaken properly.
“We now have a lot of information that’s publicly available, and there are times where you have to make sure that the information you’re releasing in so-called ‘de-identified’ form is truly de-identified – that someone can’t take another database, put it together, and find out who you’re referring to,” says Beamish, whose office released a guide to de-identification last year. “An easy example is postal codes – someone might think that simply stripping a name off an address is de-identifying it, but we know that if you use the full six digits of a postal code, it’s pretty easy to come up with a pretty good guess for who that person is.”
It’s also conceivable, as Beamish himself notes using the example of the Child and Family Services Act, that certain residents might willingly attach their identities to a data profile under the right circumstances: Giving postsecondary institutions access to their education, for example, or health care providers access to their medical history. However, examples such as these require caution as well, he says.
“One issue is transparency,” he says. “The government should be letting people know what they’re doing.”
“Also, I’m not sure that a lot of big data analytics will work if you simply use the people that agree,” he continues. “I think in order to get a representative sample, you have to assume you’re not going to get consent from everyone and that’s where the whole idea of responsible de-identification becomes especially important.”
First and foremost, implementing a big data policy would require principle-based legislation governing both data linking and big data analytics, which could include the creation of a central data institute with expertise in privacy, human rights, and data ethics; data minimization requirements; privacy impact and threat risk assessments; mandatory breach notification; and audit powers for the IPC, which will remain committed to ensuring that Ontarians’ privacy is protected, Beamish says.
“I have to say that the government’s response to all our activities has been very positive and respectful,” he says. “We may not always end up with 100 per cent of what we suggest, but so far we’ve ended up in a good position. For example, with the health privacy bill we’ve had very constructive discussions. They basically said, ‘what is it you want? How do we make this work and ensure that privacy is being protected?’ So I’m optimistic about being able to get something done.”
