The provincial government has reported record-breaking numbers in privacy complaints against the health-care and public sectors last year, but at least one Canadian analyst is not ready to cast the first stone against these institutions.
Privacy Commissioner Ann Cavoukian has reported in her 2006 Annual Report that the number of privacy complaints filed under public sector privacy laws has reached 170 in 2006, the highest in the last nine years.
Similarly, privacy-related complaints under the Personal Health Information Protection Act reached 183 in 2006, also a record high.
The high numbers, however, are likely due to the increasing volume of digital information being created today, rather than a shortcoming on the part of the government, according to James Sharp, vice-president of customer segments research at IDC Canada.
“I really think it’s just the sum total of the number of transactions and the amount of management that is causing incremental leakage of personal and private data,” said Sharp. And the probability of more data leakage increases as the world’s creation of digital data accumulates, he added.
IDC earlier revealed a study that showed an impending information overload in the digital realm. The study indicated that the amount of digital information that will be created globally between 2006 and 2010 will increase from 161 exabytes to 988 exabytes. One exabyte is equivalent to about one billion gigabytes.
It is, therefore, inevitable that as more information become digitized the likelihood of those data being subjected to unauthorized exposure becomes greater, said Sharp. The key is in assessing the threat and the risks of such data leakages, he added.
“The biggest issue isn’t just amassing the data, but its appropriate disclosure. As we amass more and more information two things are going to happen: one, we will have more information leaks, and two, we are going to have a much more focused effort on continuing to create compensating controls around those privacy losses,” the IDC analyst explained.
The issues around privacy protection are even more challenging in the health-care sector, Sharp added, particularly as provinces move towards regionalized healthcare.
Those that were previously working under an autonomous set up – where one group is responsible for only one area of health-care – are now forced to collaborate and share information as provincial healthcare becomes more regionalized, which presents more of a business process challenge than a technological one, explained Sharp.
Challenges around privacy protection also remain the biggest barrier to the deployment of electronic health records, said Sharp. “Really the issue is, who owns that (health) record, who is it disclosed to, on what basis and under whose authority?”
In her report, Cavoukian also stressed the need for provincial and municipal government organizations and health information custodians to “develop a culture of privacy.”
“Organizations that fall under Ontario’s three privacy Acts must not only educate staff about privacy legislation and privacy information policies and practices…they must (also) work towards ensuring that privacy becomes embedded into their institutional culture and that staff understand how serious a privacy breach can be,” Cavoukian wrote on her report.
The privacy commissioner also called on government officials to be more open and transparent by providing easier public access to information, particularly on government procurements
If a recent IDC Canada survey is any indication, government organizations are already recognizing the urgency of addressing information transparency and privacy protection issues.
The market research firm probed government organizations in the federal, provincial and municipal level across Canada on their top policy and program priorities for the next 12 to 18 months. Transparency, accountability and compliance landed on the number two spot among federal and provincial governments, with 46 per cent and 37 per cent, respectively, citing them as priority, said Alison Brooks, senior government analyst at IDC Canada.
Identity management is also moving up the priority hierarchy among government organizations, Brooks added.
“It’s privacy, access and security issues all at the same time…There is definitely some cost efficiencies that are being dangled if you can get the right constellation of privacy, security and access across the board,” Brooks said.