The Province of B.C. announced plans on July 24, 2004 to amend information privacy legislation in order to protect information provided to U.S.- based outsource contractors from disclosure under the U.S. Patriot Act. This legislation is being considered primarily in response to concerns expressed
by the B.C. Civil Liberties Association and the B.C. Government Employees Union about the plan to contract administration of the B.C. Medical Services (MSP) plan to a U.S.-based company. These groups have charged that the personal medical data of B.C. residents could be released to the FBI under the authority of the U.S. Patriot Act if the contract goes to a U.S.-based company.
The province plans to protect this information from disclosure by strengthening B.C.’s privacy laws to effectively trump the U.S. Patriot Act. They assert that since the Virginia-based outsource contactor will be doing business in B.C., they will be subject to B.C. laws and accordingly will have to comply with them. Opponents of the outsource contract are understandably skeptical about the effectiveness of this plan and have expressed concerns that the government is taking a big risk with the medical information of British Columbians.
The U.S. Patriot Act is actually a nickname for an amendment act officially entitled the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001. It contains a number of controversial amendments to 15 other U.S. acts that give the country’s law enforcement officials stronger tools to fight terrorism. Most of the amendments are focused on providing less complicated access to wire taps and stored communications such as e-mail. These provisions, however, cease to be in force on a sunset date of Dec. 31, 2005. The controversy is largely due to an amendment — Access to Certain Business Records for Foreign Intelligence and International Terrorism Investigations — which provides the FBI with access to data records held by any U.S.-based company. It expressly authorizes FBI access to medical and educational records without having to show probable cause.
Issue not going to disappear
In years to come, historians will likely regard this issue as an important step in the evolution of information technology. Clearly, the Internet has created the venue that makes this type of outsourcing simple and cost-effective. A company providing a service on behalf of a government can be located anywhere in the world without that fact being apparent to the users of the service. When tendering an outsource contract, governments focus on obtaining the best service for the lowest price, regardless of the location from which it will originate. It is inevitable that a need will be perceived for legislation that responds to the challenges of outsourcing. What’s more surprising is the government is proactively implementing this legislation before some spectacular event takes place to force the issue.
This unintended effect of the U.S. Patriot Act is of concern to all levels of government. Even those that have never outsourced anything to a U.S. supplier may find the need to transmit data to U.S. companies for diagnostic or conversion purposes. It’s also not uncommon for us to wake up and discover that long-standing Canadian companies have been purchased overnight by a U.S. company. In either of these scenarios, data could be accessed by FBI agents invoking the authority of the U.S. Patriot Act. Under the proposed Lawful Access amendments to the Canadian Radiocommunications Act, the same could happen to the personal information of U.S. citizens held by Canadian companies. In a global economy, it is essential that government law-makers accept these realities and develop legislation that is designed to respond accordingly.