Science

Data, data everywhere — including lots of yours

Personal information about you is scattered and stored inside computers and memory devices across the country and around the world.

Privacy in the Age of Technology

Personal information about you is scattered and stored inside computers and memory devices across the country and around the world.

Technology allows governments, businesses and other organizations to "collect, access and manipulate personal data on a scale that was until recent times unimaginable," observes Jennifer Stoddart, the privacy commissioner of Canada, on her website.

Chances are, both governments and businesses have collected reams of data about you, which may include your birth date, your address, your recent purchases and security camera images from your last taxi ride or visit to the mall or the airport. Your online activities mean a lot of your searches and conversations with friends have been logged and recorded to some extent or another. And as technologies such as global positioning systems (GPS) become more pervasive, it might become more and more difficult to keep your whereabouts and activities private.

The office of the privacy commissioner, whose mandate is to protect and promote privacy rights of individuals in Canada, has identified four areas where privacy is of particular concern in this day and age:

  • Information technology and the "massive and continuous data circulation" it allows, with the potential for misuse and fraud.
  • National security measures that include collection and use of personal information, which could also be misused or misinterpreted.
  • Identity protection and identity theft.
  • Genetic information, which has a myriad potential uses by employers, law enforcement, the health care industry, insurance agencies, etc. and can also provide information about family members.

Information is gold

Most organizations collect and analyze personal information to boost convenience, efficiency and security — all things that benefit society.

Since the terrorist attacks of Sept. 11, 2001, in the U.S., governments have stepped up efforts to thwart similar potential threats.

Stoddart says what concerns her is that "governments appear to believe — mistakenly, I would argue — that the key to national security and public safety is collecting mountains of personal data."

It's not just governments who are hungry for personal information nowadays. Such data is also seen as a valuable commodity for businesses — both legitimate and illegitimate —which collect and analyze such information to find and target potential customers and, ultimately, wring out more sales.

The dangers of easy data

But at what price?

Stoddart says the cost is sometimes "human rights such as privacy and the ability to control our personal information."

The United Kingdom's House of Lords Constitution Committee takes the argument one step further.

"As privacy is an essential prerequisite to the exercise of individual freedom, its erosion weakens the constitutional foundations on which democracy and good governance have traditionally been based in this country," the committee said in a report released in February 2009, titled "Surveillance: Citizens and the State."

As more and more personal information is collected, the likelihood grows that it could be misused, misinterpreted or fall into the wrong hands. Organizations, businesses and individuals in possession of such data do not always do enough to protect it, as constant media reports of data leaks and identity theft show.

Increasingly, personal information is being used to commit crimes such as identity theft and fraud at huge cost to the victims. In 2006, Canada's anti-fraud hotline, Phonebusters, reported more than $16 million in losses from identity theft.

Meanwhile, critics such as the Lords committee say many people aren't well informed about the extent to which they are being watched.

"Many of these surveillance practices are unknown to most people, and their potential consequences are not fully appreciated," the committee's report said.

For example, the Lords cited critics who suggest surveillance encourages discrimination because it leads organizations to classify and slot people into sub-groups rather than treating them as individuals.

The push for less privacy

Meanwhile, law enforcement agencies and other organizations are eager to take advantage of new surveillance capabilities that technology has made possible and have put pressure on governments to update wiretapping legislation.

On Feb. 11, 2009, Public Safety Minister Peter Van Loan told the House of Commons Public Safety and National Security Committee that there is a need for such an update in Canada. The updated legislation could require internet service providers to provide access to months of their customers' past private communications to comply with a police warrant.

In response, Stoddart said she is concerned such legislation might encroach on Canadians' privacy rights.

"To erode this is a very serious step forward toward mass surveillance," she said.

Stoddart maintains that before threatening such rights, officials should ensure that there is no other way to get the information they are seeking or attain their goals, and she said so far, she's seen "no compelling argument" that the proposed legislation is necessary.

Canadian law already requires internet service providers and other private companies to disclose personal information about their customers to comply with warrants or in emergency situations.

Privacy protection

Overall, the privacy of Canadians is protected by two main laws:

  • The Privacy Act, which covers federal government departments.
  • Personal Information Protection and Electronic Documents Act (PIPEDA), which applies to all businesses in Canada.

The two federal laws specify rules for how personal information is collected, used or disclosed:

  • The public must consent to the collection, use or disclosure of their personal information.
  • They must be told why the information is being collected and how it will be used.
  • Only information needed for those purposes can be collected.
  • The information can only be used for these purposes and kept for as long needed for these purposes.
  • The information must be kept secure.
  • The public must be able to inspect and correct the information about themselves.

Organizations and businesses in British Columbia, Alberta and Quebec may be exempt from PIPEDA because they must already abide by provincial laws that are very similar to it.

Alberta, Saskatchewan, Manitoba and Ontario have additional privacy laws that deal specifically with personal health information.

The privacy commissioner has pointed out that there remain gaps in Canadian privacy legislation. For example, she noted in her report on Feb. 12, 2009, that it does not apply to those who work for political parties, who get access to personal information through Elections Canada's voters lists during elections. That could potentially boost the risk that the information will not be properly protected.