Canadians continue to think personal information not well protected: Tabling of Privacy Commissioner of Canada’s Annual Report on the Privacy Act

Posted in: Legal, Privacy & Security at 22/10/2007 05:20

[news release] Canadians overwhelmingly feel their personal information is less well protected than it was a decade ago, and they are right to be worried, says the Privacy Commissioner of Canada, Jennifer Stoddart.

Commissioner Stoddart's 2006-2007 Annual Report on the Privacy Act was tabled today in Parliament. At the same time, the Privacy Commissioner's Office released new research confirming that Canadians are unsure of how their personal information is protected, and by whom.

Increasingly, Canadians' personal information is being exchanged with law enforcement and security agencies in other countries. The government has claimed that this transborder flow of information will improve transportation safety and enhance our national security.

"We are particularly concerned about the number of travel-related security programs that have been put in place," says Commissioner Stoddart. "Parliament may not be sufficiently informed about how these programs work and their individual and collective impact on the privacy rights of Canadians."

The increased collection of personal information under these programs increases the risk that Canadians will be the victims of inappropriate data matching, intrusive data mining, or the unintended consequences of the disclosure of personal information. This increases the risk of surveillance, rendition and unwarranted attention from law and security enforcement both at home and abroad.

These concerns could be addressed, in part, by a review and modernization of the Privacy Act. As the Annual Report notes, "Parliament passed Canada's public sector privacy law back in 1982 - the same year the Commodore 64 computer hit the market. At the time, both were considered pioneering."

The Privacy Act, unfortunately, is not equipped to deal with the pressures imposed by tremendous technological change. In fact, Canada's private sector privacy law, the Personal Information Protection and Electronic Documents Act, provides more protection for Canadians.

As the results of an audit of the government's Privacy Impact Assessment (PIA) Policy confirm, government departments are not doing enough to protect Canadians' personal information as they plan new programs or redesign existing programs.

"While we did not identify cases of pervasive non-compliance, many institutions are not fully meeting their commitments under the policy and, by extension, the intent or spirit of the Privacy Act," says Commissioner Stoddart.

Under the PIA policy, federal institutions are required to assess the potential privacy risks of programs before they are implemented. These institutions must also identify the measures in place to protect personal information as it is collected, stored, used, disclosed and ultimately destroyed.

The Office of the Privacy Commissioner audit found that some institutions made serious efforts to apply the PIA policy but many are lagging behind. PIAs are sometimes completed well after the program has been implemented and, in some cases, not done even when potential privacy issues are evident.

"Privacy protection should be a key consideration in the initial framing of a program or service," says Commissioner Stoddart. "Current PIA reports offer little assurance to Canadians who want to understand how a government service or program will affect their privacy."

Canadians not only want to be reassured that their personal information is being protected; they also want to be informed when it is disclosed inappropriately.

Research conducted for the OPC shows that a majority of Canadians (seven in ten) expect to be informed if a security breach leads to the disclosure of information - whether that information is sensitive or not.

That research, a survey of 2,001 Canadians conducted by EKOS Research Associates earlier this year but released for the first time today, also found that:

  • Seven in ten Canadians feel their personal information is less protected than it was ten years ago.
  • A bare majority of Canadians agree that they have enough information to know how new technologies might affect their personal privacy.
  • About seven in ten Canadians believe that they are doing a relatively good job of protecting their own personal information.
  • Despite this, almost half of Canadians (46 per cent) carry a Social Insurance Number (SIN) card in their wallet, although this number is a key piece of information used by identity thieves.

"These survey results underline that we - my Office, privacy advocates, regulators and consumer protection authorities - have to work harder to reassure Canadians that their privacy rights are protected," says Commissioner Stoddart. "We also have to give them the information and tools so they can better protect their own information."

The Privacy Commissioner of Canada is mandated by Parliament to act as an ombudsman, advocate and guardian of the privacy and protection of personal information rights of Canadians.

To view the reports:

This news release was sourced from privcom.gc.ca/media/nr-c/2007/nr-c_071017_e.asp

Findings of a 2007 poll commissioned by the Office of the Privacy Commissioner of Canada
The Office of the Privacy Commissioner commissioned EKOS Research Associates to survey Canadians on a number of privacy issues.

Some of the key findings of the poll, conducted in March, are:

  • Privacy continues to mean very different things to Canadians, who increasingly think first of the protection of their personal information.
  • It is difficult to make broad-based assumptions for all Canadians about particular uses of personal information. What is acceptable to one Canadian may be entirely unacceptable to another.
  • Seven in ten Canadians feel they have less protection of their personal information than they did ten years ago.
  • Canadians continue to agree (60%) that health information is one of the most important types of personal information that needs protection through privacy laws.
  • Only a small proportion of Canadians believe the government (17%) and businesses (13%) take protecting personal information very seriously.
  • 77% of Canadians believe that government agencies and affected individuals should be notified if sensitive personal information is compromised as a result of a breach. 66% believe government agencies and affected individuals should be notified if non-sensitive information is compromised.
  • Four in five Canadians place great importance on having strong privacy laws. Despite this, more than half report they are not aware of any privacy laws currently in place.
  • Nevertheless, 69% believe that they are doing a very good or good job at protecting their own personal information.
  • While a large number of Canadians (65%) have memorized their Social Insurance Number, 46% continue to carry their SIN card with them.
  • Half of Canadians (48%) are unaware that warranty cards are not necessary to ensure a legal warranty. A significant proportion of Canadians (40%) are not aware that companies use warranty cards to collect personal information for marketing purposes.
  • 72% of Canadians believe unsolicited junk email (spam) is a significant problem.

The EKOS poll involved a 15-minute telephone survey with a random sample of 2,001 Canadians from March 13th to March 26th 2007. The poll is considered accurate to within plus or minus 2.2 percentage points, 19 times out of 20.

This backgrounder was sourced from privcom.gc.ca/information/survey/2007/ekos_2007_02_bg_e.asp

Read more now