|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Annual Report
|
|
| George Radwanski Privacy Commissioner of Canada |
I am heartened by the fact that during my brief tenure to date, there have already been several significant victories for the privacy rights of Canadians:
These developments give me confidence that the structure of Canadian privacy law, based on an Officer of Parliament/ombudsman with a mandate to oversee the privacy rights of Canadians, is a sound and effective one. With sufficient public support, which depends on presenting the facts cogently and persuasively, much good can be accomplished and much harm can be averted.
I came to this position determined to be an effective champion for the privacy rights of all Canadians. To achieve this, I deemed it necessary both to reinvigorate the Office of the Privacy Commissioner and to greatly increase awareness among Canadians about the privacy issues that affect their lives.
Accordingly, this Office has nearly doubled in size over the past year. When I joined in September 2000 we had 54 people on staff; as of November 30 of this year, our staff had grown to a total of 84 (97 including our corporate services). This was done for two reasons: to meet our new oversight responsibilities under the Personal Information Protection and Electronic Documents (PIPED) Act which came into effect in January 2001, and to create a new communications branch which is the key to raising the profile of the fundamental right of privacy.
Public awareness is indispensable to the effective carrying out of my role. As an ombudsman, I basically have two instruments at my disposal: persuasion and publicity. And, of course, persuasiveness is greatly enhanced if it is backed, whenever necessary, by the support of informed, alert public opinion.
Canadians need to know and understand their privacy rights, and to demand that they be fully respected. That is why, since taking office, I have placed great emphasis on my responsibilities as a communicator. I have to date delivered 35 speeches to diverse audiences across Canada, and given more than 210 media interviews.
Of course, I was aware before I was appointed that privacy is an important issue. I recognized it as a critical element of a free society, and agreed with former Supreme Court Justice LaForest that it was "at the heart of liberty in a modern state." And the argument that privacy is the right from which all freedoms flow — freedom of speech, freedom of association, freedom of conscience, to name just three — struck me as a powerful one.
But it didn't take me long in this position to see that privacy was even more important, and its protection more urgent, than I had realized.
This is a critical time to be Privacy Commissioner. Privacy is threatened as it's never been before. The alarm about "the end of privacy" has been sounded often enough in the past. But it's a sad fact that this alarm was easy for people to dismiss as exaggerated.
A reasonably informed person cannot dismiss it anymore. The technological means to eradicate privacy clearly now exist — not only computers and information processing technology, but also a panoply of technological wizardry from video cameras to facial recognition software to "smart" identification cards. And the motives exist — not necessarily nefarious motives. Indeed, the greatest threats to privacy often come not from those who want to do harm, but from those who argue quite convincingly that privacy must be sacrificed on the altar of some greater good.
Most of us can now easily envisage a world without privacy — not just envision it, but consider it possible and imminent, in a future that we will all live to see. We don't need a George Orwell to say, "Imagine what this would be like." It's beginning to happen all around us.
We're all confronted now with the real possibility of having to go through life with someone looking over our shoulder, either metaphorically or quite literally. We face the real and imminent prospect of having to live our lives weighing every action, every purchase, every statement, every human contact, wondering who might find out about it, judge it, misconstrue it, or somehow use it to our detriment.
That's not freedom. That, on the contrary, is a distinguishing characteristic of totalitarian societies.
Yet I remain concerned that many Canadians are watching but not seeing the assault on privacy. Their attention becomes focused only when their own privacy has already been violated — and by then it's too late. A person's privacy, once violated, can never fully be restored. If personal information about any one of us becomes known by someone who has no business knowing it, there is no way to retroactively make it unknown.
The pressures on privacy rights have, of course, become even more acute in the wake of the September 11 terrorist attacks. In a climate of fear and uncertainty, it can become all too easy to believe that the more the state knows about everyone, the safer we will all be. That, in turn, can give an unwarranted new aura of legitimacy to what are precisely some of the greatest threats to privacy — for instance, proliferating video surveillance, widespread use of biometric recognition technology, or national ID cards.
These pressures are further intensified by the fact that a climate of fear not only invites invasions of privacy, it also tends to discourage or penalize dissent. In the face of the destruction wrought by the terrorists, anyone arguing against any measure that has even the vaguest appearance of enhancing security must accept the risk of being accused of irresponsibility.
And yet the world has always been a dangerous place, and the evolution of fundamental rights such as privacy should teach us that their greatest value lies in their ability to endure and protect us in times of the worst adversity. When there is no great incentive to violate a right, it is not so much a right as a fact of life. It is only when the temptation to pursue some goal by brushing everything else aside comes closest to being irresistible, that our society's commitment to protecting fundamental human rights is truly tested.
Privacy and the other cherished freedoms and values that define Canadian society are not frills or luxuries in the situation we face since September 11. They are what this situation is all about. If we react to terrorism by excessively and unnecessarily depriving ourselves of privacy and the freedoms that flow from it, then terrorism will have won a great and terrible victory.
By all accounts, the goal of the terrorist campaign now underway is to attack and undermine the whole nature of American society, and by extension of all democratic societies. That makes our freedoms and values, very much including privacy, the central target. Far from making us safer, every ill-considered reduction of those freedoms — every needless encroachment on privacy — would be a proof that terrorism works and thus an incentive for further mayhem.
My responsibility as Privacy Commissioner is to do everything in my power to help ensure that the fundamental human right, and fundamental Canadian value, of privacy does not in fact fall victim to terrorism.
In discharging this responsibility, I don't argue that privacy is an absolute right, or even that there is no need for privacy-invasive measures to meet the kinds of security threats that we're now facing.
But it is my duty to insist that the choices about any such measures must always be made calmly, carefully, and case by case, and they must be justified according to clear criteria. I have suggested that the following criteria are appropriate, for government and the private sector alike:
Though it went through some initial growing pains, the federal government's legislative response to the threat of terrorism is at present, in my view, one that satisfactorily meets these tests with regard to privacy rights. I believe that the new Anti-Terrorism Act now strikes a reasonable and careful balance between security and privacy. I am continuing to put forward my concerns and recommendations with regard to subsequent legislation.
Still, there will undoubtedly be further challenges and threats to privacy in the months ahead, in the continuing aftermath of September 11. The choices we make will be of momentous importance.
In the days and weeks following the attacks, the general public got a good look at what privacy advocates have long been worrying about. They saw that there is a huge industry eager to manufacture and sell the technology of surveillance: video cameras, facial recognition systems, fingerprint readers, e-mail and Web monitoring, "smart" identification cards, location tracking. And they saw how many people are eager to argue that if you don't have anything to hide, you shouldn't mind revealing everything.
Over the past year, long before the tragic events of September 11, I have increasingly become convinced that privacy will be the defining issue of this new decade. That is a message I have repeated forcefully in my public appearances. Until recently, what I meant was that we are facing unprecedented and irrevocable choices with regard to privacy because of advances in technology and science, and those choices will determine the quality of our lives.
That remains true. But now more than ever, privacy will be the defining issue, because the choices we make about the balance between security and privacy will determine what kind of society we leave for our children and grandchildren. Even an Orwellian society devoid of privacy wouldn't be entirely secure — the most oppressive police state is still not immune to terrorism — but gradually depriving ourselves of our privacy rights in the name of safety would strip our lives of the dignity and freedom that are the hallmarks of our society.
We will inevitably see this in retrospect as the decade in which we had our chance to take a stand in asserting the crucial value of privacy and defending it against its assailants. I very much hope we will be able to recall it as the decade in which we seized that chance and took that stand.
Most people used to define privacy using some variant of the famous formulation of Samuel Warren and Louis D. Brandeis, as "the right to be let alone." That's still a useful definition, and it certainly captures the visceral sense that people have of the importance of privacy.
I prefer a more modern and refined definition of privacy as the right to control access to one's person and information about oneself. This definition better captures the nature of modern threats to privacy, which take place chiefly in the context of the collection and use of information about us.
That's why I've said so often in the past year that we're at a crossroads. The means by which we protected privacy in the past, or rather the means by which we could leave it to take care of itself, don't work well anymore, and they will work less and less well as time goes on.
Privacy used to be protected pretty much by default. When information about us was in paper records and scattered over many locations, compiling a detailed dossier on any individual was a daunting task. Unless you were famous, important or suspected of a grave offence, your privacy could be relatively safe without your having to make much effort to ensure it.
The move to electronic record-keeping has changed all that, eating away at the barriers of time, distance, and cost that once guarded our privacy. New surveillance technologies — cookies and Web bugs, video cameras, e-mail monitoring, smart cards, biometric identifiers, location tracking, drug testing — assail us wherever we turn. Strangers sitting at computer keyboards compile dossiers on us in seconds. Our activities and our interests, our purchases and our movements, our opinions and our habits are dutifully recorded, analyzed, and classified, for whatever use the highest bidder can dream up for them.
With the default protection vanishing, it's up to us.
As I mentioned earlier, one of the most interesting things I have observed in the past year is that the greatest threats to privacy seldom come from those who want to do harm.
They come from well-intentioned people who say that privacy needs to be sacrificed for some greater good — improved customer service, prevention of crime, the advancement of science, more efficient delivery of government programs, security.
Of course, sometimes privacy does have to yield to other social interests.
But we need to ask ourselves — and ask those well-intentioned people — what kind of society we would be serving, building, and promoting, if the destruction of privacy were too readily the price to be paid.
Privacy has to be seen, not as a selfish individual interest that has to give way before greater social needs, but as the shared, collective, social interest that it is.
That's why it's an important time to be Privacy Commissioner.
It's also an important time to have a new private sector privacy law. For almost 20 years, we've had legislation controlling the way the government collects and handles the personal information of Canadians. It's in the private sector that we are seeing the greatest explosion in collection of information and compilation of dossiers about us. It's there that it's most urgent that we assert control over our personal information.
Parliament passed the Personal Information Protection and Electronic Documents Act almost two years ago, and it began coming into effect on January 1st of this year. This Act is an important tool for Canadians to reassert control over their personal information, and to take a stand to protect and preserve privacy.
The Act applies to personal information collected, used, or disclosed in the course of commercial activities. At its heart is a model code for the protection of personal information, which was developed jointly by business, government, and consumer groups. The code is based on widely accepted principles of fair information practices, including those set out by the Organisation for Economic Cooperation and Development in 1980.
What the Act says, in a nutshell, is this:
The Act is coming into effect in stages. It has applied since January of this year to personal information, other than health information, of customers or employees of works, undertakings, or businesses under federal jurisdiction — principally banks, telecommunications, broadcasting, and interprovincial or international transportation, as well as in the Northwest Territories, Yukon and Nunavut, where it applies to the whole private sector, which, under the constitution, is federally regulated.
It also applies to personal information — again, other than health information — when it's disclosed across provincial or national boundaries for consideration. "Disclosed for consideration" is legalese meaning that you get something in exchange for it — for example, through sale, lease, or barter. The personal information itself must be the subject of the exchange for the Act to apply.
The exclusion of personal health information was a last-minute compromise, and it's temporary.
When the law was working its way through Parliament, representatives from the health care sector expressed two distinct, opposite sets of concerns. Some wanted a tougher law, with stronger consent provisions and restrictions«on subsequent uses of personal health information. Others argued that the law would constrain operational activities in health care, and wanted it to be more permissive.
But there weren't any fundamental problems or obstacles to overcome. Everyone recognized that personal health information had to be protected. Neither then, nor at any time since, has anyone produced specific, clear indications why the law as written cannot work satisfactorily. In fact, as then-Deputy Minister of Health David Dodge testified before a Senate committee:
"I have been asking for about six months for some specific examples of things that would really go wrong if the bill comes into effect, as indicated, in a year's time. I have been pressing to determine what things would actually fall down, what we really could not do. Frankly, I have been surprised that despite the general criticism and uncertainty I have not been given examples of things that would go wrong. There is an unease and uncertainty because we are into new territory. However, I have not had examples of things that would actually go wrong."
It was eventually agreed that health information would be excluded from coverage under the Act for one year after its coming into force. This was to give the health sector additional time to adapt to the new law.
In recent months, there has been a determined lobbying effort by various powerful health sector interests to continue depriving Canadians of the health privacy protection they were promised would come into effect on January 1, 2002. Some have been pressing for an extension of the exemption or carve-out for personal health information. Others would like to see the law tinkered with in a variety of possible ways, including a separate regulatory regime that would bypass the provisions of the Act and truncate the oversight role of the Privacy Commissioner.
But two things have remained constant over the past year. First, there is still no substantive consensus, with some still arguing for a stronger law and others for a weakened one. And, second, no one has yet demonstrated specifically and persuasively what is wrong with the law as written.
Any delay or dilution of the health privacy protection that Canadians have been promised by Parliament would, in my view, be a great blow to privacy rights.
Personal health information — information about the state of our own bodies and minds — is arguably the most private information of all. Any inappropriate disclosure can have devastating consequences. Indeed, fear of losing control over their health information can deter people from seeking medical care at all, with detrimental results not only for them but also for society as a whole. That's why any privacy protection legislation that does not fully protect personal health information is scarcely worthy of the name. The one-year delay in this regard was more than long enough.
An even greater concern would be the effect that any delay or tampering with regard to health privacy protection could have on the effectiveness of the PIPED Act as a whole. People in the health field may argue that their sector has special and distinct privacy issues. But people in banking, transportation, telecommunications — indeed, any sector of the economy — could easily make the same argument.
That is why the law was drafted in terms of relatively broad principles and rules, with ample room for flexibility and interpretation in its application. If special exceptions were to be made for one sector such as health, every other sector could likewise start demanding individualized treatment and the whole edifice of the privacy law would be at risk of crumbling.
I am therefore very pleased that the Minister of Health, Hon. Allan Rock, confirmed to me in a letter dated September 24:
"I do not support the creation of a separate regulatory agency to deal with personal health information under PIPEDA. The Act, as passed by Parliament just over one year ago, is clear that oversight, redress and audit responsibilities rest with the Privacy Commissioner. The Deputy Minister has also made it clear to stakeholders in the Health sector that we are not contemplating amendments to PIPEDA to create a separate Agency for the health sector, nor do we support a delay in the application of PIPEDA to the health sector."
I very much appreciate this recognition by the Minister of Health, on behalf of his department, of the vital importance of having health privacy protection come into effect as scheduled on January 1, 2002.
At the time of writing of this report, it does indeed appear that the Act will apply as written. On January 1, 2002, the personal health information held by federal works, undertakings and businesses about their customers or employees will be protected.
The sale or barter of personal health information across national or provincial borders will also be covered. Disclosures of personal health information across any borders for consideration (where the consideration is for the information) will be covered. And all businesses and organizations in Yukon, the Northwest Territories and Nunavut that collect, use, or disclose personal information in the course of commercial activities will have to protect personal health information as well.
It is important to note that the health care sector will still have another two years to prepare for the coming into effect of the Act in the areas that are presumably of greatest concern to it. That's because the Act will not apply to such directly health-related commercial services as doctors' offices, private clinics, laboratories and pharmacies until January 1, 2004 — when it extends to all private-sector commercial activities within provinces, except where a province has passed substantially similar legislation.
There is, however, one issue that I consider appropriate to address at this time.
I know that members of the health community are understandably concerned about the possible impact of the Act on health research, since it involves personal health information and pecuniary considerations are not always absent. I want at this time to provide assurance that bona fide health research, carried out with appropriate sensitivity to the privacy rights of Canadians, has nothing to fear from the Act or my Office.
My position on this important issue will be as follows:
Personal health information is perhaps the most privacy-sensitive of all personal information, and as a general rule individuals must have the right to control who can collect, use or disclose this information, and for what purpose. At the same time, however, our society has a vital interest in the continuation and development of health research, which holds the promise of great benefits for all individuals.
The Purpose clause of the Act specifies that its rules are intended to balance "the right of privacy of individuals with respect to their personal information and the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances."
In the case of health research, it appears clear to me that the appropriate balance is one that safeguards the genuine privacy interests of individuals while permitting the conduct of legitimate health research that uses information in ways that can have no possible impact on the individuals to whom it pertains. I do not believe that the Act was in any way intended to deter or impede such research, and my provincial and territorial counterparts with whom I discussed the issue this summer share this view.
Accordingly, I intend to interpret broadly the intent of paragraph 7(2)(c) of the Act which permits an organization to use personal information without the knowledge or consent of the individual if "it is used for statistical, or scholarly study or research, purposes that cannot be achieved without using the information, the information is used in a manner that will ensure its confidentiality, it is impracticable to obtain consent and the organization informs the Commissioner of the use before the information is used." Paragraph 7(3)(f) makes a similar provision for the disclosure of personal information without knowledge or consent.
I will take the view that bona fide health research carried out by duly accredited organizations under appropriate safeguards does in fact constitute statistical or scholarly study or research, whether or not there is an element of pecuniary interest involved. Merely because research into a particular medical condition may receive funding assistance from an outside source that hopes to reap financial benefit from the discovery of an effective new medication, for example, does not, I believe, change its legitimacy as health research from the point of view of privacy rights.
With regard to the impracticability of obtaining consent for such research, I accept the view of the health research community that cost factors and/or the difficulty of obtaining consent from 100 per cent of a target population make it impracticable to obtain individual consent for many health research studies.
The Act requires that the information in question must be used in a manner that will ensure its confidentiality. I consider this requirement to be of paramount importance.
I will accordingly take the position that personal health information can be disclosed and used without consent for health research as described above, but only provided that it remains strictly within the confines of the research project and that it can in no way harm the individual to whom it pertains.
Without limiting the generality of the foregoing, I will consider it an absolute requirement that personal health information disclosed and used without consent for health research purposes can under no circumstances whatsoever find its way to the individual's employers, insurers, relatives or acquaintances, governmental or law enforcement authorities, marketers or any other third parties, nor can the individual be contacted as a result of this information by anyone other than his or her own physician or other primary health care provider, as the case may be.
I and my Office will maintain vigilant oversight over this requirement, and any breach of it would be considered, ipso facto, an extremely grave violation of the Act.
I am convinced that this approach will fully meet the intent of the Act, effectively protect the privacy rights of Canadians, and permit all legitimate health research to proceed without impediment.
The final stage for implementation of the Act will be in January 2004. At that time, it will extend to all commercial activities in Canada, with one important exception: where a province has passed substantially similar privacy legislation, the federal government may exempt organizations and activities in the province from the application of the federal legislation, and the provincial law will apply.
Federally regulated businesses in those provinces will continue to be governed by the federal Act. So will personal information in all interprovincial and international transactions by organizations in the course of commercial activities.
In short, soon we will have seamless privacy protection in Canada. All of the private sector will be required to comply with the federal law or a substantially similar provincial one.
One of the points about the new private sector legislation that I have made frequently this past year, especially to business audiences, is that it doesn't set Canada apart from the rest of the world. Similar legislation is found in most economically advanced countries worldwide, with the only significant exception being the U.S. Even there, the debate is less about the principles than about the best means of observing them.
One of the reasons that this kind of legislation is being adopted is that when one country has it, it can only fully protect its citizens' information if the countries with which it trades have similar protections. To promote a better understanding of how we protect privacy in Canada, I have spoken and participated in conferences in Washington, at Harvard University, and in Brussels, Cambridge, and London, and I've engaged in dialogue with privacy and data protection commissioners from around the world.
When I was appointed as Privacy Commissioner, I looked at the situation we were facing: multiple threats to privacy in the name of reasonable social objectives, ever-diminishing expectations of privacy, a complex new law, and a public that, to some degree, seemed so accustomed to having its privacy whittled away that it was in danger of losing sight of privacy's meaning and importance.
Faced with all that, I decided at the outset to put a special emphasis on communications.
One of my first acts as Privacy Commissioner was to establish a new Communications and Strategic Analysis Branch in my Office, with responsibilities for researching privacy issues and reaching out to the public, to inform them and to get their views. And I personally have seized all available opportunities to spread the word, criss-crossing the country, to address conferences and meetings and give interviews to the media.
I have also ensured that the public can get accurate, current information from our Web site — for example, my speeches are available there as soon as I deliver them — and in published form. We've made available information packages on a variety of subjects including identity theft, the census, and, of course, how to access personal information and assert your rights under Canada's privacy laws. We've also published extensive guides for individuals and businesses on the new Act and how it will affect them.
I do this because it is profoundly important for Canadians to know their rights and to understand the implications of losing their privacy. And the simple truth is that I rely on public support in my role as an ombudsman, which is the primary way I protect Canadians' rights under the Privacy Act and the Personal Information Protection and Electronic Documents Act.
I do not have formal powers to force government institutions and private sector companies to respect people's privacy, or to make amends when they have failed to do so. I can go to the courts in certain instances, of course, but that's never an optimal solution. What I rely on is the power of public opinion. Few people, in government or in business, want to incur the public's wrath. The better informed the public is, the more its opinion will be respected.
I want to come back now, as I said I would, to some of the specific privacy issues that have preoccupied me this year.
Surveillance — actual visual surveillance — has long been a central concern of privacy advocates. The past year saw an upsurge in surveillance activities, by governments and the private sector, that has pushed this issue front and centre.
Privacy means being able to go about your lawful business without your every move being scrutinized and monitored. While we have to be very mindful of the more subtle privacy threats presented by modern information collection and management, it is imperative that we not lose sight of the gross violation of privacy that surveillance represents.
Video surveillance is everywhere, in public and private spaces. We've become conditioned to being watched and recorded when we enter a bank or a convenience store, move through an airport, or drive through an intersection. And now, alarmingly, we are seeing a growing inclination to monitor us as we walk on the streets of our cities and towns.
People occupying a public space must reasonably expect to be observed by others. But it's one thing to expose yourself to casual glances, or even interested notice, by your fellow citizens. It's another to find yourself under systematic, relentless observation, without cause, by agents of the state.
We haven't yet reached the same point as the United Kingdom, with its ever-increasing network of video surveillance — some two million video cameras, according to a recent report, watching streets, parking lots, housing developments, and shopping centres. Nor have we yet followed the lead of the US, where there are already instances of random video surveillance of public gatherings combined with biometric databases, to produce an electronic equivalent of the police line-up — with everyone required to participate, independent of any suspicion of wrongdoing.
But we have seen the installation of video surveillance systems aimed at public streets in Kelowna, B.C. (the subject of a complaint received by this Office), and similar systems are being planned for various other Canadian cities.
And biometric face recognition technology, in Ontario casinos and at Toronto's Pearson International Airport, also made the headlines this year. (In the latter case the headlines turned out to be wrong: my investigation revealed that the RCMP was using biometrics in a reasonable manner. My account of this is in Part One of this report.)
The rationale for surveillance is always the same: it increases security and helps deter crime. That's not something to be dismissed lightly. Whether it's bank robbery or the running of red lights, privacy advocates have no sympathy for people who hide behind privacy as an excuse for wilful violation of society's rules and laws.
But, as someone once said, the only place where a police officer's job is easy is in a police state. We cannot let legitimate concerns about security override a legitimate concern about privacy. If we sweep everyone into the net, if everyone is a suspect whose every movement can be monitored and perhaps recorded, analyzed, and filed away — just in case — we may well have done the utmost to prevent and control crime. But we will have done it at the unacceptable cost of a fundamental human right.
And if the state has no business monitoring the law-abiding nation, the private sector has even less. Yet, this year, a private security company in Yellowknife decided to make public surveillance its business, and aimed its video cameras onto a downtown street. That was enough to trigger a complaint under the Personal Information Protection and Electronic Documents Act, which applies to all private sector activities in the territories. My findings are described in Part Two of this report, but suffice it to say that I found that this was a contravention of the Act. I think we can all take some satisfaction from the fact that this company acted without the support of the city's officials, police force, or the public, and stopped conducting the surveillance voluntarily when the public reacted negatively.
What is far more disturbing is the situation in Kelowna, B.C. Here the RCMP, acting as a municipal police force, set up a video surveillance camera to continuously monitor and record everyone on a public street. Investigating a complaint that was made to me by the Information and Privacy Commissioner of British Columbia, I found this activity to be a collection of personal information that is in clear contravention of the Privacy Act.
But the RCMP is still continuing 24 hour surveillance through the camera, only without continuous recording. This puts it into technical compliance with the Privacy Act, which defines personal information as information about an identifiable individual that is "recorded in any form."
As I made clear in my finding, I consider this sort of video surveillance of public places to be an extremely serious violation of privacy rights even in the absence of recording. It is the very presence of video cameras, whether they are recording at any moment or not, that creates the privacy-destroying sense of being observed. As well, if a proliferation of video cameras is allowed to take place, it is virtually certain that function creep will lead inexorably to the linkage of these cameras with biometric technology. This would eventually make it possible to identify anyone in a monitored public place at any time, or to monitor the whereabouts and activities of any given individual as he or she moves from place to place.
What is crucial to emphasize is that there is absolutely no evidence that video surveillance actually reduces crime, rather than merely displacing it to other locations where there are no cameras. In fact, a spokesman for the RCMP detachment in Kelowna, Corporal Reg Burgess, was reported in The Vancouver Sun of June 19, 2001k as stating that such cameras "do, in some circumstances, prevent crime, but they mostly displace crime."
This Vancouver Sun article goes on to report: "Burgess added that, by shifting crime away from Kelowna's downtown core into residential neighbourhoods, police will be alerted to criminal activity more quickly by homeowners."
Since my mandate is to oversee privacy laws rather than the laws of common sense, it is probably beyond my purview to comment on this stated RCMP policy of using video cameras to relocate crime from downtowns to residential areas.
However, I met recently with RCMP Commissioner Giulliano Zaccardelli and tried my utmost to persuade him to demonstrate respect for privacy rights by ordering the removal of the Kelowna surveillance camera. In a letter dated November 27, 2001, Mr. Zaccardelli responded:
"I am satisfied that in the case of Kelowna, the RCMP is acting within the scope of its duty to protect the community based on well articulated public safety concerns. The use of the cameras will prove to be a valuable asset to the community in suppressing criminal activity and making it a safer place to live."
I then asked Commissioner Zaccardelli for the data on which he bases his conclusion that this video surveillance is indeed effective in assisting the RCMP in its duty to protect the community, and particularly for the evidence that the camera in operation since last February is in fact "suppressing criminal activity" and is making Kelowna "a safer place to live." Specifically, I asked Commissioner Zaccardelli for statistics on the number of arrests arising from the use of the camera since last February, and for statistics comparing the overall crime rate in Kelowna during the months the camera has been in operation to the crime rate for the same period last year. He was not able to provide any such information.
I find this deeply disappointing. One would expect the Commissioner of the RCMP in choosing to reject the strong recommendation of an Officer of Parliament on such an important matter, to base his decision on the clearest factual evidence, not on unsubstantiated anecdotal conjecture, supposition or wishful thinking.
Even more important, one would expect Canada's highest-ranking police officer, the head of our national police force, to want his force to be exemplary in setting the highest standard of respect for privacy rights. It remains my hope that Commissioner Zaccardelli will come around to that view. If he instead retains his current position on this video surveillance, he will regrettably be setting the diametrically opposite example, to be followed by police forces across the country.
The level and quality of privacy in our country risk being struck a crippling, irreparable blow if we allow ourselves to become subjected to constant, unrelenting surveillance and observation through the lens of proliferating video cameras controlled by the police or other agents of the state.
For this reason, I respectfully request the assistance of Members of Parliament and Senators in seeking to persuade Commissioner Zaccardelli to rethink his stance on this issue. I consider this to be a matter of the greatest importance.
Video surveillance is the most obvious means by which we are being watched and monitored in public. But there are others. The location technology being inserted in cell phones can pinpoint a caller's location to within 50 metres. Geographical positioning technology can be used to locate vehicles. Electronic payments systems used on toll roads and bridges can be used to track the movement of vehicles.
So we have moved well beyond the kind of exposure that "going out in public" used to mean. When we are out in public, we are really out in public — nothing, it seems, can remain private any longer.
And, to add to the problem, as the definition of what is public and what is private becomes blurred, the assault on our public privacy extends to domains that we once considered unquestionably private. A growing number of sensory enhancing technologies — chemical sniffers, thermal imaging devices, night vision binoculars, sound wave receptors, portable x-ray devices — allow what goes on in closed, unquestionably private places to "leak" into public space. The infamous Kyllo case in the U.S., where a marijuana growing operation was detected by a thermal imaging device that captured heat transmissions from the house, shows just how blurred the distinction between public and private can be.
Again, privacy advocates are not advocates of crime. We recognize the good intentions of those who want to use surveillance to increase security. But our society can achieve its legitimate aims for security and prevention of crime without throwing away privacy and the fundamental civil liberties that flow from it. These privacy invasive technologies must be confined to very limited and specific situations where the threat to public security is material, significant, and imminent, and they must be subject to prior judicial authorization — warrants, in other words.
Even the extraordinary growth in generalized surveillance of our public selves, by agents of the state, pales when we compare it to the explosion in surveillance of employees both in and away from the workplace. This is an issue that is of increasing concern to me.
As I told a conference in Toronto last April, workplace privacy is one of those issues that has come to the fore because the default protection of privacy no longer does the job. Privacy rights in the workplace are ill-defined because, until now, they have not had to be defined.
Managers have always wanted to ensure productivity and prevent liability. Even before Henry Ford and Frederick Taylor brought us the production line and "scientific management," managers were monitoring, measuring and conducting surveillance of their workforces.
But for a long time technology imposed a benign limitation on this. Workers were able to maintain a core of privacy in their work — just as they can maintain the privacy of their desk drawers, lockers, and personal effects — simply because monitoring and recording could so easily be overloaded with information.
That benign limitation began disappearing as computers became more common. The dream of perfect control and perfect security is, for all intents and purposes, achievable in the workplace, with technology that allows managers to monitor everything that moves and analyze everything that's recorded.
For some, the idea that employees have privacy rights in the workplace is unacceptable, since they are on the employer's time and property and using the employer's equipment. I don't agree. Employees don't sign away their fundamental human right of privacy when they enter into an employment contract. It may come as a surprise to some that a considerable number of judges and arbitrators agree with me on this.
Nonetheless, we've witnessed an extraordinary growth in surveillance in the workplace. This is particularly apparent in the US, where there are few privacy laws to protect employees. In January 2001, the American Management Association surveyed 1,627 large and mid-sized companies and found that more than 75 per cent of them videotape their employees or monitor their e-mail, Internet, phone calls, or computer files. This is up nearly 10 per cent from a similar survey last year.
There have been no comparable studies of the extent of employee surveillance in Canada; it's often simply assumed to reflect the situation in the US That may be an incorrect assumption, partly based on a failure to understand the difference in Canadian laws.
And that failure to understand the difference in laws is frequent in Canada. For example, employers often cite potential liability for workplace harassment as a reason to conduct surveillance, especially of Internet and e-mail use. That reflects US legal doctrine, rather than Canadian. In Canada, anti-discrimination legislation only imposes liability on an employer if it has failed to take reasonable steps to prevent harassment. That doesn't mean wholesale electronic monitoring of the workforce. It means having a good harassment policy, training employees, having good anti-harassment procedures in place (such as a harassment co-ordinator and a confidential complaints process), and acting quickly and effectively if harassment does occur — or if there is good reason to suspect it.
The other excuse I hear for wholesale electronic monitoring is the supposed "potential" of Internet connections for time-wasting and misuse of the employer's facilities. I don't accept that we should monitor employees because of a potential for time-wasting any more than we should monitor the law-abiding public because of the potential for one or some of them to commit a crime. Reasonable suspicion of wrongdoing should be the only justification for monitoring and surveillance of a workforce. Electronic monitoring should never be allowed to substitute for — it can't substitute for — good management and supervisory practices. If the only way an employer can know whether employees are working is to monitor them electronically, there's something wrong with his management practices.
The Personal Information Protection and Electronic Documents Act limits collection, use, and disclosure of information to "purposes that a reasonable person would consider appropriate." That's an important restriction on monitoring and surveillance in the workplace. Since the Act, or provincial legislation very much like it, will be binding on many employers throughout the country very soon, all employers should be looking at it.
I mentioned earlier the privacy implications of pressure for open government and access to government information. This came to a head this year in the attempt by various parties, supported by the Information Commissioner, to get access to the agendas of the Prime Minister.
That the values of openness and access to information could be twisted into such an attack on privacy — agendas are by their very nature private — has been a painful discovery for me. I never thought I would have to find myself opposing access to information. As a former journalist, I am acutely aware of the importance of openness in government. As an actively involved citizen, I have seen how accountability can be enhanced when information is readily available.
But this unquestionably good thing cannot bulldoze everything in its path, or justify a violation of individual privacy. Once again, privacy has to be asserted in all its societal importance, as a fundamental right, so that we don't see it as something that can be traded away every time someone sees it as an impediment to a valid objective.
Fortunately, I'm not alone in my concern about this. The courts have been very clear: open government doesn't preclude protecting fundamental human rights. Access is an administrative right that can enhance democracy. Privacy is a fundamental human right that is the very essence of democracy.
Another important issue is Government On-Line. The move to a seamless electronic interface between the citizenry and various levels of government can be an excellent development, improving the way programs are delivered and making government more efficient and accessible. Every Canadian has a story to tell about being confused as to which department or which level of government is responsible for which service. And many Canadians know the stories, whether true or apocryphal, of the difficulties that can be encountered in trying to get information from government.
But the walls between agencies and programs, within government and across levels of government, are also walls between collections of personal information. Government as a single, centralized body brings with it the prospect of merging databases of information about individuals' interactions with government. That information has been collected for specific uses. When it's held in separate databases specifically for those purposes, it's compartmentalized.
When those databases are merged, someone with a need to know only one piece of information can have access to lots more. And information can be combined, to reveal new information, leading to detailed profiles of individuals, tracking their activities and their interaction with government. Combine that with the assignment to each Canadian of an authentication, identification, and access device — what the government is calling "e-identities" — and we could find ourselves faced with a surveillance society, and the end of the right to be let alone.
Moreover, delivering services or benefits electronically will depend on private sector involvement. Private sector providers, as components of government delivery systems, could become repositories of vast databases on Canadians. That is cause for concern, given the limited protection of privacy in the private sector, even with the new private sector legislation.
I've addressed many audiences this year on this subject, and undertaken a continuing process of consultation with the Government of Canada. My message is simple enough: privacy has to be built into these Government On-line projects from the start. That includes doing privacy impact assessments, and consulting with privacy protection agencies at the design stage — not late in the process, when the privacy problems are already locked in.
Again, I am not questioning the motives of the people behind these initiatives. I have no doubt that their intentions are the best. Efficiency is a worthwhile aspiration. But, as I have emphasized repeatedly, efficiency has to be properly understood, as a relation between means and ends — choosing the best means of achieving defined goals. What's critical is how we define the goals. For government, and for society, those goals have to include the preservation and protection of privacy.
Earlier, I touched on the issue of the privacy of health information. It is difficult to emphasize its importance enough.
Governments at both the provincial and the federal level intend to expand the collection and sharing of personal medical information and develop a comprehensive health information system. The intent is laudable — to deliver a consistent standard of care across the country, assessing why people get sick, and determining who is using, and abusing, the system and why.
But the result may be that a person's latest medical check-up has a potential audience of thousands. And because the state of the health care system is such an urgent concern, privacy issues could tend to be disregarded, or at least given short shrift, in the discussion.
Losing control over health information can have devastating consequences. Fear of losing control may discourage people from seeking medical care at all. The prospect of detailed psychiatric assessments finding their way into an insurance administrator's or an employer's hands, for instance, may be enough to dissuade patients from seeking care. Or they may withhold vital information from doctors, prejudicing the effectiveness of treatment and ultimately wasting the resources of the health care system.
Nearly 87 per cent of doctors in a recent survey in the U.S. reported that a patient had asked them to keep information out of their records. Nearly 78 per cent said they had withheld information from their records because of privacy concerns. We have to wonder whether attitudes are similar here in Canada.
For the patient, health information is fundamentally personal and sensitive. It needs the highest level of protection to ensure that it can never be used to the detriment of the individual to whom it belongs.
I remain very concerned about the security of sensitive medical information. Storing medical records electronically may increase the risks of not just a trickle of isolated privacy violations, but a full-scale flood. We've all heard about unintended disclosures of personal health information and security breaches on the Internet.
Take the recent example of the Eli Lilly and Company's unauthorized disclosure of 700 e-mail addresses of people taking Prozac. Eli Lilly had offered patients taking this drug an e-mail reminder service. The privacy breach took place when an e-mail, sent out at the end of June announcing the end of the program, listed all of the e-mail addresses of the people who had signed up for the service. This simple act created a lot of negative publicity for the company and contributed to the debate in the United States about the difficulty of protecting patient records that are stored electronically.
We also now have examples of hackers gaining access to hospital records. Back in December 2000, The Washington Post reported that a Dutch hacker had penetrated the patient record system at the University of Washington Medical Center in Seattle. The hacker is said to have downloaded copies of several thousand patient files containing patient names, conditions, home addresses and Social Security numbers. Closer to home, The Vancouver Sun reported in August that five pharmacists in British Columbia were recently disciplined and fined by that province's College of Pharmacists for spying on the medication records of colleagues, relatives, friends or acquaintances.
So are we, as a society, prepared for the privacy and security breaches that may be coming — Perhaps, at the very least, we should give patients the right to choose whether to have their medical records stored electronically. We recognize that electronic patient files represent great opportunities for quality of care. But we should also recognize that they represent a challenge from the perspective of patient privacy and confidentiality. The opportunities cannot be realized if the challenge is not met.
Indeed, this fact — that the opportunities of the future cannot satisfactorily be realized if the challenge of safeguarding privacy is not met — applies to all the issues with which I deal and which I have been addressing in this overview.
Privacy is not an option, or a frill. It is a fundamental right. The need to respect that right goes to the very heart of all our hopes for progress as a society and as individuals. That's because all meaningful progress is ultimately about improving the quality of our lives — and we must never delude ourselves that we can achieve such improvement if we pursue it, in any field, at the expense of heedlessly sacrificing the right to privacy which is so essential to our freedom and dignity.
Combating that delusion wherever it arises, and averting that sacrifice whenever someone tries to impose it on us, is what the work of my Office is all about. In the following sections of this report, I will provide an accounting of how we have been discharging our responsibilities.
|
||||
Date published: 2003-11-18 |
 |
Important Notices | ||
