The Privacy Commissioner of Canada to Access & Privacy 97 Information Issues in Transition

Privacy in a Digital Age

January 27, 1997
Ottawa, Ontario

Bruce Phillips
Privacy Commissioner of Canada
(Check Against Delivery)

Quite frankly, it's hard for a Privacy Commissioner to know whether to celebrate or despair, or do both and commit oneself to the rubber room.

Never has the news been so potentially exhilarating and devastating all at once. We're not talking here about having a good day/bad day. We're talking about choosing between meaningful privacy protection in this digital age or throwing out baby, bath water and trashing the whole house.

You may suspect me of hyperbole but what I would like to do this morning as you embark on the conference program is make the case that 1997 is a critical year, not just for the circumscribed data protection law we call the Privacy Act, but, more critically, for the value we know as privacy.

One slip, one moment's inattention on the part of those of us who care about the issue, and I count you among us, and we may be left with nothing more than a shell.

I will explain. The encouraging news is two-fold; the first which some of you will already have heard, is the government's commitment "by the year 2000...to have federal legislation on the books that will provide effective, enforceable protection of privacy rights in the private sector." The Minister of Justice announced the undertaking at last September's international data commissioner's conference. Mr. Rock acknowledged that the current approach, legislation for the public sector and self-regulation for the private sector, was now obsolete. Advances in computer and networking technology, coupled with Canada's evolution into a knowledge-based economy, means that protecting personal information can no longer depend on whether the data is held by the public or private sector. The Ministers of Justice and Industry are now preparing legislation.

Good news indeed. The familiar trap that lurks in front of this estimable project is the pursuit of perfection. If I had any advice for the parties, and I'm sure they knew I would, it would be to acknowledge that we cannot solve all the problems at once. We cannot hope, nor do I think we should attempt, to write comprehensive, detailed and complex law as some European jurisdictions. This would simply be too big a mouthful to chew, and one that could threaten to choke us. It might also be inappropriate for our North American context.

I would encourage the drafters to embed the privacy principles in law,access rights and a fair information code, and spell out the oversight procedures. This would allow the private sector to apply the principles to their business environment and make them work. A non-confrontational independent oversight, like an ombudsman, would then be a tool to resolve conflicts and improve understanding of the principles and the law.

The second bright spot on the horizon is that work has begun on reforming the current federal Privacy Act with a view to ironing out some wrinkles and hopefully preparing it to meet the technological onslaught of this century (and, one hopes, the fast-approaching next one). I think we all realize that this is not a burning priority on the government agenda, and that an election may intervene. Nevertheless, I applaud the work and the commitment, and believe the outcome will be much the same whatever the election results. Parliamentarians of all stripes can comfortably support a supple and effective privacy law.

Of course, I also cling fiercely to the hope that it will happen on my watch, not because I am beginning to cast my eyes on the history books, as they say, but because it is time. The current act is now approaching its 14th birthday and needs a thorough airing. Many of the recommendations from the 1986 review were never acted upon and many are as valid now as they were then.

For example, those recommendations included:

• extending jurisdiction to all federal institutions including Crown corporations and to the federally-regulated private sector;
• preparing privacy impact statements and providing for Privacy Commissioner review of all new legislation with a privacy impact;
• prohibition of all but the most carefully circumscribed datamatching, and
• legal restrictions on use of the Social Insurance Number.

However, the act now faces an economic, social and technical environment that Parliament, bureaucrats and privacy advocates could not even contemplate when it was drafted in 1982. We have gone though an economic boom, a recession, and an economic semi-recovery (I say semi-recovery because some are recovering very nicely indeed while others are on life support).

This recovery is forcing governments of all persuasions to regard their collective bottom lines with steely eyes and hearts. We are presumably all taxpayers here, and we can certainly support efforts to streamline and economize. We all have to do it in our own lives. But as the economy has turned leaner and meaner, our society seems to be turning nastier. Our vaunted commitment to those social values of mutual support and caring, and our ability to allow for some slush in the system in order to protect our neighbours from real deprivation while maintaining our democratic freedoms, both appear to be under siege.

We also appear to have become more fearful for our safety and many seem ready to accept living more circumscribed lives if that will guarantee safety for themselves and their families.

When a society under these pressures is offered the technology which promises to pare the bottom line, catch the cheats and winnow out the dead wood, the temptation is very hard to resist. The risk we court is making a Faustian deal which could be terminal for a good deal more than federal data protection law. The effect could be deadly for the soul of our society.

I don't want to sound apocalyptic here. There is going to be altogether enough of that as we approach the millennium. But, I do want us to consider not just the impact of some of the individual initiatives, but also the cumulative effect on our social values.

First let's consider some practical examples. One of these is part of the federal government's plan to rid itself of some its programs. It is the recently-signed agreements with the provinces which will see the federal government withdraw from labour market training.

The decision to transfer these responsibilities to other jurisdictions is not a privacy matter, of course. But the future security and accessibility of the personal records is a privacy concern. The individuals now have legal protection against excessive collection and improper use and disclosure of the data. They have access and correction rights, and can benefit from an independent oversight if they believe something has gone wrong.

Transferring records to provincial jurisdiction causes no concern where there is comparable protection in place, for example, in Ontario, Quebec or Alberta. But not all provinces have such a law in place. PEI has none, and Manitoba and New Brunswick laws provide individuals access to their records but, do not address improper collection, use and disclosure issues, the guts of any privacy law. Can the federal government, under pressure from the provinces, ignore a data protection vacuum and simply hand over the records? Or does it have a fiduciary responsibility to its citizens to ensure that the protection continues?

Another factor in the devolution is similar agreements with some 50 Native bands, and the participation of community-based organizations and the private sector in training programs. None of these organizations is subject to any privacy law. How will these records be safeguarded? What information rights will the individuals have? Who controls the records? We are working with the department to find the answers and suggest some practical solutions.

Commercialization of several federal operations, NAV CANADA, the Canada Communications Group, the airports and the Seaway among them,pose its own challenge. An organization in the throes of being removed from federal jurisdiction has a lot to deal with. The last thing they worry about is the personal data in their files. In fact some scoff at the notion that this is an issue at all. But, an agency cannot simply transfer its entire record collection out from under the law without first reviewing the data. The transfer could amount to a blanket disclosure of its entire personal records.

Our concern about the NAV CANADA transfer is a case in point. For those of you unfamiliar with the issue, NAV CANADA is the air traffic control system which has been hived off from Transport Canada and made a not-for-profit corporation. When it was apparent that there was no intention of continuing to have the Privacy Act apply, we launched an audit to ensure that Transport transferred only the necessary personal records.

Transport Canada and NAV CANADA did not exactly welcome our intervention with open arms, suspecting us, I think, of exaggeration. But, the audit has made our point. Transport Canada hired extra staff and reviewed the files. The result: they culled almost a million pages of outdated personal information. That's 330 standard file boxes that, stacked one on top of the other would reach 32 stories high. The records were pulled from such personnel files as conflict of interest, occupational health & safety and security dossiers. Even if no-one else appreciates the task, one hopes the NAV CANADA records manager is eternally grateful.

Unfortunately, the more vital question of future privacy rights for employees and clients of NAV CANADA is now beyond our reach.

The economy also seems to be leading some employers to consider extraordinary steps to monitor or screen employees. The so-called jobless recovery (and concerns about drug use) prompt employers to install cameras in work places and washrooms, to demand drug tests, to subject candidates to intrusive personality testing and to monitor phone calls and E-mail. It seems that the less secure and less remunerative work becomes, the more intrusive some employers think they can be. Are you offended by the practice? Do you find it management overkill? Too bad, there's the door.

Perhaps the most extreme example of this was a recent call we received from a woman working for a private transportation company. Since we could not investigate, I can only go on what the woman reported. New American law requires Canadian transport drivers whose routes enter the U.S. to submit to drug tests. Apparently, her company's response to the law is to begin testing every driver.

But, the drivers' contract also required them to consent to the employer entering and searching their homes, should drug use be suspected.

If the allegations are true, and I'm still having trouble believing it, what an extraordinary abuse of power and authority. This is a power we do not even give the police without judicial authorization. A recent American story reported a court action by two employees fired because they refused to provide hair samples for DNA testing. Should people have to check their rights at the door in exchange for a job? Perhaps this illustrates why the market cannot always be left to decide.

I'd like to turn now to a couple of the technical tools we have available for our tasks and the implications. One of these is easy to understand, at least on the face of it, I don't pretend to understand the technology. Some of you may have seen reports of a new screening technique for staff to search airline passengers. Called holographic imaging radar, the system will soon be tested at selected US airports.

If you thought the current practice was offensive, wait for cameras that strip away your clothes to ensure you are not hiding weapons or explosives. Airport managers hasten to reassure passengers that only someone of the same gender will watch the screen. Now, I'm no more interested in being blown up than you are, but what is essentially a strip search of every passenger seems extreme. And assuming that terrorists read the papers, will the next solution be body cavity searches before you're allowed aboard.

A more complex and more immediate challenge is the government plans to introduce data warehousing. A recent survey found more than 90 per cent of federal government respondents are either building or considering data warehouses. Warehouses are centralized information systems which allow users rapid access to a huge range of data. They are super-repositories that collect data from a variety of sources, standardize it, then allow different users to share the information. They also offer the organization applications to provide better service to the public.

The appeal is obvious but, improperly or carelessly applied, they can lead to nothing less than the integration of all personal records into one massive system. This may work well for Wal-Mart or Sears for just-in time delivery and for inventory control. But, in a government context, dealing with personal records of millions of Canadians from hundreds of discrete programs, the risks are several and serious.

One, the warehouse data will be available on an internal network using Internet browsing and search tools,the Web meets the warehouse to serve a common goal,find the information.

Two, the more accessible the data, the more people will want access. If we build it, they will come in droves.

Three, the implications of an error in the data multiplies exponentially,and once in the system, the error threatens to become the truth no matter what the client says.

Four, data mining will no longer be the turf of the technical wizard, it will be within reach of every user. Finally, linking transaction histories to data warehouses speeds development of what are known as customer intimacy systems. The danger is that the warehouse risks becoming a data jail.

In effect, this is the electronic version of Jeremy Bentham's Panopticon. Bentham proposed a design for a prison which would allow guards to observe prisoners from a central tower from which they could see out but no-one could see in. The tower might, or might not, be occupied but the effect of his design was to create "a state of conscious and permanent visibility that assures the automatic functioning of power". Effective but chilling.

Technology now furnishes government with the power to create an information Panopticon. Why should it not seize the advantage? Perhaps we would all behave impeccably if we thought someone might observe our every transaction. There is no underestimating the power of fear and embarrassment for social control. Could this be the answer to fraud and cheating?

I don't think I am taking this argument to an illogical extreme. Consider the government's current proposal to match returning travellers' declarations with the list of UI claimants. Here surely is a collection of information for one purpose,and a disclosure for an entirely unrelated purpose. We don't yet have a data warehouse that would allow Human Resources staff on-line access to Customs declarations, so the match is being done by exchanging computer tapes. This is a distinction without a difference. Every returning air traveller is now subject to suspicion of cheating the employment insurance fund without reasonable grounds, without notice and without independent authorization. There's more at stake here than the Privacy Act. We are sufficiently concerned to have obtained a legal opinion which unreservedly holds this action to be in breach of the Charter.

Well, you say, I have nothing to hide so what does it matter? Sometimes an individual's right has to give way to the interests of society as a whole.

Perhaps that is where we are losing our way. It's time to consider the damage that the unfettered exercise of power can inflict on our society. By concentrating on privacy as an individual right, we then are forced to play the game of this right trumps that one,rather like the kids' game of Rock, Paper, Scissors. My right as a taxpayer not to be ripped off trumps your right not to be under surveillance.

It may be time to consider the view espoused by Priscilla Regan in her book Legislating Privacy. Regan argues, and I think effectively, that viewing privacy as an individual right does not serve a strong basis on which to develop public policy. Rather, we should consider privacy's social importance; its inherent place as a bedrock value in a democratic society. We need to understand how it influences our relationships with one another, with social, political and economic organizations, and what powers we are prepared to grant these organizations.

Protecting our privacy is not simply a matter of debating the value of an individual's self-interest versus a competing interest. Privacy also serves what Regan describes as a common, public and collective interest. The value strengthens our society by reinforcing our sense of connection through mutual respect.

Whatever we do to protect privacy in a digital age,and there is much to be done,we must recognize the import of the value and the consequences if we are lazy enough to consider it an administrative nuisance that gets in the way of efficiency and the bottom line. This is the path to the Surveillance Society. I urge you not to take it.

Thank you.