What keeps Canada’s Privacy Commissioner so busy

TORONTO – Canada’s federal Privacy Commissioner wants to see compulsory breach notification, an anti-spam law and a modernization of the act governing the public sector, even though she admits technology is moving far faster than legislation can keep up.
In a wide-ranging talk at the SC World Congress Canada 2010 on Tuesday, Jennifer Stoddart said her office has captured the attention of the world’s biggest technology companies and social networking services, in some cases leading them to change the way they operate to better protect the private data of Canadian and international users. Her challenges, however, are becoming ever more complex as cloud computing and other new technology business models change the way information transactions happen between businesses and their customers.

“Who can keep track of who’s collecting the information, who has access to it and where it’s stored?” she wondered aloud at the two-day event, which is sponsored by IT World Canada. She later added in response to audience questions that while her team deals with specific complaints, it isn’t supporting laws that offer direct guidelines on IT security and privacy standards. The Personal Information Protection and Electronic Documents Act (PIPEDA), for example, which went into effect nine years ago, is supposed to be “technology neutral,” Stoddart said. “It just says you have to keep the data secure.”

Stoddart said Bill C-29, which would require organizations to proactively report when an incident that exposes private citizen’s personal information takes place, is already at the Senate level, while Bill C-28, a proposed law to curb unsolicited commercial e-mail, which include new powers for the Privacy Commissioner’s office to choose which cases it investigates. More pressing, perhaps, is Canada’s Privacy Act, to which all public sector organizations are subject. This law needs to be modernized, Stoddart said, particularly following audits that showed poor security around BlackBerry usage and the disposal of government documents.

“This is an act that was first introduced in 1982 – the same year the Commodore 64 was released and ET was starting to call home,” she observed. Even PIPEDA’s authors, she said, could never have predicted what it would cover today. “Nobody at that time had ever heard of a social network, even (Facebook founder) Mark Zuckerberg.”

Stoddart’s office most recently gained attention for its investigation into Google’s Wi-Fi service. She said hers was the only regulator to have people fly directly to the search engine giant’s offices in Mountain View, California, to review data on site. Although Google has not yet responded to the Privacy Commissioner’s recommendations, she noted the company has recently appointed a chief privacy officer and other measures to deal with the potential threat to its users’ information.

“We have proven we can act quickly, decisively and with a great deal of expert depth,” she said, calling on all vendors to make sure privacy is built in from the beginning, and not once a breach has occurred. “We expect enterprises to think of privacy not as an add-on in a drop-down menu but as a default setting.”

Meanwhile, although Stoddart’s office officially ended its Facebook probe in September, Stoddart admitted that a new investigation is underway around the “invitations” feature on the social networking service, as well as the popular “like” button.

The Privacy Commissioner’s office has also tasked two Canadian legal academics to review its largely ombudsman’s role, and to explore whether it would make sense to give Stoddart and her team greater order-making powers to deal with increased privacy risks that the country’s citizens face.

SC World Congress Canada 2010 continues on Wednesday.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Shane Schick
Shane Schickhttp://shaneschick.com
Your guide to the ongoing story of how technology is changing the world

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now