|Protecting Canadians’ privacy should be a priority for this government|
|Written by Carol Hughes, MP|
|Monday, 01 July 2013 04:07|
We live in an era where privacy is an important concern for people. Ask anyone who has their bank card compromised and you will find out how easy it is to have important information fall into the wrong hands. With that in mind it seems only natural that the government should lead by example and set the bar by which other efforts can be compared against. Sadly that bar has not been set that high.
When the government lost a hard drive containing the personal information for Canadians with student loans last winter, we saw how easily breaches can happen. The recent report from Canada’s Privacy Commissioner (Jennifer Stoddart) showed the problem is not limited to that event and indicated the government could be doing more to protect the sensitive information of Canadians.
It is the government’s duty to protect the privacy of Canadians. Despite that, in the last seven years the personal information of over one million Canadians has been compromised. There have been over 3,000 privacy breaches and most incidents were never reported to the Privacy Commissioner or properly tracked. That is too many red flags and exposes a worrisome pattern in how federal departments handle personal information.
In February, New Democrats urged the Conservative-dominated Privacy Committee to study mandatory government data breach reporting, but the idea was quashed. This government clearly hasn’t taken privacy issues seriously enough and Canadians are being put at greater risk of identity theft and other online fraud as a result.
As I mentioned, the problem came to the forefront last year when it was revealed that Human Resources and Skills Development Canada put the personal information of over 600,000 Canadians at risk. In addition to that, a Public Works and Government Services Canada breach has compromised the privacy of another 350,000 people and there are many unreported and less sensational breaches too.
In her report to Parliament, Jennifer Stoddart singled out several departments with a weak approach to data breaches including Fisheries and Oceans and Public Safety who the Commissioner says may lack adequate reporting mechanisms for alerting her office about data loss. Apart from reporting these events, she is recommending better reporting, security and tracking protocols.
Uniformity of approach is an obvious problem as departments do not have a uniform method for reporting breaches. While some departments report these to the Privacy Commissioner on a consistent basis, others almost never do. That was the case for all 28 breaches that occurred at Public Safety since 2009.
This may be one of those issues that is easy to dismiss as unimportant until it affects you. Yet, it is also something that can be easily tackled by a government that believes it is important. The Privacy Commissioner’s recommendations offer a basic outline of what is needed. Departments that are actually doing a good job of protecting data and reporting any breaches prove the goal is not impossible and likely have some best practices to share as well. It is just a matter of the government instructing them to do it.