OTTAWA – Canadians believe their personal information is less well protected than it was a decade ago – and they are right to be worried, said Privacy Commissioner of Canada, Jennifer Stoddart, today
Commissioner Stoddart’s 2006-2007 Annual Report on the Privacy Act was tabled today in Parliament and at the same time, the Privacy Commissioner’s Office released new research confirming that Canadians are unsure of how their personal information (such as what is known by their government, or their cable and telecom providers, banks and other institutions) is protected, and by whom.
Increasingly, Canadians’ personal information is being exchanged with law enforcement and security agencies in other countries. The government has claimed that this transborder flow of information will improve transportation safety and enhance our national security.
"We are particularly concerned about the number of travel-related security programs that have been put in place," says Commissioner Stoddart. "Parliament may not be sufficiently informed about how these programs work and their individual and collective impact on the privacy rights of Canadians."
These concerns could be addressed, in part, by a review and modernization of the Privacy Act. As the Annual Report notes, "Parliament passed Canada’s public sector privacy law back in 1982 – the same year the Commodore 64 computer hit the market. At the time, both were considered pioneering,” added Stoddart.
The Privacy Act, unfortunately, is not equipped to deal with the pressures imposed by tremendous technological change. In fact, Canada’s private sector privacy law, the Personal Information Protection and Electronic Documents Act, provides more protection for Canadians.
As the results of an audit of the government’s Privacy Impact Assessment (PIA) Policy confirm, government departments are not doing enough to protect Canadians’ personal information as they plan new programs or redesign existing programs.
"While we did not identify cases of pervasive non-compliance, many institutions are not fully meeting their commitments under the policy and, by extension, the intent or spirit of the Privacy Act," says Commissioner
Stoddart.
Canadians not only want to be reassured that their personal information is being protected; they also want to be informed when it is disclosed inappropriately.
Research conducted for the OPC shows that a majority of Canadians (seven in ten) expect to be informed if a security breach leads to the disclosure of information – whether that information is sensitive or not.
Other things the poll revealed were:
* A bare majority of Canadians agree that they have enough information to know how new technologies might affect their personal privacy.
* About seven in ten Canadians believe that they are doing a relatively good job of protecting their own personal information.
* Despite this, almost half of Canadians (46 per cent) carry a Social Insurance Number (SIN) card in their wallet, although this number is a key piece of information used by identity thieves.
* Seven in ten Canadians feel they have less protection of their personal information than they did ten years ago.
* Canadians continue to agree (60%) that health information is one of the most important types of personal information that needs protection through privacy laws.
* Only a small proportion of Canadians believe the government (17%) and businesses (13%) take protecting personal information very seriously.
* 77% of Canadians believe that government agencies and affected individuals should be notified if sensitive personal information is compromised as a result of a breach. 66% believe government agencies and affected individuals should be notified if non-sensitive information is compromised.
* Four in five Canadians place great importance on having strong privacy laws. Despite this, more than half report they are not aware of any privacy laws currently in place.
* Nevertheless, 69% believe that they are doing a very good or good job at protecting their own personal information.
* Half of Canadians (48%) are unaware that warranty cards are not necessary to ensure a legal warranty. A significant proportion of Canadians (40%) are not aware that companies use warranty cards to collect personal information for marketing purposes.
* 72% of Canadians believe unsolicited junk email (spam) is a significant problem.
The EKOS poll involved a 15-minute telephone survey with a random sample of 2,001 Canadians from March 13th to March 26th 2007. The poll is considered accurate to within plus or minus 2.2 percentage points, 19 times out of 20.