USMCA Puts Privacy at Risk

MEDIA RELEASE

October 17, 2018

USMCA Puts Privacy at Risk

VANCOUVER, October 17, 2018 – The pending free trade agreement between Canada, Mexico, and the United States (USMCA) conflicts with existing provincial legislation around data localization and puts the privacy of British Columbians at risk.

The Freedom of Information and Privacy Association of British Columbia continues to support the data localization provision within BC’s Freedom of Information and Protection of Privacy Act (FIPPA).

The data localization provision, section 30.1 of the act, protects the privacy of British Columbians by mandating that the personal information collected by public bodies must be stored and accessed only in Canada, with some limited exceptions.

“Controlling where personal information flows, and who has access to it, is an essential tool in the ongoing and evolving process of protecting the privacy of British Columbians,” said FIPA executive director, Sara Neuert.

While data localization has been and continues to be an important step in maintaining and enhancing personal information protections that are in accordance with our Canadian values, Article 19.12 of the USMCA prohibits computing facilities from being located in a specific place.

The domestic data storage provision within FIPPA is a matter of political consensus within in British Columbia. We are calling on the provincial government to reaffirm its commitment to section 30.1 of FIPPA in light of the recent USMCA trade agreement.

Contact:

Sara Neuert, Executive Director
BC Freedom of Information and Privacy Association
Email: Sara (at) fipa.bc.ca
Phone: 604-739-9788
Cell: 604-318-0031

NEWS RELEASE: Recommendations for Canada’s Digital Transformation

MEDIA RELEASE

October 4, 2018

Recommendations for Canada’s Digital Transformation

VANCOUVER, October 4, 2018 – The B.C. Freedom of Information and Privacy Association submitted a paper to the department of Innovation, Science, and Economic Development for their consultation on digital transformation.

The national digital and data consultation, including the roundtable discussions that took place across Canada from June to September of this year, were an important step to ensuring that government is taking all the varied and diverse stakeholders involved this process into account.

“We’re encouraged by government’s willingness to receive outside feedback and optimistic that Canada’s digital transformation will instigate much needed improvements to our privacy and data protections,” said FIPA executive director, Sara Neuert.

Our submission compared Canada’s existing privacy and data protection framework to international regulations like the European Union’s General Data Protection Regulation. Based on this analysis, we created a list of recommendations, which include:

  • Increased funding for education and awareness around risks related to digital transformation and privacy breaches
  • The creation of a proactive reporting culture around privacy in government
  • An accessible complaints process for individuals who are reporting privacy breaches
  • Increased funding and investigative and enforcement power for the Privacy Commissioner of Canada and the Office of Privacy
  • More research on the impact of privacy issues on marginalized groups in a digital transformation
  • Further study on the impact of public utilities being transferred to a digital platform
  • The creation of a new data protection and privacy framework that complies with digital transformation and sufficient time for interested groups to provide feedback prior to implementation.

The Innovation, Science, and Economic Development department will be issuing a report based on these consultations in the near future.

Contact:
Sara Neuert, Executive Director
BC Freedom of Information and Privacy Association
Email: Sara (at) fipa.bc.ca
Phone: 604-739-9788
Cell: 604-318-0031

-30-

BC Government has big surplus, but no plans to compensate victims of PharmaNet breach

MEDIA RELEASE

BC Government has big surplus, but no plans to compensate victims of PharmaNet breach

FIPA urges the Ministry of Health to pick up ID theft mitigation costs

Vancouver, February 20, 2017 – After the recent PharmaNet privacy breach, which victimized 7,500 British Columbians, it is astounding that the Ministry of Health has not come forward to offer compensation to those affected, especially since the BC government is sitting on a surplus in the billions of dollars.

The BC Freedom of Information and Privacy Association (FIPA) has sent a letter to Health Minister Terry Lake strongly urging his ministry to cover the costs these victims will have to incur resulting from the failure to adequately protect senstive personal information.

After the breach was discovered, the Ministry sent a letter to the victims advising that “the information gathered could possibly be used as a starting point for identity theft” and encouraging them to engage “the services of a credit monitoring company” as “the information gathered could possibly be used as a starting point for identity theft.” Such services cost money and are far from free.

In their last PharmaNet breach in 2014, the Ministry’s notice to those affected included an offer to pick up  the costs of the recommended ID theft mitigation measures. But for whatever the reason, they have failed to do so this time. This is inexcusable given that the Premier has recently stated that the government has a surplus in the billions that will be returned to taxpayers.

FIPA hopes the Minister will see fit to do what is right for the 7500 innocent victims in this case.

-30-

Contact:

Vincent Gogolek, Executive Director
BC Freedom of Information and Privacy Association
vincent@fipa.bc.ca | (o) 604-739-9788 | (c) 604-318-0031

The question of online reputation

In 2015, the Office of the Privacy Commissioner of Canada chose “Reputation and Privacy” as one of its priority areas for the next five years. The OPC wanted to examine the risks “stemming from the vast amount of personal information posted online”, with the goals of enriching the public debate, ensuring they can advise Parliament effectively, and developing their own policy position on the issue. To that end, they put out a discussion paper and a call for input on online reputation and privacy.

FIPA agrees that online reputation is a hugely important subject—it affects our employability; our relationships with friends, family, and acquaintances; our connection to our younger selves; our ability to create online communities or participate in existing ones, and come together to advocate for ourselves; and our ability to learn about people in powerful positions and hold them to account—and we decided to weigh in.

We are, after all, an organization that often deals with the intersection of information freedom and the right to privacy.

So, building on the ideas and principles of set out in an earlier submission about privacy and open courts, and with an eye to our organizational values, our online reputation submission strives to paint a picture of what is needed—and what should be avoided—to allow Canadians to have control of information about them, to prevent and reduce information-based harm, and to ensure reputational privacy enhances—and does not impede—free association and democratic free expression. And we tried to keep it brief.

We started by looking at existing protections—laws, social norms, market solutions, and even online architecture—and proposed a few ways to fill in the gaps. We talked about public education that takes a rights-based approach to online reputation, higher standards for social networks’ privacy controls (including privacy protective default settings), and legislation that specifically targets problematic behaviour.

We also took a stab at what a “right to be forgotten” could look like in Canada, urging great caution and making a handful of broad recommendations.

You can see it all here, in the Policy Submissions and Letters section of the FIPA website.

Read more from the May 2016 Bulletin »