Community organizations sound the alarm on BC government’s $180 million program to collect and share personal information

Charities, non-profit groups and privacy advocates have joined forces to issue a critical report on the $180 million Integrated Case Management (ICM) project the BC government announced in February’s Throne Speech.

The planned ICM system will collect comprehensive personal data from hundreds of independent community service organizations which are contracted to provide government services, in order to create a database of unprecedented scope and detail about citizen’s lives, including their participation in health care, education, family services and other government services. The information will be shared across government.

The report, entitled “Culture of Care…or Culture of Surveillance?” took two years to complete and includes written and onsite surveys of service organizations. It highlights serious concerns about the ICM system related to privacy rights and the potential effect of the program on social services and the independent community service organizations themselves. It makes a number of recommendations to the government, community
organizations and their clients.

“If this project goes forward as planned, it will turn service groups into surveillance organs for the government,” said FIPA Executive Director Darrell Evans. “This system is designed to share personal information across government, not to protect personal privacy. It has the potential to make these organizations into agents of the state.”

“We are concerned not only about what the ICM project will do to our clients, but also what it will do to community organizations,” said Tim Beachy, Chief Executive Officer of the United Community Service Co-op. “Not only will privacy rights take a hit; Client relationships will also suffer and the caring culture of our groups will be negatively affected.”

The report raises serious questions about the workability of the ICM project, given the different types of information being  collected, the wide variety of information management systems in community service organizations, the lack of resources to comply, and even the legality of such a massive data collection by government in the absence of client consent.

“We think it’s important for all British Columbians to get these questions answered before we spend hundreds of millions of dollars,” said Tim Agg, Executive Director of PLEA Community Services. “Our clients are best served by a system that protects their right to privacy.”

Visit the “Culture of Care…or Culture of Surveillance?” website.

Contacts:

Tim Agg, Chief Executive Officer,
PLEA Community Services Society of BC: 604-871-0450
Tim Beachy, Executive Director,
United Community Services Co-op: 604-718-8292
Darrell Evans, Executive Director, FIPA: 604-739-9788

BC Privacy Commissioner finds Vancouver Health Authority’s e-health system has ‘major deficiencies’ in privacy protection

Acting Information and Privacy Commissioner Paul Fraser has released the findings of an extensive investigation into the adequacy of privacy protection in Vancouver Coastal Health Authority’s community-based electronic health record system known as the Primary Access Regional Information System (PARIS). The Commissioner’s investigation found that privacy was a missing ingredient in the early development stages of the PARIS system.

“In the course of our three-year investigation we discovered major deficiencies in the implementation of PARIS from a privacy perspective. However, the Vancouver Coastal Health Authority has made significant strides in addressing the identified deficiencies,” stated the Commissioner.

PARIS is an integrated electronic health record, used and accessed by a host of health-care providers working in community programs, including home and community care, mental health, addictions, public health and communicable diseases.

Significant findings include:

  • Too many users have access to too much personal information.
  • Several data flows of personal information outside of the health authority are not authorized.
  •  Records are stored indefinitely

PARIS was the subject of a recent audit by the Office of the Auditor General that was initiated at the request of the Information and Privacy Commissioner. The Auditor General’s report evaluated the adequacy of security in the PARIS and found serious weaknesses in the security of PARIS. The Commissioner’s investigation confirmed these findings.

The Commissioner added, “The lessons we have learned from the PARIS investigation carry over into all other electronic health databases. Health authorities must learn from the mistakes identified in this investigation by ensuring that privacy is not added on at the end, but baked into the entire functional design.”

The Commissioner’s report includes 20 recommendations. Read the 60-page report on the website of the Office of the Information and Privacy Commissioner for British Columbia.

 

FIPA denounces waste of $180 million on program to collect and swap ‘unprecedented amount of personal information’ on citizens

In a letter sent to Premier Gordon Campbell today, FIPA Executive Director Darrell Evans criticized the announcement in the Speech From the Throne that $180 million will be spent to create an “Integrated Case Management system”(ICM).

“The ICM system will have a severe negative effect on both the privacy rights of British Columbians and the public purse,” Evans wrote. “It will involve massive and unprecedented collection, use and disclosure of personal information by the provincial government.”

In light of reports blasting the provincial government for inadequate policies, care and competence in protecting the privacy of citizens, this kind of project should be put on hold, at least until adequate study and consultation has taken place, as recommended by the Information and Privacy Commissioner in last year’s annual report.

FIPA letter to Premier Campbell

Government news release, New Case Management System to Improve Service and Security

Editorial, Times Colonist: Giant Database a Threat to Privacy

FIPA article: Integrated Case Management System puts Client Privacy and Organizational Relationships at Risk

Information and Privacy Commissioner Annual Report 2008-2009

Alarm raised over BC government plan to outsource its computer nerve-centre to US-owned company

The B.C. government is getting ready to contract out its computer nerve-centre to a U.S. company, says B.C.’s biggest public-sector union.

EDS Advanced Solutions, a B.C. subsidiary of Hewlett-Packard-EDS, is negotiating with the province to operate the mainframe computer servers at the government’s Victoria facility.

The plan concerns FIPA because the USA Patriot Act enables U.S. authorities to access virtually all the information held by US-owned companies.

Potentially, all BC government information — including documents, e-mails, citizens’ names and records, and cabinet documents — could be the subject of a secret requisition order under the USA Patriot Act.

FIPA is investigating the issue further and will report shortly.

Article, The Province

BCGEU news release