Michael Sona was sentenced yesterday to nine months in jail plus a year’s probation, having been found guilty in August of using robocalls to try to keep 6,000 voters in Guelph, Ontario from casting ballots in the 2011 federal election. This case is not the first time that use of the Conservative Party’s Constituency Information Management System database has been pointed to as central to the robocall scandal, highlighting the near complete lack of regulation of how political parties handle our personal information. And they handle a lot of it.
Federal political parties’ databases and all the personal information they contain are still not subject to any law (except for some information related to the voters register). This means that there are precious few rules or accountability over how political parties collect, use, and disseminate our personal information. In a paper written for the federal Privacy Commissioner’s office, University of Victoria Professor Colin Bennett explained why we should be concerned:
“…the current reality is that the parties are managing vast databases within which a variety of sensitive personal information from disparate sources is processed. For the most part, individuals have no legal rights to learn what information is contained therein, to access and correct those data, to remove themselves from the systems, or to restrict the collection, use and disclosure of their personal data. For the most part, parties have no legal obligations to keep that information secure, to only retain it for as long as necessary, and to control who has access to it.”
We’ve been arguing for a long time that the best way to create this oversight is by placing political parties under private sector privacy law, as we explained in our 2012 submission to the Commons ATI, Ethics and Privacy committee when it was examining Big Data.
The time to address this issue is now. Bill S-4, which amends the federal private sector privacy law (PIPEDA), passed the Senate in June, but it has yet to pass the House. Its constitutionality is questionable, following the Supreme Court’s decision that warrants are required for release of subscriber information under PIPEDA, so amendments will be necessary to address these problems. And this would also be an excellent opportunity to amend PIPEDA to bring political parties and their ever-increasing stores of personal information under the law.
We need look no further than British Columbia to see a successful example of this approach; our political parties fall under the private sector privacy law, the Personal Information and Privacy Act (PIPA). Our Commissioner has the power to receive complaints, conduct hearings and investigations and ultimately issue orders. She has already exercised these powers, and the political world has not yet collapsed; there is no reason to think the federal system would collapse if political parties were put under the federal private sector privacy laws. The House of Commons should amend bill S-4 to cover the federal political parties, and bring much needed accountability to the way they use our personal information.