Modernize Canada’s privacy laws: UK information commissioner

Don’t pay data ransoms, former B.C. privacy commissioner says

Britain’s information commissioner Tuesday added her voice to those of Canadian privacy commissioners in calling for modernization of the country’s privacy laws to bring them into the 21st century.

“Canadian law has slipped behind,” Elizabeth Denham said, noting a main issue is how political parties use voter information.

article continues below

“People don’t have the right to find out what political parties are doing with their data.”

She said information and privacy commissioners need more power, echoing the words of both current B.C. commissioner Michael McEvoy and Privacy Commissioner Daniel Therrien.

Key there is the federal Personal Information Protection and Electronic Documents Act (PIPEDA), Denham said.

“PIPEDA needs to be reformed.”

As for organizations hit with data attacks, Denham had simple advice: “Tell it all. Tell it fast. Tell the truth.”

“Organizations get in trouble when they drag their feet and don’t actually describe what happened,” Denham said.

In her new role, Denham said she deals with “the most wicked problems I have ever imagined,” noting privacy and data protection is now at the intersection of democracy, trade and media freedoms.

She said people have lost their naiveté about how data is collected and used.

Part of that came as a result of the Cambridge Analytica scandal. That company is alleged to have harvested information from 50 million Facebook users to help President Donald Trump take the 2016 U.S. election.

Similar issues surrounded the UK Brexit vote.

“Cambridge Analytica and Facebook was a watershed moment,” Denham said in conversation with Business in Vancouver reporter Hayley Woodin. “People woke up.”

Further, Denham said, the situations allowed her to go to the UK Parliament and request new powers, the ability to do data inspections and the ability to seize data held in the cloud.

Denham said her office “couldn’t protect digital privacy without new powers to be a 21st century regulator.”

But, Denham added, private organizations also need to be on board to protect data privacy. She said privacy needs to be built into systems from the start and organizations must take responsibility for their digital platforms.

And, she said, much of that comes down to organizational ethics.

“It’s all about fairness for the individual and transparency. Data can help society or it can hinder society.”

Denham, also chair of the Global Privacy Assembly, said a polar contrast between North America and the UK is the attitude toward surveillance. She said Britons are more accepting of government surveillance – mainly as a deterrence to crime – while loathing private watchers.

“People in North America are more suspicious of government surveillance. Culture plays a big part in it,” Denham said, noting in the UK, “surveillance cameras are everywhere.”

From another standpoint, she explained, Europeans tend to be wary of surveillance, particularly in Germany, which has very strong privacy laws “due to experience with authoritarian governments.”

Denham called the UK a bridge between European and North American attitudes. How things might change with the UK leaving the European Union remains to be seen, she added.

Facial recognition technology is part of the surveillance paradigm, one Denham said is fraught with problems with the rise of artificial intelligence. While she said many people feel safer with facial recognition being able to catch wrongdoers, they are not concerned with whether or not the data collection is affective or lawful.

“I find that chilling,” she said.

Denham strenuously opposed the paying of ransom for data taken in breaches or in cases where ransomware locks down computer systems.

“I would say paying ransom is a really bad idea,” Denham said.

If organizations don’t pay, she said, “the market will dry up and the bad guys will go away.”

The data of 15 million Canadians was hit in a December cyber attack on LifeLabs with patients’ names, addresses, emails, logins, passwords, health cards and lab tests affected.

Attacks are not limited to large organizations or governments, however.

More recently, B.C.’s Lookout Housing + Health Society was hit with a cyberattack. Lookout officials will not discuss details of the attack except to say the data was encrypted.

“It is worth noting that all guests and client information is protected through encrypted software and that guest privacy was not affected by the ransomware breach,” society director of development Wes Everaars said in a Jan. 30 letter to Glacier Media editors.

“Given the nature of the situation we will be providing update as they come available including to the press.”

PWC Vancouver privacy and security section lead Kartik Kannan said data is becoming increasingly important in the burgeoning digital economy.

“There’s a lot of data being collected and shared that’s of great value to the economy, but it does present some risks,” he said.

jhainsworth@glaciermedia.ca

@Jhainswo

© Virden Empire-Advance

Read more from the Glacier Media