The risks to privacy presented by the growth of networked databases is a growing concern for public and private sector agencies, and a key challenge for the Office of the Information and Privacy Commissioner. This message was delivered in the office's annual report, issued by Acting Information and Privacy Commissioner Paul Fraser, Q.C. today. "The erosion of privacy protection is nothing new, but the nature and magnitude of the risks to privacy provide increasing cause for alarm."
New technologies are enabling, and driving the creation of more and more personal information data bases. "These systems collect and match disparate pieces of information about us and create a digital persona that not only may we be unaware of, but which may not represent an accurate picture of who we are," the Acting Commissioner stated. "Yet this information will be used in decisions that affect us. I cannot understate the urgency of building these systems in a transparent, restrained and accountable way."
Commissioner Fraser highlighted the findings of a three-year investigation into the adequacy of privacy protections in a large electronic health records system. That investigation found major deficiencies in privacy protections, including too many users having access to too much personal information, unauthorized sharing of personal health information outside of the health authority and substandard security protection.
Commissioner Fraser confirmed that a second compliance report card on the timeliness of government's response to access to information requests will be issued in the summer of 2010. The first report for calendar year 2008 found an unacceptable pattern of government-wide failure to respond to access requests in a timely fashion. In response to the first report, government undertook a significant re-organization of information access operations into one centralized unit in government. The upcoming second compliance report card will evaluate how effective the centralization has been in addressing the significant delays found in the first report.
The Commissioner noted that the report of the Special Committee to Review the Freedom of Information and Protection of Privacy Act had been tabled in the legislature on May 31, 2010 and encouraged government to act quickly on the committee's recommendations with respect to the appointment of a government Chief Privacy Officer, routine proactive disclosure of government documents and a public consultation process on data sharing.
A copy of the acting commissioner's annual report can be found at:www.oipc.bc.ca/publications/annual_reports/OIPC_AR_2009_10.pdf