A new binational privacy charter will allow the U.S. to share information about Canadians, collected at the border, with other countries. “The U.S. won’t have to explicitly tell Canada about its plan to pass along the personal information in most cases.” “But the U.S. can only do so in accordance with U.S. law and relevant international agreements and arrangements.”

“In the absence of such “international agreements and arrangements,” the U.S. must inform Canada prior to the transfer, or as soon as possible after the transfer in the case of urgent circumstances.”

Emily Gilbert, director of the Canadian studies program at the University of Toronto, raised questions:
1. “When somebody is a person of interest in the United States, but is a Canadian, what does that mean?” “And then what does it mean if that information is then being sent to the European Union or somewhere else?”
2. it is unclear how the distinct constitutional and legal frameworks of the two countries are going to be maintained in the context of cross-border information sharing.
3. where will data collected under the border processes be physically stored and who will have access to it.                               4. regarding the principles of “effective remedies before a fair and objective authority” when a person’s privacy has been breached”,” who would fulfil the role of authority and whether the body’s rulings could be appealed.”

Some points to consider:

1. Note that the U.S. Is only required to inform Canada when sharing Canadian information, not get permission.

2. Also, as usual, so many questions and no answers; questions that should have been resolved before signing an agreement.

3. Do they only collect the information when you physically go to the border and what information is collected?

4. What do they do with all the other information they have access to on Canadian citizens who never enter the U.S.?

5. What are the U.S. laws (today, bearing in mind they can change tomorrow), what are the international agreements and arrangements? It’s very convenient to throw around the words “laws, agreements, arrangements” but what are they? What information can be collected, under what circumstances, who has access, etc. We are told none of this.

5. Canadians have never been consulted as to whether they agree with this sharing of personal information.

6. To again quote Stanley Stylianos (see prior post), “Once that information gets into the American system, you can’t control it,” And this would be made worse when it is shared around the world. The U.S. shares it with, for example, Iraq, Iraq shares it with (fill in country), who shares it with (fill in country), who shares it with (whoever). At what point does it enter the hands of the marketing companies, the U.S. military (who had already started an illegal DNA database on its own citizens – see prior post).

7. We have already seen that the hospitals can’t/won’t protect the information in its database. So it is highly unlikely that the information will stay confidential once it starts entering even more databases.

From the Globe & Mail’s comment section:

1. andhalamadola.

How does this privacy charter take precedence over our own Citizens Charter?

2. SlipperySlope: The Harper government, selling our privacy, to the highest bidder.

3. Scared Monkey: Oxymoron of the day, “Share/ private confidential” information. Wow!

4. Richard Roskell: It is SUCH an honour to have personal information about Canadians shared with and administered by the USA, for use as they see fit. All the sucking up that our governments do with America is really starting to pay off!

5. Chris in Ottawa: Harper should be tried for treason at some point. The only jurisdiction that should be allowed to share information on Canadians derived from Canadian sources should be Canada and that should only be done under the umbrella of international agreements that protect privacy. I have no confidence at all that the Americans will not abuse this!


6. Mr.Helpful

Why is it called a privacy charter when it is the opposite of privacy.

Responses: OldBear: Read 1984, it’s called Doublespeak. Wren10: “marketing”, “re-branding”, “spin”.

Now, even more Canadians are planning to never enter the U.S. again. But is that enough?


Calgary Herald – by the Canadian Press – U.S. Will be allowed to share Canadian border into under new privacy charter – 6/28/12

Global News – U.S. Will be allowed to share Canadian border info under new privacy charter – Jim Bronskill – The Canadian Press – 6/28/12

International Trade E Newsletter Content – Toronto Star – 6/29/12

CBC News – U.S. Can share Canadian border info under privacy deal – The Canadian Press – 6/28/12

The Globe & Mail – U.S. Will be allowed to share Canadian border info under new privacy charter – Jim Bronskill – 6/29/12





CBC News, September 9, 2011, By Sarah Bridge – Canadians with mental illnesses denied U.S. Entry – Data entered into national police database accessible to American authorities: WikiLeaks

Police had been called to a woman’s home because she attempted suicide with a pill overdose (she had been battling chronic pain, anxiety, & depression for years). This was 4 years prior to 2011. There were no charges as it was not a criminal matter but a medical emergency. Suicide (actual or attempted) is not illegal in Canada or the U.S. But when she went to the U.S border in 2011 she was denied access because the U.S. had the “dated” police information (it did not report her mental health recovery). More than a dozen others have reported similar stories about being refused entry to the U.S. because their records of mental illness was shared with the U.S. Department of Homeland Security.

“So far, the RCMP hasn’t provided the office (The Toronto Psychatric Advocate Office) with clear answers about how or why police records of non-violent mental health incidents are passed across the border.”
“According to diplomatic cables released earlier this year by WikiLeaks, any information entered into the national Canadian Police Information Centre (CPIC) database is accessible to American authorities.”

Stanley Stylianos, program manager for the Psychiatric Patient Advocate Office says his organization is trying to get this information not included in CPIC. “Once that information gets into the American system, you can’t control it,” he says.

You may or may not agree whether the information should be included in CPRIC. I personally don’t see any reason why it should be. But that is another issue to be debated.

My questions are:

  1. Why do people have to go to a foreign country to find out that this information is being shared, or find out from Wiki-leaks or from brave people, like the lady in this article, who must share very personal information to raise awareness. People make plans and travel to a foreign border, usually with friends and/or family, only to find out they can’t cross a border. Their travel plans are ruined and how do they explain to family/friends what is extremely personal information, and perhaps no longer even relevant. What happens when you fly to a country, for example, France? After you have flown across the Atlantic, do they force you to get on another flight home, after all your flight/hotel, etc. expenses have been paid? Or is this an issue strictly with the U.S.? The point is that OUR GOVERNMENT should be telling its citizens that this information is being shared and what to do about it.
  2. “Brad Benson from the U.S. Department of Homeland Security says medical records aren’t shared between countries.” Yet, while I have been in front of St. Paul’s, several people, with AIDS, have told me about being refused entry to the U.S. And one person said no one but his doctor knew about his condition. So, if people with certain medical conditions are not allowed in the U.S., how does the U.S. know who they are? (Note: the restriction on people with AIDS entering the U.S. has been recently reversed but this does not change the question).
  3. Who else has access to CPIC?

The lady did get entry to the U.S. but first “she had to submit her medical records to the U.S. And get clearance from a Homeland Security-approved doctor in Toronto, who charged her $250 for the service.”

And the U.S. has been continually complaining that they don’t get enough of our personal information.

PRIME-BC and CPIC are different databases but are they linked?;

Does the U.S. and others have access to PRIME-BC as it does CPIC?



A little over a year ago the BC Civil Liberties Association raised the issue of the police database (called PRIME-BC) collecting information on law-abiding citizens (1).  They state “that as many as 85% of British Columbia’s adult population have “master name records” in the PRIME-BC police database”. The Solicitor General was asked to investigate.  According to the BCCLA, they have received no additional information.  The Solicitor General’s office has not responded to my email.

The Privacy Commissioners office is “examining the issue of employment-related criminal records checks” and the report is, apparently, due out this month. This is a very narrow focus and does not answer the broader questions.

My questions are:

  1. Why are the police collecting information on law-abiding citizens and under what circumstances is it being collected?
  2. How is this information being used?
  3. With whom is it being shared?
  4. How long is it kept?

Apparently, no government office thinks we have the right to answers.

It was pointed out to me that the records of a criminal are legally required to be deleted after a certain period of time. A law-abiding citizen, apparently, has no such right and, it appears, records may be kept indefinitely.

Apparently the database includes “negative police contact” which, I understand, includes being a witness to a crime, or “residents of a building in which crime was occurring in a different unit, and if you refuse to answer their questions you are listed as “uncooperative”. Personally, I would rather be listed as “uncooperative” than provide personal information (it does depend on the situation). At least I know that all they have to enter in the database and share is “uncooperative”. When I have answers to the questions above I will reconsider my willingness to “cooperate”. Until then, as far as I am concerned, they don’t deserve my cooperation.

The next two blogs will show how this may become an issue with medical information.


(1) BCCLA – www.bccla.org – More than eight out of every 10 BC adults in police database, March 22, 2011 (topic: police accountability) –

FIPA – www.fipa.org – Information and Privacy Commissioner announces investigation of

BC’s PRIME police database – March 29, 2011

Vancouver Sun – Are you in the police bad book? March 29, 2011


(bold and italics are mine)

An organization called Kids First Canada has been raising awareness of the violation of children and parent privacy rights. Information is collected and linked, from preconception to adulthood, on your children and family (in fact, it appears that the information will be collected from preconception to death). Twenty-four pages of information, on each child entering school, has been collected by the Ministry of Education using a personal education number (PEN). This information was linked to HELP (Human Early Learning Partnership). HELP is a government funded research consortium of universities. According to HELP’s, and associates, websites, it links the child’s information to their family data such as medical, birth, death, hospital, perinatal, mental health, census, pharmaceutical, school achievement, daycare, children in province’s care, stress, injury and Workers compensation board. This list is expected to increase; for example, HELP wants access to our personal income tax data, patterns of employment, time use, etc. Note that this is not information that is shared that can never be tracked back to you; it can be tracked back to you.
I understand that this is part of the Integrated Management System (see prior blog). This means that there will be thousands of access points to this information.

Until 2010 this information was collected and linked without parents consent. In 2010 this was changed from no consent to passive consent, in other words you have to sign a paper that says you don’t want you child’s information collected/shared? What if the paper gets lost, or you are busy and forget, or don’t read very well, or don’t understand what you read, etc. The schools say they will explain it to parents but I suspect they will not explain all the negatives to collecting/sharing your child’s information (as much a time as knowledge issue). If your child’s personal information ends up in the database all HELP has to say is that “they didn’t receive a signed paper”. It would be hard to prove them wrong. On the on the hand, if they must have a signed paper before collecting/sharing the information then they would have to have the paper on file to prove they received it.
Kids First Canada are asking that written parental consent be required and all information collected without parents permission be destroyed.

Some concerns:
– information is being collected without the consent of parents
– information used for purposes not identified
– “HELP has stated in media and elsewhere that names and addresses are not used. However, given that HELP obtains Personal Identification Numbers, medical numbers and postal codes, etc. names and addresses would not be needed to individually identify a person or a family.” (1)
– “Judging from the types of data being collected -i.e. perinatal records, hospital records, census, etc. – parents’ and mothers’ personal records are also linked.” (1)
– “with increased use of electronic testing in school, children’s personal beliefs, plans, opinions and experiences expressed in writing could potentially be linked.” (1)
– Will this pigeon-hole the kids, i.e. are they compliant, do they fit certain peoples expectations, are they “different”, etc.?
– Commercialization – HELP and its group has funding from organizations like the Canadian Institutes for Health Research whose mission is to “work with all partners in a concerted effort to move research from an academic setting to the marketplace”. Also from the CIHR website “CIHR is committed to facilitating the commercialization of health research in Canada in support of its overall mandate.”
– “The public has not consented to this collection of data or its use”.(1)
– Cost – we are paying a lot of money for these people to take our information and use it as they choose, sharing with those they choose, without our knowledge or consent
– The “rules” can change tomorrow without our knowledge, much less our consent.
– Security – The government has shown repeatedly that it cannot, and will not, protect the information in its care.

Just think when your children/grandchildren, nieces/nephews grow up, all their personal information will be available at the press of a button by probably just about anyone (banks, insurance companies, employers, future spouses/friends, universities, and so on). Did your children misbehave in school, did they get along with other kids, were they slow starters in school, did they have any medical issues, what is their family background, were there family problems, etc.

As Kids First Canada say “ Our children are not resources to be mined through schools at huge public expense while many parents struggle to pay for basics”. And neither are we adults.

It is not a question of whether all this information, linked to each person, will be “accessed” but how fast. We were told our medical information was confidential, to be shared only with those directly involved in our medical care, only to find out that it is shared with doctors, hospitals, clinics, pharmacies, their suppliers, researchers (and apparently lots of other people/organizations – who go to the “business office” and plug their computers into the database); and that information is now going to be linked to government ministries and I am sure the list will expand; all without our consent (and in most cases – our knowledge). The government just took the information. And once it’s “out there”, it’s “out there”. You don’t get it back. The people who have this information will know more about you, and your family, than you know about yourself and your family; and they will use it for their own gain.

Some other databases they could link with include the police database. Apparently they’ve been keeping information even on law-abiding citizens (2). And, of course, the Smart Meter. Just think of the information those graphs would provide – the time you get up, the time you go to bed, whether you work out of home, if you go out in the evening and which nights, if you go on holidays and when, have family/friends over for the holidays, and much more.

And, as has been shown, once the government has your information, they can change the rules (laws) at anytime, without consulting us – unless we make that illegal. If you want our personal information, get our written permission.

We have a right to privacy. We have a right to control our own personal information. The politicians, and their friends, are repeatedly violating that right.

Here is some additional information from HELP, Population Data BC’s and Edudata Canada’s websites:

HELP’S website states “HELP’s leading edge research has resulted in British Columbia being the first and only jurisdiction in the world to monitor the development of young children as they enter kindergarten at a population level.” – versus person-specific?????

“Researcher access to data will be approved by the Data Steward for a holding using a harmonized Research Agreement process through Population Data BC. Named programmers have access to Identifiers to perform linkages on intake only. Content Data are stored on a separate server, and are accessed by named programmers to perform Research Extracts as defined through a Research Agreement. In no cases are Content Data and Identifiers brought back together. This separation of information safeguards the privacy of personal information. “ (HELP)

If you have all the personal information of an individual, I doubt it would take much to “connect the dots”. A person lives in a particular postal code, has x number family members, is x age, etc. And, as Kids First say: “this is a false assurance of privacy as names are not needed when personal numbers are used.” Plus, there will be numerous “links” to all these other databases, and the more links, the greater the likelihood that this “separate server” with all your information,with your identifier number, will be accessed. How hard would it be to track, or intercept, a link? We also know that government people have accessed individual’s information in violation of the law when it suited their agenda (The Veteran’s affair for example) The Data Stewards are the government ministries and public agencies (but they don’t seem to list them all), nor are the agreements shown.

As noted above in one sentence they say that “separation of data safeguards …your privacy” then later admits that your data isn’t safe by saying “Risk of exposure is significantly lower than that of most Data Providers as we separate Identifiers from Content Data”. So, they do admit that there is a risk of exposure, they just don’t say how high a risk (and I’d want proof, not just words). By the way, HELP is looking for a part-time privacy officer whose duties will involve “addressing breach response management” – application deadline – April 19, 2011. Nothing like being prepared with the right excuse to explain why your very personal, confidential, information was shared with the world.

“HELP partner, Population Data BC, offers the research community access to one of the world’s largest collections of health care, health services and population health care data; “Population Data BC offers qualified researchers access to a rich source of linkable, person specific, but de-identified data on British Columbia’s four million residents, in many cases from 1985 forward. Current data holdings include health care and health service records, population and demographic data and occupational data. Population Data BC continues to expand its data holdings and is working to bring in datasets from education, early childhood development, work place, and the environment”. Who are these researchers? Are they people from supplier/pharmaceutical/other businesses (many foreign companies subject to the Patriot Act) and how is the information being used?
“The Canadian Education Data Network (Edudata Canada) is developing user-friendly educational research databases from British Columbia and elsewhere. The mission is to create an infrastructure that makes K-12 education data available to researchers, policy makers and other qualified individuals and organizations, subject to privacy and confidentiality guidelines”. Now they say that in addition to sharing with researchers, they will also share with government & “others”. Also, when they say education data it sounds like they are sharing school grades when, in fact, it includes much more.
How can we monitor Population Data BC’s use of the data to ensure it is being used as contractually agreed upon?
All usage of the data will be regulated by an Information Sharing Agreement with the data provider which will outline how the provider can monitor the use of the data on an individual basis. This will include regular reports and is outlined further in Population Data BC’s Audit Policy. Again this tells us absolutely nothing since we won’t know what is in the contract, how they are being monitored or if Population Data BC is upfront about any violations. And no mention of independent audits. In fact, their audit policy is not on their website. And, as we know from the Auditor General’s audit of the hospital database, the data provider wasn’t monitoring the use/disposal of the data they had shared, so why would we believe that hundreds or thousands of other data providers will monitor the data they share..
CYDTRU – Child and Youth Developmental Trajectories Research Unit – “an emerging research unit within HELP is developing a program of research that will track children’s development over time” “…utilizing linkable health, child development (school readiness), education, community resource and socio-demographic data. These databases will enable research projects that can trace individual developmental trajectories (anonymized) from conception to high school leaving, across various facets of the health, social and educational systems for all children in B.C.” “CYDTRU researchers are working in collaboration to identify and create additional data sets that will enhance the current stock of trajectories data… – …to develop and expand the number of population-based person-specific databases and to conduct research projects.” In other words, they are planning to collect even more information on us. As long as there are links back to the person it is not anonymous.
“The BCLHD (BC Linked Health Database) infrastructure brings together person-specific, population-based, longitudinal* data across a broad range of health and societal factors from the late 1980s onwards. The BCLD is one of only a small number of resources in the world where longitudinal research on an entire population can be conducted”. I guess other countries respect their peoples privacy, their peoples rights. Also note that they say entire population, not just children.
For more information you can contact www.kidsfirstcanada.org, www.earlylearning.ubc.ca, http://www.popdata.bc.ca/; www.edudata,edu.ubc.ca, www.soeh.ubc.ca

* a longitudinal study is a correlational research study that involves repeated observations of the same items over long periods of time – often decades. Longitudinal studies track the same people. – Wikipedia

(1) Kids First Canada
(2) Office of the Information & Privacy Commissioner for BC (OIPC), March 25, 2011, Commissioner Shares BC Civil Liberties Concerns Over Information


The government wants to share our information with social media groups like Facebook. Let me tell you a bit about the ethics of Facebook. Apparently they are “profiling” (I don’t know what else you would call it) people who don’t even have an account with them and who do not knowingly use their site.
I received some emails from Facebook wanting to know if I wanted to be someone’s “friend”. I am trying to figure out how Facebook gets my email address. The people I spoke with said they never gave it to Facebook; one said Facebook “just went in and took it” (whatever that means).
But on the last email, Facebook also listed other people that I know (interestingly, I never received a “do you want to be their friend on Facebook” email for some). I call that profiling, tracking people you communicate with. I am not registered with them and do not knowingly use their site but still they collect information on me. And obviously Facebook benefits from this information (and whoever they share it with) or they wouldn’t be collecting it.
In a letter (regarding another privacy complaint) on the Office of the Privacy Commissioner of Canada website (OPC to CIPPIC – under Commissioners Findings – PIPEDA 2009) it states “On the issue of retaining non-user’s email addresses, Facebook confirmed it does not use email addresses to track the success of its invitation feature. In fact, it states that it does not keep a specific list of such addresses for its own use.” It appears that Facebook lied to the Privacy Commissioner.
I filed a complaint with the federal Privacy Commissioner’s office in May of 2010. The Privacy Commissioner’s office is “negotiating” with Facebook. I have asked the Privacy Commissioner’s Office not to negotiate away any more of my rights.
Facebook has had a number of privacy issues, yet the government wants to share with Facebook our personal, confidential information. This would give Facebook even more information for their profiling and, quite possibly, the government will get more information on us, such as a list of the people with whom we communicate.


This is some additional information regarding ICM.

My blog of April 12, 2009 mentions a project called the Information Access Layer, which includes electronic health information and what is called the “Integrated Case Management Project (ICM)”.

The intent of this project is to collect all the client personal data collected by community service organizations that accept money from the government and link (share) the information to government ministries and their private sector contractors. And, it is believed, this information will eventually be shared nationally, and possibly, internationally. In other words, all information that you provide to the government, and any organization that takes a dime from the government, could be linked and shared.

According to a bulletin by the Ministry of Housing and Social Development, Deloitte Inc. has been contracted to develop the computer system. They claim that it will cost $181 million over six years but may start to be implemented by the end of 2010.

If you read “Culture of Care…or Culture of Surveillance?” at http://www.privacyresearch.ca, you will note the many concerns. These concerns include identity theft, people not accessing needed services because of privacy issues, legal risks and liabilities to the organizations, the lack of resources to implement the privacy and informational requirements (not to mention the diversion of those resources from aiding the people to providing information to the government), the constitutional right of the province to implement this system

The government has shown, repeatedly, that it neither has the desire nor is capable of protecting the information they collect. As has been proven, when the government says that the information will only be accessed by those who “need” the information, they lie, or, at the very least, have yet to prove that it is not a lie.

Once this information is shared, it is “out there”, it cannot be taken back. The information shared will follow the people for the rest of their lives. And, the government, once it has the information, can change the rules and do whatever it wants with the information (example is the e-health system – when you gave your personal information to a doctor or hospital, over the years, did you know that it would be shared).

Also, the government has yet to operate in an open, transparent, accountable manner. So, we will not know specifically who is accessing the information.


In comments to the privacy review (1), Paul Fraser, Acting Information and Privacy Commissioner, recommended to “Add to FIPPA a “duty to document” key prescribed government decisions”. “The OIPC has investigated hundreds of complaints concerning the fact that a requested record does not exist, as one was never created”. “…a “duty to document” be contained in access to information legislation, which would include a requirement for detailed documentation of key government actions and decisions, and an obligation to keep records up to date and readily retrievable, with penalties for non-compliance. A duty to document key government decisions is critical to good governance.”
The government and all the agencies and corporations of the government don’t like to document anything because that makes them accountable, which I assume, is one of the reasons the hospitals/clinics refuse to state specifically who has access to our information. So, I will provide some tips based on my own experiences:
1. We have a right to have the information provided by government in writing so I have been told by government staff. And, that you can report them if they refuse to put it in writing.
2. They (those who don’t want to put it in writing) will tell you that it is easier to discuss it on the phone (or in person behind closed doors) and they will put the conversation in writing later. I have found that what is later written (if something actually gets written) usually has little resemblance to what was said. So now I insist that it be put in writing, and it helps to prevent misunderstandings.
3. They insist that they just want to say one thing on the phone (or in person). I think of it as the “foot in the door” tactic. They don’t stop at one thing and, before you realize it, they have said everything. And nothing is in writing. If I get caught in this tactic now, I let them know that, since they lied and nothing was in writing, it didn’t happen, the conversation never took place. And, because it isn’t in writing, they can’t prove the conversation took place.
4. I had one person from the government who kept phoning me, despite the number of times that I said that I wanted to communicate only in writing. I should have reported him but instead, if I answered the phone I would repeat that I wanted everything in writing and hang up. If he left a message on my answering machine, then I would email him, restating what he had said on the phone and providing an answer. That way he either had to deny what was in my email or, by default, agree that it was what he had said. The end result was that it was in writing.
5. If someone refuses to put it in writing when asked (government or other), if they won’t be held accountable, then I know that what they have to say isn’t worth my time (the hospitals are an example). And, in fact, may put me at risk because there is a reason they don’t want it in writing. I also think it lacks in ethics and integrity.
There are obviously occasions when I don’t need it in writing. It’s a judgement call. But if I have to think about whether I need it in writing or not, I get it in writing.

(1) Office of the Information & Privacy Commissioner for BC, March 15, 2010, Submission of the A/Information and Privacy Commissioner to the Special Committee to Review the Freedom of Information and Protection of Privacy Act
(2) The Tyee, April 1, 2010, Andrew MacLeod, BC Lousy at Guarding Privacy


In an earlier blog (November 11, 2009) I wrote that the government had decided to review the Privacy Act for the 3rd time since its inception, and that the committee was composed entirely of politicians and that I didn’t have high hopes for a positive outcome.

Well, it is worse than even I expected. It appears that the real purpose for the review was to have the Privacy Act changed to allow the government to legally centralize control of all the personal information obtained from citizens who receive government services. This information would come from all sources contracted to provide government services, including independent community service organizations. The ICM (Integrated Case Management) system would be shared across provincial ministries (and god knows who else) since I’m sure they won’t tell us who has access. ALL WITHOUT OUR CONSENT.
And the government wants to store the database outside of Canada. I’m sure that would be in the United States, where the Patriot Act would give the US access to all our personal information. That, of course, assumes that they don’t already have it. To add insult to injury the “government” hired a foreign company to handle all our personal information. What’s wrong with Canadian companies, Canadian people. The government always talks about promoting Canadian companies, Canadian jobs, then hires foreign companies.
Currently the government is only allowed to store our information outside Canada for short periods of time. Why does our information have to go outside Canada at all? As you will see in future blogs, the government is prepared to spend huge sums of our money in collecting our information, why don’t they invest in protecting it – inside Canada. Then again, Nancy Napolitano of U.S. Homeland Security did say she wanted more information on Canadians. Maybe this is how it happens.


The Acting Information and Privacy Commissioner, Paul Fraser, to his credit, has pointed out the governments inability to protect personal information. This was shown in a report, dated February 9, 2009 (I believe they mean’t 2010), from the Office of the Information and Privacy Commissioner for BC, on an investigation on the large-scale privacy breach by the Ministry of Children and Family Development (MCFD). In the report “Commissioner Fraser found MCFD and MHSD failed to make reasonable security arrangements to protect personal information from risks such as unauthorized access, collection, use, disclosure or disposal as required by the Freedom of Information and Protection of Privacy Act (FIPPA). In addition, “Commissioner Fraser found a troubling lack of knowledge within the Ministries about the rules respecting the protection of personal information”. So, not only do they not protect personal formation, they don’t even know the privacy rules.
Some of the recommendations in the report by the Special Committee to Review the Freedom of Information and Protection of Privacy Act (based on recommendations of various groups/individuals) are:

Recommendation 20: Amend the Act to allow an individual to consent to the collection, use and disclosure of their personal information by a public body (similar to the Personal Information Protection Act).
“OIPC and privacy advocates….questioned whether the concept of consent was meaningful because of the power imbalance between the clients and providers of on-line, integrated government services.”

This was from OIPC – Cantelon letter 21 Apr 10 – From Paul Fraser under Consent, Collection and Disclosure:
“We strongly disagree with government’s submission that FIPPA should permit collection of personal information with consent. One of the internationally recognized privacy principles is that the collection of personal information must be limited to that which is necessary for the purposes identified by the organization. Permitting government to collect more than is necessary via a consent mechanism violates this privacy principle and would be inconsistent with all other public sector privacy legislation in Canada. Any “consent” would be meaningless given that citizens would not have any genuine or real choice to consent if they want or need to obtain government services.”

As you will note in a later post on the children, this can result in a situation tantamount to blackmail, i.e. give us your consent or we will deny you medical service.

​Recommendation 22: Consider holding public consultations on data sharing initiatives.
The OIPC submission, presented to the Special Committee on March 31, 2010, also focused on the privacy provisions of the Act. The submission pointed out that new information technologies enable data sharing initiatives on a scale and frequency that were never contemplated at the time the Act was drafted. The new ways in which the personal information contained in electronic databases is being collected, used and disclosed in data sharing projects raise significant privacy issues. When there is a bulk disclosure of personal information from a large database of one public body to another public body, citizens usually do not know how their personal information is being reconfigured, who is accessing it, for what purpose, whether it is accurate and how they can access it. This is particularly true where the transferred data is linked with personal information in other databases.
For this reason, the OIPC argued the public must be engaged in discussions around protecting privacy rights in data sharing projects. Its submission recommended that a code of practice be
developed by government in an open and transparent manner with stakeholder consultation through something like a White Paper process. A public consultation process on data sharing was successfully conducted by government and the Commissioner’s office in Britain in recent years.
The Special Committee supports the idea of a consultation process because we see it as a way to educate British Columbians on how the Act works now and how requests are treated by public bodies. We have concerns, though, about the prescriptive tone and broad scope of this OIPC amendment (as well as the one requiring the Commissioner’s approval for data-sharing initiatives).
Our own recommendation to government in regard to consultation is more modest.”

“Recommendation 23: Appoint a Government Chief Privacy Officer.
The OIPC submission also stated that a government-appointed Chief Privacy Officer is urgently required to act as a privacy advocate in the decision-making process and to ensure that privacy is fully considered and respected in any new initiative. This recommendation had been made by the former Information and Privacy Commissioner, and the current A/Commissioner in his investigation report into a recent privacy breach.
While the Special Committee is reluctant to create a new layer of bureaucracy, we think there is a need to educate ministries about what they can and cannot do in regard to privacy matters.”

If the public servants haven’t learned to read, to take courses or have an interest in protecting privacy by now, or interprets the Privacy Act in a self-serving way, I wonder if adding another layer of government bureaucracy will have any value. I still believe that we need transparency. I believe the public servants need to know we are monitoring them, holding them accountable. We need to know exactly what information is being collected, why it is being collected, specifically who has access, and specifically what measures are taken to protect that information. This should be followed up by independent reviews.

“Recommendation 24: Amend the Act to require that data sharing projects for the purpose of research must be subject to ethics review by an arm’s length stewardship committee.
The OIPC submission suggested too that some form of specific ethics review is necessary and desirable for government’s data sharing activities for the purposes of research. Complementary research-governance measures should be adopted in addition to the approval role for the OIPC. A committee of experts should be appointed by government that would function in a manner similar to research ethics boards of universities and the stewardship committees of the Ministry of Health Services. It would apply the criteria in s. 35(1) of the Act and such other criteria as are considered desirable in the committee’s terms of reference. The committee’s approval should be a mandatory precondition to disclosure of personal information by any public body for research purposes.”

This comes back to transparency and accountability. A committee of unknown individuals, agreeing to share our information with unknown research organizations, for unknown purposes – unknown to the individuals whose information will be shared. Why not recommend that consent be obtained from the people whose information is being shared? Why not identify who the researchers are, who they work for, what type of research they are doing with our information, and who will have access to our information, and who profits. After all, who selects these committees – not us!! Whose interests will these committee members serve? And if everything is above-board, then there is no need to hide this information. I just see this as another form of secrecy, and if you have secrecy you must have something to hide, and that may be fine, if it’s your information but it isn’t, its ours.

And from BC Office of the Privacy Commissioner – 2010 Annual Report News Release
“The risks to privacy presented by the growth of networked databases is a growing concern for public and private sector agencies, and a key challenge for the Office of the Information and Privacy Commissioner. This message was delivered in the office’s annual report, issued by Acting Information and Privacy Commissioner Paul Fraser, Q.C. today. “The erosion of privacy protection is nothing new, but the nature and magnitude of the risks to privacy provide increasing cause for alarm.”
New technologies are enabling, and driving the creation of more and more personal information data bases. “These systems collect and match disparate pieces of information about us and create a digital persona that not only may we be unaware of, but which may not represent an accurate picture of who we are,” the Acting Commissioner stated. “Yet this information will be used in decisions that affect us. I cannot understate the urgency of building these systems in a transparent, restrained and accountable way.”
Perhaps the first questions should be – do we (the patients, the citizens) need these systems, and who benefits.

I have not heard what the government will do. It can ignore all recommendations, or some recommendation; in essence it can do what it wants.


I understand from a newspaper article (The Province, August 27, 2010 pg. A10) that Auditor General John Doyle is in trouble with the politicians. There seems to be a conflict regarding who he works for – the politicians or the people. Fortunately, he believes that he works for the people and keeps doing his job and exposing wrong-doings of the politicians, including the violation of privacy rights. I hope he continues and doesn’t bend to political pressure.

There is a question I have regarding his report on the hospital database audit. Mr. Doyle’s report says that so many people were accessing patient information that it was impossible to sort out who was accessing the information. Doesn’t the CEO, Dr. David Ostrow, know who his suppliers are and which were accessing patient information? Doesn’t the CEO, Dr. David Ostrow, know who was allowed into the “business room” to plug their computers in the database and whose information they downloaded or was this available to anyone walking in off the street, no questions asked?

Madam Justice L’Heureux, of the Supreme Court of Canada, – Dube in R.V. O’Connor stated:
“Respect for individual privacy is an essential component of what it means to be free…When a private document or record is revealed the invasion is not with respect to the particular document or record in question. Rather, it is an invasion of the dignity and self-worth of the individual, who enjoys the right to privacy as an essential aspect of his or her liberty in a free and democratic society.” – R.v O’Connor [1995] 4 S.C.R. 411 at paras. 114, 119 – pg. 17
So, when someone violates your privacy rights they are also destroying your freedom and democracy.
We appear to have a segregated society in B.C., those whose privacy rights are respected in word and in action, and the rest of us whose privacy rights exist only on paper. Which group are you in??