It鈥檚 bad enough that we have to be constantly on guard against online snoops and scamsters who would use our personal data for nefarious purposes 鈥 we shouldn鈥檛 have to worry what the government does with the information it collects about us.
Yet there is plenty of reason for concern.
Privacy commissioner Elizabeth Denham has taken the sa国际传媒 Ministry of Education to task for losing a hard drive containing personal information on 3.4 million sa国际传媒 and Yukon students and teachers. Her report says the ministry ignored its own policies and violated privacy law.
The Canadian Security Intelligence Service also broke the rules when it repeatedly obtained taxpayer information from the sa国际传媒 Revenue Agency without a warrant, which means the CRA was complicit in those violations.
Meanwhile, the watchdog over the Communications Security Establishment, sa国际传媒鈥檚 electronic spy agency, has found that CSE has improperly shared metadata with key foreign allies. (Metadata is information associated with a communication, such as an email address or a telephone number, but not the message itself.)
In the case of the missing Education Ministry data, a decision was made to back up the information on two portable hard drives to save $14,000 a year in online storage costs. One of the hard drives was to be kept in the ministry office for use by staff, while the other was to be stored off-site in case of disaster.
The information was not encrypted, nor was the hard drive protected by a password.
According to testimony from a ministry employee, the backup drive was taken to a Central Saanich warehouse in May 2011 and placed in a filing cabinet in a locked cage. Four years later, the ministry reconsidered the risk of keeping the information on a portable device and sent someone to retrieve it. The employee could not find it, and no record was found that the hard drive was received by the warehouse or that it was later moved.
The government has acknowledged and apologized for the error, and has strengthened procedures and training. It says there is no indication that the information has been improperly accessed or misused.
No deliberate or malicious intent appears to be involved in the loss of the hard drive; rather, it鈥檚 a case of neglect. But that鈥檚 more than a little disturbing, as it seems to be further evidence of the current government鈥檚 casual attitude about the data it鈥檚 supposed to protect.
Having access to information is important to the federal spy agencies. They need to be able to gather intelligence in their efforts to protect national security. But safeguards and limits have been put in place to protect personal privacy. They should not be ignored.
Defence Minister Harjit Sajjan says the metadata gathered by the CSE and shared with agencies in the U.S., Britain, Australia and New Zealand 鈥渄id not contain names or enough information on its own to identify individuals,鈥 and the privacy impact was minimal. Nevertheless, the law was broken, and when the agencies responsible for our security disregard the law, even in minor ways, we have reason to be concerned. As Esquimalt-Saanich-Sooke MP Randall Garrison notes: 鈥淲e need concrete measures that keep Canadians safe without eroding away our freedoms and civil liberties.鈥
We can protect ourselves, to a certain extent, from Internet predators by limiting what information we put online. We have little choice, though, about the massive amount of information the government collects. We have to be able to trust governments and know that our data will not be misused or mislaid.
We need to be wary of all those who seek to do damage with our personal information, but governments shouldn鈥檛 be on that list.
