Riley Home Page 

report_but2.gif (4270 bytes) 
  

To receive 
The Riley Report
free by e-mail,

CLICK HERE 

Back Issues 

August 2002

June 2002

March 2002

December 2001

September 2001

August 2001 

June 2001 

April 2001 

Feb 2001 

Sept 2000 

April 2000 

March 2000 

January 2000 

November 1999 

October 1999 

July 1999 

What's NewRiley Books, Columns, SpeechesCurrent Riley ReportUpcoming Riley SeminarsContact Riley Information Services
 

THE RILEY REPORT – October 2002

from Thomas B.Riley (Tom@Rileyis.com)

 

http://www.rileyis.com

http://www.electronicgov.net

Following is the Riley Report for October 2002.  Please feel free to pass this on as you see fit. If you wish to use any or part of the Report in an offline publication please acknowledge the author or contact the author if to be fully republished offline. If you are not currently subscribed to the Riley Report (there is no charge) you can email info@rileyis.com and simply put subscribe in the body of the text.  You can also go to the Riley Report at: http://www.rileyis.com/report/index.html and subscribe there.

This month's report looks at the relationship of privacy principles and the success of e-government.   Planners and strategic thinkers developing e-government mechanisms for internal use, external programs and e-service delivery have realized the importance of ensuring that there are privacy safeguards in place.  This is because the citizen, in interacting with government, wants to ensure there is a climate of trust and confidentiality.  The Canadian government has become the leader in developing Privacy Impact Assessment policies when an e-government application is being considered or developed.

This report summarizes some issues that arose at a recent privacy seminar in Ottawa, Canada.

PRIVACY TRENDS: MEETING NEW DEMANDS

   

A recent conference in Ottawa, entitled: Privacy Tends: Complying with New Demands, (22 October 02) organized by the Commonwealth Centre for E-Governance, made clear the importance of privacy overall in society and, in particular, in the development of e-Government.  During the day’s proceedings much emphasis was placed on the nature of Canada’s new laws covering privacy in the private sector, and how such laws were in place to ensure citizens’ rights in a growing electronic commerce environment.  Concerns were also raised about the lowering expectations of privacy within public sector organizations internationally, in the sustained drive to combat terrorism.  The rise of modern information and communication technologies has created new environments in which millions of bytes of data on individual citizens are being collected daily by governments and corporate interests alike.

  Privacy has now become a major issue internationally.  The rise of intrusive technologies and the Internet has resulted in a surge in awareness about the importance of privacy.   On the Internet increasing pressure is being placed on companies, as in the United States where there is no federal law regulating privacy, to develop privacy policies in order to protect consumers from corporations which are liberally sharing their personal information in this new environment.  The rush by large corporations to engage in e-commerce has meant more personal information is being gathered, shared, sold, and disseminated, than ever before. Governments around the world, including the United Kingdom, Australia, New Zealand, Canada, the United States and many European Union Countries are increasingly gathering personal information from a variety of sources, through the matching of databases.

  Surveys in Canada and the United States show clearly that many individuals perceive that their personal information is used in cyberspace in very cavalier ways.  Many studies conducted by various Information Commissioners, government agencies, advocacy groups and polling organizations, make it clear that our personal information is bandied around the technological and communication networks of the world.  The amount of personal information collected and stored by government and corporate organizations may seem to some like a fantastic science fiction story rather than a reflection of the reality of the modern world.  At any given time, highly computer-literate people, in both government and segments of the private sector, can, within seconds, know everything about an individual by using these sophisticated technologies.   It is no longer a question whether the potential to gather such information is out there but rather how extensive is it?  

 These capabilities have consequences for the development of e-government programs, as they rely on the willingness of the citizen to take part in governments’ on-line activities or to interact with the government. For this to occur there needs to be a climate of trust and confidence, generated amongst the public, that any personal information shared with government will be kept confidential and not subject to sharing between departments, except in limited legal circumstances in the interests of the state and for the overall public good. But even these limitations must be stated clearly in educational programs about privacy and data protection measures.  These ideals are difficult to maintain.  Witness the instruments being developed by the European Union, in which countries are being given more and more exemptions to collect and share personal information in the current fight against terrorism.  Thus, a new tension has arisen – the  right to privacy vs. the growing philosophy in many countries of the necessity for governments to have access to a multitude of usages of personal information, for a variety of reasons.

  The growth of privacy and data protection laws around the world reflects government’s response to citizens’ concerns about their privacy over the past two decades. However, since 9/11, more and more governments have amended once strong privacy laws to enable agencies and departments to amass and share personal information of their citizens in the growing effort to combat terrorism.  Privacy Commissioners in Canada have had some influence in curbing some of the more extreme measures the government has wanted to collect personal information on its citizenry.   And, despite the somewhat reduced privacy rights, the Canadian Federal government has implemented a policy of ensuring departments conduct a Privacy Impact Assessment whenever any new application of e-government program or service is to be implemented.   This Privacy Impact Assessment policy is a marked success and is now being considered by the UK and Australian governments in their respective jurisdictions.

  Thus, it is useful to look at what such assessments entail.

1. Only 54% agreed that, with proper security measures in place, they would be comfortable sending information over the Internet to the federal government.

2. They remain particularly concerned about transmitting bank account, credit card and SIN numbers (Social Insurance Numbers). 

3. 56% believe the federal government has one large database with all their 
personal information in it.

4. 35% are not aware that there are federal and provincial privacy laws
restricting the use and sharing of personal information. 

5. 51% of Canadians agreed that submitting personal information over the 
Internet to a secure government website is equally as safe as submitting the same information in person at a government office..

6. 50% of Canadians believe that departments/agencies only share the
information they collect with one another in specific cases where it is permitted by law.
(EKOS Survey, Canada, Fall 2001.)

It is this type of survey results that drove the government to develop the policy on privacy impact assessments. The Canadian government was one of the first to recognize the importance of privacy in the overall scheme of e-government implementation.

These indicators, according to Hodgins, have resulted in Canadians expecting that:

"Government will provide services via the Internet
Government will deliver services in a trusted and secure environment
(That citizens are) divided on whether government should share some personal 
information among departments for the purpose of providing better and faster 
service" 

Finally, such attention to the implementation of privacy assessments, when dealing with new programs, will help to assure Canadians that their privacy is being protected when they use government programs and services on-line through: “notification and consent of personal information” (with consent being the common theme through all the sessions at the Privacy Trends conference).

Public Key Infrastructure programs, digital signatures, and secure online channels, are also an important part of any Privacy Impact Assessment implementation, according to Michael Powers, legal privacy expert at Gowling Lafleur Law offices in Ottawa. He defines the purpose of Privacy Impact Assessments as:

An evaluation of business processes to determine the level of compliance with ‘best practice’ benchmarks, including data flow analysis, gap analysis, privacy risk assessments and privacy risk management plans.”

He sees three elements to developing a privacy secure environment:

  1. Data Analysis (as to how the information is either aggregate or personal information).
  2. Privacy Analysis
  3. Privacy Risk Management Plans.

The above are only some of the key ingredients of Canada’s privacy policies in relation to e-government. These implementations are occurring at both the Federal level and in some of the provincial governments.   Privacy Impact Assessment policies evolved from an awareness that trust and confidence of the citizen are crucial if e-government programs were to take hold with the citizenry and, most important of all, if the citizen would be willing to use the programs and become engaged in electronic service delivery of government programs as a matter of routine.  These privacy policies are helping to offset some of the concerns citizens in the developed world are having over the loss of some privacy rights since 9/11. 

There is a distinct difference between privacy legislation, which covers the private sector, and legislation covering public sector organizations. Legislation covering the private sector organizations to protect individuals’ personal information is strong, and a culture of compliance is widening in many jurisdictions outside Europe.   But the same cannot be said of public sector privacy legislation where many amendments to current law are resulting in more powers for governments to use personal information in a variety of ways.   A balance is being sought to ensure that governments can have the tools to ensure they are able to fulfil their law enforcement and intelligence gathering abilities in the fight against terrorism while still enshrining privacy values in public sector institutions.

Citizens of many countries have accepted that certain privacy rights have to be given up in the new environments.  However, at the same time, while acknowledging the new reality of international terrorism, there is also an expectation that a proper way will be found to ensure that fundamental privacy values are maintained and not washed away in some eager impulse to collect increasingly more and more personal information on citizens to be put into large databases. 

The Ottawa conference has shown that privacy continues to be a fundamental value intricately linked to basic human rights.  Recently, there have been erosions in some of these privacy rights, but the public does not expect them to vanish anytime soon.

As Ann Cavoukian, Ontario’s Information and Privacy Commissioner, a keynote speaker at the October Ottawa seminar has said:

“There is… a perception that privacy rights have taken a significant hit.  Governments on both sides of the border, have passed anti-terrorism legislation that has eroded previously enjoyed privacy rights.  How often have you heard that since September 11, privacy is no longer a concern?   Allow me to set the record straight.  We must distinguish between the publics’ willingness to accept government limiting its privacy rights in the pursuit of legitimate security interests vs. business and consumer privacy-related issues.  Clearly, September 11 had an impact on the firmer, but I assure you, not on the latter.”

Accountability Through Transparency:  Or How I Learned to Love Access and Privacy Legislation,  Ann Cavoukian, Ph.D  September 19, 2002  http://www.ipc.on.ca

   

Note:  The full presentations of many of the speakers may be found at: http://www.electronicgov.net/news/index.shtml and click on Oct 22 seminar.

Thomas Riley is available for consultations, preparation of reports, presenting workshops or delivering speeches at conferences and seminars on e-government, e-governance and e-democracy.  Please contact me at the email address below for further details.

Thomas B. Riley 
Executive Director and Chair 
Commonwealth Centre for Electronic Governance 
http://www.electronicgov.net 
Visiting Professor, University of Glasgow 
Riley Information Services. 
http://www.rileyis.com  
Tom@Rileyis.com 
With author attribution, this document may be freely copied in whole or in part for online distribution.
Any offline use requires the author's permission.