Consumer privacy is a crucial element of the Smart Grid electrical framework being developed in Ontario, says the province’s Information and Privacy Commissioner, Dr. Ann Cavoukian, who released her 2009 Annual Report this morning.
“I have met with many stakeholders in the Ontario electrical sector and am happy to see a high level of understanding and commitment to privacy. In moving forward with plans in this area, the government must play a leadership role in ensuring that privacy forms a key part of the ongoing Smart Grid implementation in Ontario,” the Commissioner urged in her Annual Report.
Since first addressing the issue in August 2009, Commissioner Cavoukian has issued a white paper, published op-ed articles and addressed key decision-makers in the North American Smart Grid community. The infrastructure supporting the Smart Grid will be capable of informing consumers of their hourly and real-time energy use, and in the future, at the individual appliance level. In a future Smart Grid scenario that does not build in privacy, sensitive details of hydro customers’ lives could be easily discerned by data automatically fed by appliances and other devices to the companies providing electric power (e.g. what time you cook, shower, or go to bed – and security issues such as whether the house has an alarm system).
“The best response is to ensure that privacy is proactively embedded into the design of the Smart Grid, from end to end,” said the Commissioner. “The Smart Grid is presently in its infancy worldwide – I’m confident that many jurisdictions will look to our work being done in Ontario as the privacy standard to be met. We are creating the necessary framework with which to address this issue.”
BROADEN FOI LEGISLATION & PROTECT ABANDONED HEALTH RECORDS
Among the other recommendations in her Annual Report, the Commissioner is asking the government to broaden the scope of the province’s freedom of information legislation by extending its coverage to include more organizations that are heavily funded by taxpayer dollars, for purposes of transparency and accountability.
In 2004, the Commissioner identified the three largest Ontario organizations that relied extensively on taxpayer funding but were not covered by the provincial or municipal Freedom of Information and Protection of Privacy Act – universities, hospitals and Children’s Aid Societies. Universities have since been brought under the provincial Act and the Ontario Hospital Association stepped forward in 2009 to ask that hospitals be made subject to the law. The Commissioner is urging the government to move quickly to bring hospitals under FOI legislation and, once this step is completed, to then bring CASs under the law. CASs in both Alberta and Quebec are already covered under FOI legislation.
The Commissioner today also called for amendments to the Personal Health Information Protection Act (PHIPA) to protect personal health records that are abandoned by health professionals.
“Abandoned personal health records pose significant risks to the privacy of patients and the delivery of effective health care,” said the Commissioner. “My office has investigated numerous instances in recent years of personal health information records being abandoned by persons or institutions in the health-care field. PHIPA has proven ineffective in situations where the custodian is unwilling or unable to meet his or her obligations upon the cessation of their practice, or simply cannot be found.”
Typically, personal health records are abandoned when a health-care professional ceases to practice, either because of retirement, moving out of the province, or because they have been deemed unfit to practice by their regulatory body. Often, the Commissioner’s office receives a call from a landlord who is looking to lease the space formerly occupied by a health practitioner, but finds health records that were left behind. In her Annual Report, the Commissioner cites solutions to this problem that have been developed in other jurisdictions, including Alberta and California.
JUROR VETTING: A SPECIAL INVESTIGATION REPORT
The Commissioner is also emphasizing the importance of accountability in juror vetting. She outlines how an IPC investigation went to great lengths in 2009 to establish that the privacy rights of prospective jurors had been breached in previous years when the police, on behalf of certain Crown attorneys, had conducted background checks through a variety of means, including accessing confidential databases. Her sweeping investigation found that one-third (18 of 55) Crown attorney offices in Ontario had received personal information about prospective jurors that had exceeded the criminal conviction eligibility criteria set out in the Juries Act and Criminal Code. Commissioner Cavoukian’s 213 page Investigation Report resulted in legislative changes, paving the way for a fundamental shift in the way that jurors are screened. In so doing, she enabled the creation of a more privacy-protective centralized jury-vetting system, and the introduction of greater accountability into Ontario’s criminal justice system. The Commissioner’s report included effective, wide-sweeping recommendations that resulted in permanent changes to the juror-vetting system.
PRIVACY BY DESIGN & ACCESS BY DESIGN
Among other key issues the Commissioner raises in her Annual Report are Privacy by Design and Access by Design. Privacy by Design (PbD) is a concept developed by the Commissioner back in the ’90s that has been widely adopted globally by a growing number of organizations and jurisdictions. It prescribes that privacy be embedded directly into the design and operation, not only of technology, but also of business processes and networked infrastructure. Instead of treating privacy as an after-thought – “bolting it on after the fact” – PbD is proactive and preventative in nature – an increasingly effective approach in today’s world of increasingly interconnected technologies and extensive data collection. (For more information, see www.privacybydesign.ca.)
Access by Design (AbD) is the concept behind the Commissioner’s campaign to make government-held information proactively disclosed to the public. Government organizations can develop information management practices that go beyond the basic measures of reactive disclosure. Beyond accountable and transparent government, The 7 Fundamental Principles of AbD also embrace the concept of a more responsive and efficient government that engages in collaborative relationships with those it serves.
PRIVACY COMPLAINTS SET RECORD
There were 264 privacy complaints opened by the IPC against provincial or local government organizations under Ontario’s two Freedom of Information and Protection of Privacy Acts in 2009 – the most ever in the 22 years since the legislation first came into effect. As well, another 169 privacy complaints were opened under Ontario’s third privacy Act, PHIPA, which has been in effect covering Ontario’s health sector since late 2004.
Other key statistics released by the Commissioner include:
- The number of appeals filed with the IPC in 2009 regarding decisions issued by government organizations in response to FOI requests – exactly 1,000 – was the highest in 14 years.
- Overall, across the province, the number of FOI requests sent to individual government organizations in 2009 was 37,090, the third highest ever following only 2007 and 2008. One reason for the drop of 843 requests from the previous year was a positive disclosure development by the City of Toronto, which successfully diverted what would have been an additional 2,281 FOI requests (related to building plans) to its expanded routine disclosure program.
- After setting a record 30-day response rate for two straight years (the percentage of FOI requests responded to within 30 days), provincial ministries and other provincial institutions recorded a 30-day response rate of 81 per cent in 2009, a drop of four per cent from 2008. By comparison, local government organizations recorded a 85.6 per cent 30-day response rate.
ANNUAL REPORT ONLINE
For the first time, the Commissioner is releasing the bulk of her Annual Report via her website, with a view to providing a more efficient, cost effective and environmentally-friendly solution. The online Annual Report is available at www.ipc.on.ca and includes a full statistical report, expanded sections for each key issue, a review of developments related to PHIPA in 2009, additional summaries of Judicial Reviews of IPC decisions, and other information.
The Information and Privacy Commissioner is appointed by and reports to the Ontario Legislative Assembly, and is independent of the government of the day. The Commissioner’s mandate includes overseeing the access and privacy provisions of the Freedom of Information and Protection of Privacy Act and the Municipal Freedom of Information and Protection of Privacy Act, as well as the Personal Health Information Protection Act, which applies to both public and private sector health information custodians. The Commissioner’s mandate also includes helping to educate the public about access and privacy issues.
Source: Commissioner Ann Cavoukian