Government Ignores Legally Required Privacy Impact Assessment, FIPA Says
The BC government is ploughing ahead with a massive data-matching program that will centralize control of all the personal information obtained from citizens who receive government services, despite the fact they have not completed a legally-required Privacy Impact Assessment, Freedom of Information and Privacy Association said.
Both FIPA and the Information and Privacy Commissioner have been informed that no Privacy Impact Assessment (PIA) exists for the government’s controversial $180-million Integrated Case Management (ICM) project. PIAs are required by law and by government policy so that privacy issues are raised and dealt with for any new or revised project, program, application, system or legislative initiative before it is implemented.
The ICM system will not only aggregate and share personal information across provincial (and eventually federal) government ministries; it will also collect data from hundreds of independent community service organizations which are contracted to provide government services, in order to create a database of unprecedented scope and detail about citizen’s lives, including their participation in health care, education, childcare and every other government service.
"We assumed the government would obey the law and do a review of the many serious privacy issues around this unprecedented data-sharing program,” said Darrell Evans, Executive Director of FIPA. “If we can believe their response to our Freedom of Information request for a copy of the PIA, they have “no responsive documents."
Senior BC government officials appeared before a special legislative committee on Wednesday to demand the Freedom of Information and Protection of Privacy Act be radically changed to allow those plans to proceed.
"The government wants the power to pass personal information around the electronic universe as they see fit, with little or no restrictions," said Evans. "Given their failure to do a PIA for a $180- million data-sharing program, we shouldn’t write them a blank cheque for this grand vision."
In the past month alone, reports by the Auditor General and the Acting Information and Privacy Commissioner have slammed government for serious privacy breaches, lax security and failure to consider privacy issues when building or running information systems. The Information Commissioner was so disturbed by the lack of attention to privacy, he asked the government to create a new Chief Privacy Officer to remind the government about its legal obligations.
"It takes a lot of nerve to demand these massive and dangerous changes to the law after being spanked by the Commissioner for badly neglecting privacy,” said Evans. “I would not want to replace our existing privacy rights, limited as they are, with a ‘trust me’ from these people."