Should Privacy By Design Be Embedded Into Canadian Law Mirroring The EU?

Consideration has been given for the editing and publishing of this post

Privacy continues to be an elusive thing in the new age of technology. Modern conveniences make our lives much more simplistic, but some have done some severe damage to the amount of privacy that we are afforded.

The old generation scoffs at the way we freely give so much information about ourselves on the pages of social media sites, and the way that we liberally use our financial information online is causing controversy around the globe. How do we legislate privacy in the new age of technology and is it even possible?

In the first of its kind, the EU has passed something called the General Data Protection Regulations. Spearheaded by Ann Cavoukian, who termed “data privacy by design”, the new regulations will go into effect in 2018 across the EU. What makes it such a big deal is that it is the first time that the different countries within the EU will recognize a common privacy regulation standard. Up until this time, each country was responsible for their own regulations and laws.

The concept of privacy by design is not a new one. Cauvoukian developed it as far back as 1990 when she was the official privacy commissioner here in Ontario. It is an entire design of protecting privacy by embedding it into the actual design of business practices, physical infrastructures and technologies across the board.

Cauvoukian, who is now gracing the walls of academia, has become the executive director of the Privacy and Big Data Institute working out of Ryerson University. Approaching privacy from a different angle, her privacy by design is an attempt to stop worrying so much and embrace your technology. Many are wondering if the same laws should be enacted in Canada.

Even if Canada does not instill the same strict regulations, the likelihood that many organizations would still be beholden to the same safeguards is high. Anyone who will foster business with the EU will be subject to upholding the same standards if they intend to work with international clients in the EU organization.

With growing distrust mounting not just here, but abroad, about the way that organizations handle our personal information, without some standard of care or code of ethics, there is no way to regulate how data is kept secure. That leads many Canadian residents unprotected in a growing Bouillabaisse of identity theft and other criminal identify operations.

A huge champion for privacy, Cauvokian and an immigration lawyer in Denver, has been telling companies and organizations for decades that due to the complex issues that the internet brings, if they want to build trust with their client base, they have to focus on systematically ensuring that the personal information of those they serve is kept private.

Like any other business process within an organization, it is much easier to build a systematic safeguard into the design of your business or organization, then to try to play catch up and adjust as needed once you expand. Building privacy into not only the processes of organizational culture but the software and technology you use will help to protect those you work with. It is also a more cost-effective way to hit the ground running.

Not only is privacy integral for customer trust, but it is also a way to keep your own data processes safe. In an atmosphere that relies on heavy competition, keeping your own data and operations safe from the view of competitors is integral to maintaining your dominance in the marketplace.

The key to the privacy design model relies on software designers who understand not only how to build software with privacy built in, but to always anticipate for and adapt to change in the marketplace and expansion. By identifying risk and using a risk intelligence approach, a programmer can build into the design of any organization’s technology the protection it needs to keep its reputation solid.

Many feel that it should be up to the organization to safeguard their own organizational data and the client information they hold while others believe that those type of certainties should be dealt with on a governmental level. The fact is whether regulated by the Canadian government, or left up to companies and businesses; it behooves everyone to have a system in place instead of trying to either rebuild a reputation or keep up with the demands of change within technological advances.

June 15, 2016 · Tim Kevan · Comments Closed
Posted in: Uncategorized