Privacy by design initiative has merit

- June 20th, 2011

Shutterstock.com

The Ontario Privacy Commissioner’s recently released annual report talks about protecting personal information on mobile devices and the privacy by design concept for the creation of new technology.

An enormous amount of private information is processed, transferred and stored via handheld devices and portable media. Personal cellphones, PDAs, iPads, USB thumb-drives, MP3 players and laptop computers each have the potential to make personal and work-related tasks more efficient and convenient.

A USB flash drive or laptop allows the busy person to work from home. Instead of lugging around boxes of paper, portable media allows the busy person to transport and access the information on the go. Instead of trying to remember intricate details about events or appointments, hand-held devices create a virtual memory warehouse that can be accessed with the flick of a finger.

Despite the benefits of hand-held devices, they have the potential to create immense difficulties when they are misplaced, stolen or sold in a used condition. The transfer of a hand-held device from one person to another, by whatever method, includes the transfer of information unless the information is deleted beforehand. Serious problems and legal liabilities occur when unsecured private or confidential information can be accessed by outsiders. There have been many instances where hard drives and USB sticks containing personal information have gone missing.

Commissioner Ann Cavoukian states, “personal health information must never be stored on mobile devices such as laptops, PDAs and USB keys, unless it is absolutely necessary. And when it is, the data must be encrypted — Full Stop.”

The commissioner provided an update on her “privacy by design” initiative. The privacy by design initiative is focused on embedding privacy safeguards into new technologies at the earliest stages of development. The idea is it is far easier and more effective to design devices, software and services with privacy in mind from the ground up, than to add it on later.

For example, the Ontario Lottery and Gaming Commission recently adopted the privacy by design initiative in facial recognition technology that identifies problem gamblers at various gaming sites. The facial recognition software was embedded with privacy safeguards so that data about non-problem gamblers will never be permanently stored. And data about problem gamblers cannot be accessed unless the problem gambler appears and is visually identified in person at a gambling site.

Another example where the concept was used was Ontario’s smart grid that has the potential to erode privacy from the collection of detailed household electricity consumption information.

The privacy by design philosophy is a laudable one, and ought to result in more privacy-friendly products. But that does not detract from the responsibility we have to ensure that we understand and exercise our own privacy options. Nor does it detract from the obligations of those in possession of our personal information to take adequate steps to protect it.

The Commissioner’s report is available at www.ipc.on.ca.

Subscribe to the post

Leave a comment

 characters available