HOME | CONTACT | INFO | RESOURCES | EVENTS | PAPERS| LEGAL
PRIVACY ON THE INTERNET
FAQ
1. What is privacy? In the context of both the Internet and data collection, privacy can be defined as an individual's control over access to his or her personal data.
2. Should I be concerned about my privacy? Yes. Canadians demand and expect a high degree of personal privacy. Electronic communication and electronic commerce will, and are, exponentially increase the amount of personal data being collected and stored. The creation of more and bigger data bases is giving rise to data matching and data mining, and the ability to discern personal information to a greater degree than ever before possible.
3. What should I expect? Generally, individuals should be as free as possible to determine the appropriate level of personal privacy in their lives. In other words, people should expect the right to an informed consent to the collection, storage and use of data.
4. What does encryption and security have to do with privacy? There is no privacy without some level of security. Security standards vary according to the context. The desired level of privacy is determined in part by the application of some level of security over the information being stored. The more confidential information is, the more call there is for stronger internal security and encryption.
5. What are digital signatures? These are encrypted messages that are used to authenticate the person sending a communication or document, and that the document itself is original and unaltered.
6. Are standards being developed to protect me when I use my credit card on the Internet. Yes, but this is a technical issue beyond the scope of this FAQ.
7. What are some of the things that I should be concerned about? Among other things, you might be concerned about the extent to which data about you is collected, the quality of it, whether there are any restrictions on the subsequent use of it, and whether you have personal access to the information to ensure that it is correct.
8. Where can I find out more about consumer privacy? Some of the many sites dealing with this topic are the Electronic Privacy Information Center, the Electronic Frontier Foundation, the American Civil Liberties Union and the US Federal Trade Commission's Bureau of Consumer Protection.
9. But if I am acting within the law, do I really have anything to fear. Yes. Information gathered for a particular purpose (i.e. your health care) can end up being used for some other purpose that you didn't even contemplate.
10. What are some examples of using data for purposes other than what it was intended for?
A recent example is the case of a US Navy submariner in San Diego, CA., who was court martialed and dismissed from the service for being a homosexual. The dismissal was based only on personal information improperly obtained from American Online about the sender of the unauthenticated e-mail message. The personal information indicated that the sender was gay. There was nothing in the e-mail to indicate any impropriety, or suggestion of homosexuality. The dismissal is under appeal and an injunction preventing the Navy from dismissing the serviceman has been granted. A second example occurred when an agency in British Columbia obtained confidential medical records (billing information) from the government, and matched them to a profile of women predicted to be at a higher risk of breast cancer. Any woman who had not had a recent mammogram was contacted. The information used was health care billing records. Data matching invites the ethical question of whether the end justifies the means.
11. How is my personal information available on the Internet? Generally, information is only available if you have, at some point, provided it. By reducing the amount of information you voluntarily provide, you can reduce the amount of information generally available. It is best to give only the amount of personal information that is consistent with the transaction you are entering into. For example, you would give the pizza store only the amount of personal information necessary to complete the purchase.
12. As there is some question at this point about the security of the Internet, should some information never be given out? Yes, an argument can be made that some information should not be obtained, or stored on-line. For example, if an insurer is interacting with its' clients online, neither the insurer nor its' customers may want to exchange sensitive medical information on-line.
13. Is information really being collected from children? Yes. Typically, sites ask children for personal information in return for access to the site or the promise of winning a contest. While little data is available on the topic, the US Federal Trade Commission conducted a A Kids Privacy Surf Day in October, 1997, designed as a snapshot of data collection practices on the web. 86% of the sites surveyed were collecting identifiable personal information from children, such as names, e-mail and postal addresses and telephone numbers. Only 4% of the sites required prior parental approval. While no illegality has been alleged, there is a concern that information is being collected inappropriately and in some cases deceptively. See the FTC's news release of December 15, 1997.
14. Are people collecting data about me without me knowing it? Yes they are. When ever you go online, you leave an electronic trail which may tell something about you as an individual. Much information is also being covertly collected without your consent through newsgroups, chat rooms and by the use of electronic tokens called cookies (which send information about you back to the computer which gave your computer the cookie in the first place).
15. How can I avoid giving out personal information without knowing that I am doing it? One way you can do this is to minimize the electronic trail that you leave behind. For suggestions see Surfing Safely in Cyberspace. For an example on how to set your browser to notify you before accepting cookies, see IBM.
16. Where can I find about more about cookies, whether I should be concerned about them, and how to manage them? One of many sites dealing with this topic is Cookie Central.
17. What legal protection does the ordinary citizen have? In the private sector, none other than voluntary codes. The one exception is Quebec. An example of a private code is that of the Canadian Direct Marketing Association.
18. But doesn't the government protect my privacy in the private sector? No. Traditionally the Government has been the biggest repository of information concerning individuals. The need for control of the private sector was not perceived. Advances in information technology and the growth of an information based economy has shifted a significant portion of information collection to the private sector, which is largely unregulated.
19. How am I protected in the public sector? Both the Federal and Provincial governments have legislated privacy rights, along to freedom of information rights, for government and quasi-government bodies such as hospitals, police departments, etc.
20. Is the Federal government doing anything about privacy in the private sector? Yes. In 1984, Canada adhered to the Guidelines on the Protection of Privacy and Transborder Flows of Personal Data developed by the Organization for Economic Co-operation and Development. This formed the basis for the Canadian Standards Association Model Code for the Protection of Privacy. These provisions have no legislative authority. The federal government announced in early 1998 that it will introduce legislation in the fall. Public input is being requested prior to March 27, 1998
21. What is happening internationally? Among other things, the European Union has passed a Privacy Directive to take effect in the fall of 1998. The directive treats privacy as a fundamental human right and directs member states to adopt legislation in conformity with the directive. Article 25 of the directive is of the greatest concern because it forbids the transfer of data outside of the EU to countries that do not guarantee adequate protection of personal data. The US perspective on this Article is negative.
22. What is the Canadian government doing about the EU Directive? It is anticipated that the legislation proposed by the Canadian government will meet the requirement of the Directive to provide adequate protection, although there is no guarantee that it will. The United Kingdom's proposal regarding implementation of the directive has been published.
23. What else can I do to protect my privacy? Simply, if you take some personal responsibility, in the case of the Internet, by not divulging personal information in the first place, the risk of a loss of privacy will be much less.
Disclaimer
© 1998 Gary Dunn
[an error occurred while processing this directive]
