HOME | CONTACT | INFO | RESOURCES | EVENTS | PAPERS| LEGAL

Press Releases

Privacy and Internet Commerce
Should we be concerned?

Rick Cluff: You know, when you shop on-line, you often need to fill out a detailed personal survey before you can complete your transaction. At the moment there is no law which says a company can't sell your personal details to another organization, really, leaving your privacy unprotected. Today, in the last part of our series looking at commerce on the Internet, we examine this lack of privacy, what's being done and how concerned we should be.

Gary Dunn is a Vancouver lawyer. He specializes in the Internet and privacy issues, and he joins me now. Good morning.

Gary Dunn: Good morning, Rick.

Rick Cluff: Well, Gary, in addition to your name, your address, your shopping preferences.... I mean, these can be traded now around the world. What else should we be concerned about when it comes to privacy and the use of the Internet?

Gary Dunn: Privacy is becoming a very big issue. What with information technology, we're seeing a huge shift in data that's being collected in the private sector as opposed to the public sector, and while the public sector has a degree of regulation, the public sector has virtually no regulation. With this exponential growth in data collection, we're seeing the opportunity for data mining, database matching, and the collection of information from children using deceptive practices, all of which is creating a great deal of concern in the community.

Rick Cluff: How dangerous is this?

Gary Dunn: I think we are at a very preliminary stage, and I think the extent of the danger is unknown at this point. I would say that Canadian citizens are very concerned about their privacy and about the things that can be done with the information that's collected. A couple of recent examples might illustrate the issue.

Rick Cluff: Please, yes.

Gary Dunn: A couple of weeks ago we had a non-Internet related example, but it's a good example of the comparison of databases. It was with, I believe.... The BC Cancer institute obtained information from the provincial government - medical records, to be specific - and they then matched that database using certain profiles to identify women who were at a higher risk of breast cancer and who had not been screened. As a result of that, a letter was sent out to these women recommending that they seek medical advice and determine if a mammogram is an appropriate response for them. Now, that's an example of using a database that's being kept for one purpose - billing records, to be specific - and using it for a totally other purpose, raising an interesting point about whether the end justifies the means.

A petty officer - I believe I may have his rank incorrect - but a senior, non-commissioned naval officer, decorated, with 17 years of service and no negative notations on the record, was summarily court-martialed and dismissed from the US submarine service based on allegations that he was a homosexual. I understand that in the United States naval services homosexuality is a offense punishable by court martial, but that they have a no-pursuit policy, so unless there are declarations of homosexuality or evidence of homosexual acts, nothing is done.

In this particular case, the wife of one of the submariners received an e-mail communication requesting ages of children for purposes of distributing Christmas gifts. The e-mail was communicated over America Online. America Online invites their subscribers to maintain subscriber profiles. This woman looked up the subscriber profile to determine who this person was, because the message was sent under a nom de plume, and as part of the subscriber profile, it indicated that the person was gay. She forwarded the e-mail message to her husband, who was an officer on the submarine. Things got out of hand. Court-martial proceedings ensued, and he was court-martialed over a period of months and dismissed from service. There has now been an injunction issued restraining the navy from dismissing him, and the battle is on.

Rick Cluff: Are there laws or standards here that should be imposed to protect us?

Gary Dunn: We recently had the federal government declare that they are going to present legislation in the fall dealing with the question of privacy. The sort of thing that the community is interested in is the extent to which the data is collected. In other words, is it relevant to the purpose that it's being collected for, is it being kept current, do you and I have access to that data to make sure it's correct, is it being used for improper purposes. I think part of the federal government's motivation, if one is interested in the history of it, is that the European Union will put in place a privacy directive in the fall of 1998 which will restrict the transfer of data to states that don't have similar privacy laws to the European Union.

Rick Cluff: But it's very difficult to police, isn't it Gary? Even if you have a law or a standard in place, because the Internet is what it is, there's a lot of stuff that can go on that nobody knows about.

Gary Dunn: That's correct. There's a lot of covert data collection going on. I would also throw the data collection from children into this category because children are not old enough to consent. The Federal Trade Commission did a study back in October, a one-day survey of Internet sites directed at children, and discovered that 86 percent of them were collecting data from children, often under the guise of awarding prizes or whatever. But they were picking up preferences, e-mail addresses and so forth, which one assumes is going to be used for marketing purposes.

Rick Cluff: In addition to your personal privacy, we have also talked this week about the issue of authentication and having your credit card protected, because that's the way most commerce is done now on the Internet - with the use of a credit card. We've also talked about sensitivity. If you send a personal document through the e-mail, as you just mentioned, how are we guaranteed that somebody else isn't reading that as well? I mean, these are two issues that.... A lot of people are still very hesitant to use the Net because they feel that there are some loopholes here, and that your credit card can be used elsewhere and people can read your mail.

Gary Dunn: The simple answer is that most information that is obtained over the Web right now is voluntarily given - your point at the beginning of the program that people are asked to sign on-line information. We give away a tremendous amount of information. I think the simple advice to people right now is, while we're getting a handle on the extent of the potential for abuse, they should be very mindful of the electronic trail that they can leave while they are on the Internet, and very mindful of the personal information that they give out.

Rick Cluff: So your advice to them would be, use the Net, but be very cautious?

Gary Dunn: No, I would say, "Use the Net, but just don't give out personal information." The Net's here. I truly am one of the people who believe we're into the information age, and it's a wonderful tool. It's just that.... Don't be any more discreet than you would be giving your personal data out to the place where you order your pizza at night.

Rick Cluff: Do you use the Net?

Gary Dunn: Very much so. I live on it.

Rick Cluff: Have you bought anything on the Net?

Gary Dunn: Yes, I have, and I do my banking on the Net.

Rick Cluff: Have you used your credit card to buy something on the Net?

Gary Dunn: No, I have not.

Rick Cluff: All right. Thanks Gary.   Gary Dunn, a Vancouver lawyer who specializes in the Internet and privacy issues.

Click for Frequently Asked Questions about Privacy.

Inquiries
Gary Dunn
Tel: (604) 739-7011
Email: gary@dunn.com
Web: www.dunn.com