Media Awareness Network
Search
HomeFor TeachersFor ParentsMedia IssuesNewsSpecial InitiativesContent CartRéseau éducation-médias

ARTICLE


Paying with Your Privacy

by Leslie Bower
Consensus, Vol. 23, No. 4, Summer 1996
Republished with permission

Computers have become so entrenched in our financial lives that we have come to take them for granted—only stopping to complain on those infrequent occasions that they fail us. They routinely collect our paycheques, pay our bills, make our charitable donations and disburse our political contributions. They dispense cash at 3 a.m., give us account balances and execute investment instructions.

But privacy experts are beginning to question the cost of this convenience. While individual computer databases may only contain bits and pieces of our personal information, collectively, computers know us better than our most intimate acquaintances. The use of the information highway by marketing firms, law enforcement agencies, the media, financial institutions—and even criminals—to collect and compile personal information is making many consumer advocates and privacy experts increasingly uneasy.

"This whole issue is like a game of strip poker," said Bruce Phillips, Canada's Privacy Commissioner, during a public address. "You start with your necktie, and before long you're down to your knickers. We're already in bad shape. Before too long fig leaves will be very much in demand."

A national privacy standard

Three years ago, concerned Canadians came together as a committee of the Canadian Standards Association (CSA International) to pursue a solution to the privacy problem. The resulting Model Code for the Protection of Personal Information marks the first time that private sector organizations in any country have collaborated with consumer advocates and government officials to create a national information protection standard.

The code has been approved as a National Standard of Canada by the Standards Council of Canada. It addresses two issues central to the privacy debate:

  • the way organizations collect, use, disclose and protect personal information; and

  • the right of individuals to have access to information about themselves and, if necessary, to have that information corrected.

The code is built around ten interrelated privacy principles that can be applied to all types of organizations. Of paramount importance is the principle of consent, according to Jim Savary, the committee's vice-chair and a vice-president of the Consumers' Association of Canada. "This is a pillar," said Mr. Savary. "It establishes the fact that personal data belongs to the consumer, and that the consent of the consumer is required for any use of that data beyond that originally specified."

In a world governed by the code's consent principle, you would be able to subscribe to an investment magazine, for instance, without worrying that it will trigger a decades-long assault by telemarketers pitching everything from mutual funds to funeral planning—unless you had consented to this use of your information.

The code also gives organizations responsibility for ensuring that information is accurate and up-to-date. Inaccurate records have been known to cause a wide range of problems, from denial of a loan to loss of a job.

In their book on privacy, entitled Who Knows? Safeguarding Your Privacy in a Networked World, Ann Cavoukian and Don Tapscott describe the case of James Russell Wiggens, a father of four who landed a senior position with a cable company. When a routine background check revealed a conviction for cocaine possession, Mr. Wiggens was fired. It later turned out that the credit bureau had pulled the file of a different Wiggens.

Bad as the situation was, the authors point out that it could have been much worse had the inaccuracy not been detected:

"If the background check had been done before Wiggens was hired, he simply wouldn't have been hired, and he wouldn't have known why. Moreover, from that point on, lingering in some database, a criminal conviction for possession of cocaine would be linked with his name, virtually eliminating his chances of ever getting a good job—again, without his ever knowing why."

Although the code does not deal with the intricacies of data protection, it does require that information be properly safeguarded in keeping with its level of sensitivity.

It also imparts certain powers to the individuals whose information is being kept. They should have access to their information, and should have the right to challenge its accuracy and the organization's conformity to the code.

Taking the code to market

To help organizations implement the concepts of the code, CSA International is developing a workbook entitled Making the CSA privacy code work for you. At the same time, the Quality Management Institute, a division of CSA International, is working on a three-tier recognition program that companies could use to demonstrate code conformity to consumers, regulators and business partners. The least rigorous method would be self-declaration. The most demanding tier would be a full-blown audit. The middle tier is expected to involve a less rigorous audit that focuses on critical aspects of the code.

Though the code is voluntary, some of its supporters, including the Information Highway Advisory Council and the Canadian Direct Marketing Association, have called on Industry Canada to develop framework legislation that would make it mandatory for all organizations. Industry Canada has announced its intention to proceed with legislation, but has not yet made a commitment to the code itself.

"Working on the basis of the standard is certainly an attractive option, given that it is the first standard of its kind in the world," said Stephanie Perrin, an Industry Canada policy advisor, "but we first need to get the views of stakeholders who have not participated in the standards development process." She adds that one of the big challenges will be the implementation and oversight of legislation that has such broad implications for business in Canada.

Meanwhile, proponents of the voluntary approach say that legislation is likely not required to ensure widespread compliance with the code. There are already strong commercial reasons for doing so.

Last July, the European Community (EC) passed its much-anticipated directive on the protection of personal data. While the directive is intended to harmonize national privacy provisions in Europe, it also calls upon non-European companies to have in place "an adequate level of protection" before data is shipped offshore. Conformity to the CSA International code is expected to satisfy the EC directive.

The EC is not the only market that has linked trade and privacy. In 1994, Quebec became the first and only North American jurisdiction to enact a comprehensive regulation dealing with private sector personal-data practices. Once again, the CSA International code could enable Canadian companies outside of Quebec to satisfy the requirements of the Quebec law in order to do business in that province.

Supporters of the code also point to a variety of other factors that will motivate companies to comply. Among these are moral persuasion, the desire to avoid adverse publicity, competitive advantage, and the referencing of the standard in contracts.

And what about those businesses that don't see the value of a privacy code? "I wouldn't shortchange the power of public opinion," said Mr. Savary. "Consumers who find businesses not adhering will simply take their business elsewhere."

 

Related MNet Resources

CSA Model Code for the Protection of Personal Information

Recommended
reading, viewing, surfing

Books

Who Knows: Safeguarding Your Privacy in a Networked World by Ann Cavoukian, and Don Tappscott. Random House of Canada, Toronto, ON., Canada 1995.

 
Visit the Site Directory for more on this topic.


You have
items
in your content cart
Review your selections

 
Paying with Your Privacy - Article  

top of page

© 2008 Media Awareness Network