Given that the government will be introducing its lawful access bill today, there is something eerily appropriate about the timing of this week’ s Maclean’s cover story on the shocking privacy invasion of Privacy Commissioner Jennifer Stoddart’ s phone and cellphone records. For those that have not seen the story (it is not yet freely available online update: the article is now online), Maclean’s was able to obtain detailed phone records from U.S. data providers on the Commissioner’ s use of her home phone and blackberry cellphone (the details include precise information on who she called and when). According to the story, all it took was a bit of publicly available information regarding her name and home address.
As the privacy community faces a new challenge with the lawful access bill, this incident provides a stunning reminder of the privacy and security risks inherent in telecommunications with our without lawful access. It is appalling that such information can apparently be so easily obtained, regardless of the means by which the U.S. company was able to do so.
Bell has responded with a release noting that the information was obtained by "subterfuge and misrepresentation". It adds that "Bell, other telecommunications companies and the customers involved were victims of fraudulent and unethical activity." While no one is suggesting that Bell was actively disclosing such information, it hardly stands as victimized as the Privacy Commissioner.
With the Telecommunications Policy Review and PIPEDA Review either underway or upcoming, the Canadian government has a unique opportunity to reconfirm its commitment to privacy by strengthening Canadian privacy legislation.
The Telecommunications Policy Review Panel should reject Bell’ s recommendation that the privacy provisions in the Telecommunications Act be dropped. As the Maclean’s article notes, those provisions actually carry tougher penalties than PIPEDA.
Meanwhile, PIPEDA needs some teeth. A revamped statute would address the jurisdictional limitations in the law, grant the Privacy Commissioner order making power much like her provincial counterparts, and free the Commissioner to start naming names so that Canadians can better judge who is doing what with their personal information.
No one should experience a privacy invasion such as the one on the cover of Maclean’s. It is time for Canada to get serious about privacy protection.