Unwittingly we entrust this trail to the people who design, implement and manage data security for the numerous online enterprises with whom we interact.
Can we trust these people to do a good job?
The Sony data breach has reminded us once again that personal privacy is constantly at risk in our modern world. More and more of our lives, our personal interests, our hobbies and activities are leaving an electronic trail. In many places along that trail, caches of our personal information are being collected and stored. Those caches, whether they are statements of credit card purchases or lists of preferences for certain services or activity logs for games played online or email or text messages, are all at risk of being accessed by people seeking information about us. Unwittingly we are creating these data caches and entrusting them to the people who design, implement and manage the data security for numerous online enterprises with whom we interact on a daily basis. Can we trust these people to do a good job? We have no easy way of knowing.
This is not a new problem. When Professor David Johnston, now Canada's Governor General, was asked to head the Information Highway Advisory Council in the 1994, he and I discussed it. He would later write in his report that privacy could be the first casualty on the information highway. One of the reasons why privacy is not yet dead is the effort of Dr. Ann Cavoukian, the Ontario Privacy Commissioner, who has been raising awareness and promoting privacy by design, an effort to encourage developers to build privacy protections into the systems that they build.
Other efforts have been made to deal with aspects of the problem. Data encryption has been developed, although as RIM is discovering governments are not entirely happy with secure data that can mask criminal activity. We have also developed notice requirements if data breaches occur. This helps us know the extent of the problem but does nothing to prevent it. Our efforts to date have suffered from the fact that this is a very complex problem to deal with. Lawyers and law-makers lack the technical expertise to fully understand the issues and to assess possible solutions.
What multi-disciplinary projects like GRAND offer is an opportunity to do a thorough "360" assessment of why these breaches occur and what can be done to prevent future breaches. Recently at the GRAND annual conference in Vancouver, Sam Trusow, the SocLeg theme leader, Robert Biddle and I spoke of using the Sony experience as one such case study. Whether or not this particular case study is undertaken, it behooves us to tackle this problem in the "360" way that GRAND can do.
C. Ian Kyer is counsel at Fasken Martineau and the chair of the board of directors for GRAND. His blog takes readers on a tour of legal issues and perspectives as applied to the fascinating world of graphics, animation and new media in Canada.