As Canada moves closer to its digital ambitions, the protection of personal information and privacy will take precedence. This is true for private and public sector entities alike.
Data security and privacy are not new imperatives. It is, however, one that has been underscored by growing cyber threats and landmark data initiatives to transform the way we work and interact in the new, digital world of services. The most influential reminder of this is the EU's General Data Protection Regulation (GDPR), which holds all entities that manage European data to greater accountability and transparency standards than ever before, influencing governments around the globe to adopt similar privacy approaches.
The GDPR and Canada's own Personal Information Protection and Electronic Documents Act (PIPEDA) is clear: it is no longer enough to regard data privacy and security as an afterthought or a mere compliance exercise. These laws are meant to be interpreted alongside new expectations – it is about what organizations 'should' do with the data they are entrusted with for the greater good and not merely what the law prescribes. Today, organizations and public agencies of every stripe must be ready to demonstrate to their customers, regulators, and the public that they are accountable for, and transparent about, their data practices when it comes to leveraging Canadians' most important information asset – their personal information.
And make no mistake: the digital future is a trust game. Organizations that set themselves apart will be those who proactively build privacy and security into new technologies, business practices, and the architecture of their emerging tech, by design and default. It will also be those who make explicit contracts with the customers about how their data is being collected, managed, and used; and those who can present a clear, and more balanced value exchange with customers for their data – be it offering incentives, better experiences, or more customized services but not at the expense of their privacy values or expectations.
The Canadian government is not exempt from these expectations. One can argue that given the mandatory nature of its data collection, our powers-that-be owe a higher duty of care over the massive volumes of citizen data it uses to inform policies, public services, and internal advancements. Still, as the 2018 edition of KPMG's 'Me, My Life, My Wallet' report indicates, Canadians are growing increasingly uneasy about how their data is collected and used by the public sector. If the government hopes to bolster that trust, and engage in mutually-beneficial data-sharing partnership with its citizens, it must do so with the utmost transparency, accountability, and respect.
The good news is that the Canadian Government has demonstrated that it is very serious about implementing a national data strategy built around these foundational principles that reflect Canadian values. And with PIPEDA set for review, it is likely that our bar will be raised ever higher to stay in step with customer expectations and our European partners.
As that journey continues, we must have a full view of modern risks and Canadian attitudes.