September 18, 2002, 11:55 AM — For inherently social beasts that crave the latest gossip, humans demonstrate an entirely different attitude toward personal privacy. Though technology in general, and the database in particular, has made information gathering a breeze, it has been hell on personal privacy. There are megabytes of information on each and every one of us. From medical records, which may show a propensity to high blood pressure and obesity, to supermarket loyalty cards which demonstrate our inability to resolve the apparent dietary hypocrisy between our love of junk food and buying of tofu.
For the most part, Canadians agree that technological advances have improved their lives. Many societal advances can be directly attributed to computers, such as safer air travel and improved medical diagnostics. But the potential for privacy abuse grows exponentially as the terabytes of data accumulate. It is not that technology is to blame, it has just made privacy abuse that much easier.
This is something that IT departments across the country are going to have to start worrying about, if they haven't already. In January 2004, all Canadian companies will have to comply to the Personal Information Protection and Electronic Documents Act (PIPEDA). The act will apply to all personal information collected, used or disclosed in the course of commercial activities by all. This is all occurring as hypothetical worst case scenarios are slowly, but inexorably, becoming reality.
It might only be a matter of time before police start trolling for suspects in a database knowing an assailant has AB+ blood, suffers from arthritis and is between the age of 43 and 52. For many this seems Orwellian.
Recently police in Iowa caused a privacy furor. Attempting to solve the murder of a newborn, they subpoenaed the names of women who had undergone pregnancy tests at a nearby Planned Parenthood.
The case involved hundreds of medical records. Obviously the data matching could be done by hand. But what if it was in Toronto or Montreal and the list contained tens of thousands? Since databases would be needed, technology would come to the forefront.
"Technology can bring some efficiencies to the abuse of privacy," said Peter Hope-Tindall, chief privacy architect with Oakville, Ont.-based dataPrivacy Partners Ltd. "It is becoming cheaper and more efficient to do nefarious things with databases."
While it is debatable whether use of a database in such a way is nefarious by definition, it is an unquestionably intimidating event for those who fear Big Brother.
"Technology has removed the economic barriers," said Latanya Sweeney, a professor of computer science, technology and policy at the School of Computer Science, Carnegie Melon University in Pittsburgh. She was referring specifically to the fact that epidemiological medical data available from the world-renowned Mayo Clinic no longer requires travel to Minnesota to view it. Now it can be done online in a matter of minutes, at relatively little cost. What was a complex, difficult and time consuming task has been reduced to the click of a mouse.
"It was never our policies and practices that gave us privacy in the past -- it was the absence of this kind of technology," she said.
DON'T BLAME THE TECHNOLOGY
Herein lies the dilemma. No one is out to blame privacy abuses on technology, but there is no question technology has made abusing one's privacy that much easier.
Sweeney, while a graduate student at the Massachusetts Institute of Technology in Cambridge, Mass., took ostensibly private medical information (in the form of hospital discharge data, research information collected by 40 of the 50 U.S. states), combined it with publicly available voter registration data and was able to match records to patients. Sweeney was able to determine everything from severity of illness to payment method. All of this was done with the help of database technology.
"That's frightening
