The Privacy Commissioner has urged the federal government to recognize the proposed Smartcard will be a system, not just a standalone card, and that new laws will be need to protect privacy when the smartcard is introduced.
And it is also warning the government against allowing the kind of function creep which overtook the Canadian Social Insurance Number to plague the so-called Access Card.
In its submission to the government's Access Card Consumer and Privacy Taskforce, headed by Allan Fels, the Office of the Privacy Commissioner argues existing protections won't alleviate the threat to privacy posed by the introduction of the health and welfare Access Card. The government plans for the card to replace 17 existing social services cards
The submission says the government will have to legislate to prevent the Access Card being used for anything other than obtaining government services, with sanctions against those who misuse either the system or the information in it.
"It is the Office's view that the access card proposal introduces a range of privacy risks that will require additional and specific privacy regulation," according to the submission, which was one of over 100 made public on the taskforce's Web site in the past week or so.
But it also says legislation alone will not be sufficient to protect individual privacy. To address the privacy issues posed by the card it says policy settings for the system should incorporate fundamental privacy principles. Further, rather than attempting to rely on a single measure, these principles should be given effect through a multifaceted framework encompassing:
Design - including in regard to what choices are available to individuals, particularly concerning how their images are handled, as well as the broader systems architecture;
Technology - including by technology choices that display privacy-enhancing characteristics;
Legislation - enacted to offer the community assurances that privacy protections apply over all elements of the access card system, with appropriate sanctions and remedies; and
Oversight Measures - including measures that ensure that existing information handling practices are appropriate, such as complaint handling and audit functions, as well as a transparent and accountable process for considering any future uses of the access card system.
The Office wants development and implementation of the access card system to be accompanied by a number of detailed Privacy Impact Assessments. Meanwhile it warns against "function creep," or incremental expansion in the purpose for which the card is to be used.
The discussion paper notes how the use of driver's licenses has expanded to encompass a range of functions far beyond that originally intended. Drivers may have to display a license today in numerous contexts from boarding a plane, entering nightclubs, collecting mail and renting videos, it notes.
"The Office is concerned that if drivers' licenses can undergo such an expansion then the risk of function creep for the access card needs to be considered."
The paper also highlights how a Canadian Parliamentary Inquiry provides a cautionary description of the function creep experienced by that nation's Social Insurance Number: "Mistakenly, the private sector began to look upon the SIN as a piece of identification and property owners asked for it on apartment rental applications, video stores required it as security for movie rentals, universities and colleges requested it on their application forms and pizza places even used it as a customer number for their delivery system."
It says the government can avoid function creep by ensuring that the system design limits future expansions in scope.
"Additionally, any future expanded uses of the access card should be managed in such a way to avoid function creep. In regard to possible future uses, it is imperative that a process is established that is transparent, widely consultative and supported by legislation to guarantee community confidence. The degree to which the community can be engaged in this process, should it ever be required, will determine whether an expansion of use is regarded as a useful and deliberate innovation, or uncontrolled function creep," it says.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.