Request for banking data prompts privacy probe
OTTAWA — Federal privacy commissioner Daniel Therrien is investigating Statistics Canada’s request for private banking information on 500,000 Canadians.
Therrien said numerous people have complained to his office about the agency’s effort to gather detailed information on transactions held by Canadian financial institutions, from cash-machine withdrawals to credit-card payments to account balances.
The formal investigation will include an examination of the requests Statistics Canada has made to businesses in multiple industries for data they collect on their customers and business partners, he said.
Canada’s chief statistician, Anil Arora, said traditional methods of gathering data aren’t good enough to measure Canada’s economy and changes in society. “More than 75 per cent of purchases are conducted online by Canadians and Statistics Canada has to have access to these data in order to provide all Canadians with the timely and quality statistics they need in areas such as housing and debt and the impacts of transitioning to a gig economy,” Arora said.
Therrien’s last report to Parliament mentioned Statistics Canada’s growing reliance on “administrative data sources,” mainly information collected by businesses about their customers. Many of those businesses have contacted the privacy commissioner to make sure that sharing it is OK, his report said.
Therrien suggested that wherever possible, Statistics Canada should tell the companies involved to strip names and identifying information from the data before sending it over. “To ensure transparency, we recommended StatCan let the Canadian public know how and why it is increasing its collection of data from administrative and other non-traditional sources,” the report said.
• Meanwhile, after more than three years of legislative fine-tuning, Canadian businesses will be required as of today to alert their customers and the federal privacy watchdog if there’s a danger that personal information under an organization’s control has fallen into the wrong hands.
Failure to report the potential for harm could expose privatesector organizations to fines of up to $100,000 for each time an individual is affected by a security breach, if the federal government decides to prosecute a case.
But there are warnings that Canada’s privacy office — an arms-length Parliamentary body — will be handicapped by a lack of resources and its limited powers under the Personal Information Protection and Electronic Documents Act, or PIPEDA.
Therrien said his office needs six more people to analyze the new flood of breach reports that will start to flow. Without it, the office will only be able to take a superficial look at most reports.