Jesse Brown at Macleans.ca has had a great series of four posts on his blog there, which highlight that despite all the attention being lavished on Facebook, Google, WhatsApp and other American internet companies, the most ignored threat to the privacy of Canadians is the Government.
Government information security practices are laughable, fear of the cloud means that public servants have to use insecure USB storage devices to move data, the regulatory regime is antiquated and not up to the task, and the Privacy Commissioner spends a disproportionate amount of time chasing Silicon Valley companies. It's a perfect storm that's not getting adequate attention.
The Privacy Act is completely not up to the task. If the Commissioner needs order-making powers and the ability to levy fines, that power should be directed to the government where her sensible advice is sorely needed and often ignored.
Privacy is generally about choice: you get to choose with whom you share your information, what they can do with it and with whom it can be disclosed. But personal information protection by governments is dramatically different from the private sector. If I don't like my bank's practices, I can go to another bank. If I don't like how Twitter or Facebook work, I can shut down my accounts or go somewhere else. Individuals do not have any choice about their governments. If you are disabled and want benefits you paid for, you have no choice but to go to HRSDC, which is -- by all appearances -- contemptuous of your privacy. In my view, governments have a much higher duty to protect your privacy because choice has been completely removed from the equation. It's time that government starts living by the same rules they impose on your bank and the Internet boogeymen.
Check Jesse's posts out: