A number of years ago, there was an important federal court case referred to as the Gordon case. It stemmed from an access to information request for a database of adverse drug reactions and it was the first case where the issue of deidentification theories came into play. In that case, the requestor did not contest that he would not be able to receive certain fields of information in the database that easily fell within the definition of personal information, things like the patient’s name and address. But the entire case was about whether or not the province field should be released. In the end, there was sufficient evidence that if the government released the province field, it could lead to the reidentification of patients that had suffered an adverse drug reaction.
Fast-forward a few years and we now have a second court case that expands on what happened in the Gordon case. It is again an access to information case for a database held by Health Canada, this time a database dealing with the licenses given to individuals to grow their own marijuana for medicinal purposes.
Again, the requestor did not contest the obvious fields of information that would not be released. But, there was a disagreement when it came to the postal code, or, to be more accurate, the Forward Sortation Area part of the postal code, which is the first three digits. The government was willing to release the first character but not the rest on the theory that releasing this geolocation data could result in the reidentification of the individuals with licenses.
The case came down to weighing the expert evidence presented on reidentification theories. Replica Analytics Co-founder and Director Khaled El Emam, who will be on a keynote panel at this year’s Canada Symposium, presented an opinion on behalf of the government which ultimately won the day.
Along the way, the judge made some interesting comments, including the decisionmakers in such case should take into account the sensitivity of the information at issue. In other words, if the possibility of reidentification results in less sensitive information, then you should sway toward taking a lenient approach. But, as in this case, where the possibility of reidentification would result in the release of quite sensitive information, then a more conservative approach should be taken.
On this issue, I’m not sure the court got it right. Shouldn’t the analysis be simply whether there is evidence of the serious possibility of reidentification? Since when do our laws talk about protecting sensitive information more than nonsensitive information? We’ve never made that distinction — but maybe we should.
Have a great weekend everyone, and I hope to see some of you in D.C. next week!
If you want to comment on this post, you need to login.