There’s a news story this week (below) about a government computer system not having the necessary privacy protections built into it. It’s actually a follow-up investigation by the British Columbia Auditor General, who went public with her disappointment that the government had not yet fixed the system.
I suppose these stories are going to continue for some time into the future. There just aren’t enough people responsible for building and implementing systems who are versed in privacy know-how. It’s odd, for me, because I’m knee-deep in it, but stories like this remind me that in many ways we’re still at the beginning stages of this privacy industry. There’s still lots of ground to cover and educating to do, connections to be made with other key professional groups.
I’m particularly interested in this type of news story this week because we’re just putting the finishing touches on three separate PIAs. All for government bodies, and all because they are implementing new systems. The PIA exercise is a great tool to catch privacy risks and, if done properly, will also be helpful in figuring out ways to mitigate those risks.
I’m a little surprised, actually, that the story about the British Columbia Auditor General doesn’t mention that one way the government failed was by not conducting a PIA. In my mind, had they taken that first and crucial step, the privacy problems would likely not have materialized in the first place.
And they definitely wouldn't have become national news.
If you want to comment on this post, you need to login.