The kind folks at the Information Accountability Foundation hosted a day-long meeting in Toronto this past week and they focused on an interesting topic. The room was full of privacy pros and a fair number of us participated virtually. The IAF is holding these meetings in Canada and around the world to try and get a better understanding of the role proportionality plays or should play in privacy laws.

In Canada, one of the unique aspects of our laws is that we have incorporated the notion of reasonableness. For example, Section 5(3) of the Personal Information Protection and Electronic Documents Acts states organizations can collect, use and disclose personal information only in circumstances where the reasonable person would consider it appropriate in the circumstance.

The test that has been developed to determine if something is “reasonable” includes this notion of proportionality. If your collection, use or disclosure is not proportionate to the privacy lost in doing that processing, then there’s a good chance you won’t be seen as being reasonable and this would violate PIPEDA. It is important to note that Bill C-27 incorporates the same principles, so even when — or if — PIPEDA gets replaced, this concept is likely going to stick around.

I’m hopeful the IAF project on proportionality provides our community and lawmakers with even more concrete thinking on the concept. We all have to remember that privacy is important (preaching to the choir here) but other things are important too, like public health, safety and innovation. I think a modern approach to privacy includes ways to better operationalize the concept of proportionality, so that we can better reduce the risk of noncompliance with our laws but also properly weigh the risks of not doing some important things because of perceived or possible privacy risks. A holistic versus an all-or-nothing approach is needed to get this right, don’t you think? I’d love to hear your thoughts on this as you head into the weekend.