Last week, I attended and spoke at the CANARIE Summit in Montreal. My time slot was the dreaded midafternoon one — after a large and yummy lunch. Moreover, the presenter who preceded me was extremely dynamic and spoke about quantum computing and the new threat to cybersecurity that technology poses. As I took the stage, I asked myself how on earth I was going to keep the energy up in the room and keep people interested in what I had to say.
Well, I had nothing to worry about. While I was not nearly as dynamic as the previous speaker in my presentation style, the content I spoke about seemed to keep the audience engaged and listening. So, what did I speak about?
First, I talked about the evolution of privacy protection in the private sector in Canada, how the Canadian Standards Association model code formed the framework for legislation that was seen as pioneering back in the late 1990s. However, as we peeled back the layers on this framework, we started to see that many of the principles and assumptions are at odds with how the world has evolved. Then, when we look beyond Canada’s borders, we see new models being put forward that, at least at first blush, seem to be more effective at protecting privacy all the while balancing the legitimate interests in processing personal information.
I ended my talk with some crystal ball gazing at what might happen in Canada in the next couple of years. For better or for worse, I think the Office of the Privacy Commissioner of Canada will get their order-making powers and, I think, considering how Canada’s Anti-Spam Law has paved the way, monetary penalties may also be on the horizon. And I cannot imagine a situation in which accountability doesn’t play a greater role.
The Q&A portion was lively, and I was grilled about (particularly recent) transborder data flow issues, the role of ethics in privacy protection, and one clever participant remarked that I had only scratched the surface because my talk didn’t really talk about public sector issues. I exited the stage thinking that this group really got it: Privacy is important to them. And, to be clear, the audience was not made up of many privacy professionals. These were people who are dealing with academic and information security issues. Fifteen years ago, I don’t know if the same audience would’ve been as receptive, but this week it was topical. And that’s a great thing, because we’ll only get so far by preaching to the converted.