Government Spying: Do Companies Need to Change How They Gather Sensitive Data?

Collecting sensitive information online could put companies in violation of Canada’s privacy laws, given the amount of attention recent revelations about government monitoring of online communication have received.

“The knowledge that data in transit is going to be monitored creates a compliance risk with Canadian privacy law,” says Claudiu Popa, the president and CEO of Informatica Security Corporation, a consulting firm that specializes in information security and privacy.

He says that since awareness of government spying programs is now widespread, companies can’t argue that they didn’t know.

“If we can’t trust that our digital communications aren’t being intercepted, we have to assume that 100 per cent of our digital communications are being intercepted,” he says

According to Popa, this means companies may now need to create additional disclosures for their customers, so they know data may be intercepted, use encryption technology or stop accepting sensitive data over the internet altogether.

“Service professionals of all kinds, even ecommerce,” he says, “should be extremely concerned.”

But without guidance from privacy commissioners, either at the provincial or federal level, it’s hard for companies to know whether their current privacy practices are enough.

That’s why Informatica has joined the Protect Our Privacy Coalition, organized by Vancouver-based lobby group, which advocates for an open Internet. Since launching in early October, the campaign has drawn the support of a wide variety of groups from across the political spectrum, including left-wing organizations like the Council of Canadians and right wing groups like the Canadian Taxpayers Federation.

The campaign calls for the government “to put in place effective legal measures to protect the privacy of every resident of Canada against intrusion by government entities.”

Popa says he’s calling on privacy commissioners, both at the federal and provincial level to provide assurances “to companies that thought they were compliant with best practices with data in transit.” And for privacy commissioners to give guidance on how companies can comply with privacy laws – even though they know that sensitive data may be intercepted.

Popa says he thinks that the widespread spying will not only diminish trust in governments, but could also cause Canadians to lose trust in a variety of online activities.

“There are tremendous, incalculable negative ramifications for Canadian businesses,” he says. “Canadians will reduce their online traffic.

When it comes to making purchases over the Internet, “those are trust-based decisions. It took a long time for Canadians to start buying books online.” And if Canadians don’t trust ecommerce providers, they may stop buying.

“There isn’t nearly enough concern, let alone an outcry from the corporate sector,” Popa says.