Can privacy exist in an age where technology enables more and more information to be collected about us on an ongoing basis? Details like an individual’s genetic make-up can be extremely useful for medical practitioners to better treat patients, yet can also provide insurance companies and employers with information you may not want them to have.
“This information has to be protected like Fort Knox in certain circumstances, and must flow very readily in other circumstances,” said Dr. Ann Cavoukian, Ontario’s Information and Privacy Commissioner, at a Sept. 24 conference called The Privacy Prognosis in an Era of New Health Information Technology.
Hosted by Cavoukian at the MaRs Centre, the conference on the relationship between technology and privacy was attended by delegates from around the world.
U of T’s Trudo Lemmens, associate professor at the Faculty of Law, discussed the need for new regulatory and legal tools to protect individuals, families, and communities from the information that genetic mapping might reveal.
Lemmens explained the concerns of many individuals that their genetic data could be used against them.
“[Some worry that] the rise of genetic discrimination and the detailed level of information that would become available as a result of the human genome project would be used by employers, insurance companies, immigrations officers, and perhaps even by banks when you apply for a loan,” Lemmens said.
The consensus among attendees was that our understanding of the human genome opened possibilities for remarkable medical breakthroughs.
Knowing one’s genetic make-up can help predict certain health problems. Those who learn they are particularly susceptible to heart disease, for example, can alter their lifestyle to minimize the risk of heart problems down the road.
Lemmens cautioned, however, that this same information can have unfortunate consequences if it falls into the wrong hands.
The government of Ontario established the Provincial Health Information Privacy Law three years ago to control the spread of sensitive health data. The law is based on the concepts of implied consent and explicit consent, Cavoukian explained.
“When you go to see your physician, that physician should not have to spend any time with you getting your consent for the collection of the information you’re about to disclose. It’s clear you’re there because you want help,” she said.
But, added Cavoukian, as soon as that information leaves that health care sector, “everything changes.”
Such applications require the explicit consent of the individual whose data is being used.
The conference’s second focus was technological, because, organizers contended, privacy laws are only useful if the equipment used to gather and transmit sensitive data is secure.
U of T’s newly established Identity, Privacy and Security Initiative graduate program considers these issues. The IPSI, directed by Professor Dimitrios Hatzinakos, concentrates students and faculty from disciplines such as engineering, public policy, and business to analyze matters of public information security.
Hatzinakos hopes to build privacy directly into new technologies, a concept Cavoukian calls “privacy by design.”
“We have to think how we can build privacy into the technology so that it can be that much more effective” said Hatzinakos. He added that these technologies could be readily applied to other sectors, such as commerce and the legal system.
