Privacy act needs updating, commissioner says

After 10 years, it’s time for Nunavut’s information and privacy law to get an update, says the woman who administers the legislation.

Elaine Keenan Bengts, the information and privacy commissioner, is urging the Government of Nunavut to examine the law for the first time since division.

“The world has changed dramatically in 10 years, particularly in its capacity to move and exchange information, and if the legislation is to continue to be effective it must change with and address those technologies,” Keenan Bengts wrote in her 2008-09 annual report, tabled in the legislature last month.

In her annual report, tabled last month in the legislature, Keenan Bengts wrote that enforcement provisions in the information and privacy act need to be beefed up.

The current act doesn’t give the commissioner any way to force government departments to comply and provides only for a maximum fine of $5,000.

The act also says that violators must knowingly break the rules. “Most of the privacy complaints that reach me are as a result of inadvertence or occur because not enough thought has been focused on the privacy aspects of the matter,” Keenan Bengts wrote.

She also urges the government to give her office the ability to force government bodies to cooperate with investigations.

Premier Eva Aariak wasn’t available to comment, but in an email, her press secretary Yasmina Pepa wrote that the premier would provide a formal response during the fall legislative session that begins Nov. 24.

“The premier and the GN are taking the privacy commissioner’s report and recommendations seriously,” Pepa wrote.

Keenan Bengts also says that the government also needs to draw up clear rules on email records.

“There seems to be no real government-wide system for filing and storing email communications. Each individual employee has his or her own system. One person might delete everything within a week, the next [might] never delete anything.”

GN workers should also be regularly reminded that personal emails sent from GN accounts are still classified as government records and are subject to the information and privacy act, Keenan Bengts wrote.

Pepa wrote that the GN’s internet policy “prohibits anyone from deleting or otherwise denying access to Government records including e-mail messages.”

She also wrote that GN employees are instructed to store records on the GN’s main computer servers and that they receive regular training on the proper storage of electronic documents.

The report also urges the government to extend the deadline for a request for review of an access to information or privacy request and the creation of legislation governing the privacy of electronic health records.