Two recently released reports (one from the Office of the Privacy Commissioner of Canada, the other from the Office of the Information and Privacy Commissioner of Ontario) offer thorough, carefully considered looks at security and privacy in a world that relies increasingly on mobile and Wi-Fi internet.

The Canadian Privacy Commissioner issued her annual report to Parliament on the Personal Information Protection and Electronic Documents Act (PIPEDA). What follows is a snippet from the introduction to her report.

"Personal information has become a valuable commodity. Companies make money from the use of personal information – it’s no wonder that some would like us to believe that privacy doesn’t matter. [...] The pressure on privacy is not just the result of new social standards or new and captivating technologies. In the commercial sphere where PIPEDA applies, it chiefly comes from the fact that there is big money to be made in pushing the privacy boundaries."

The Ontario-specific Commissioner's Office released a more focussed report, examining the implications of security flaws in the information architecture of Wi-Fi Positioning systems. They come out strongly advocating a Privacy by Design model, as opposed to Open by Default, since we all know "the default rules".

"Privacy is predicated on providing users with personal control along with openness and transparency associated with one’s practices, which demonstrates respect for the user, and builds greater trust."

They give strong examples to indicate why there's a need for policy:

"In situations where static, unique identifiers already exist, significant care must be shown in the use of those identifiers. The primary example of this is biometrics, such as fingerprints, facial recognition, iris scans, and similar physiological or behavioural characteristics of individuals. The unchecked use of biometrics for identification or verification of individuals could lead to numerous privacy concerns – the linkage of databases, expanded surveillance, and function creep, to name only a few."

"Thus, as with all technologies affecting privacy, it is clear that options exist and must be pursued to ensure that individuals are permitted to maintain their privacy while using WPS. Regardless of what requirements exist in the form of standards or laws, incorporating a Privacy by Design approach will ensure that the highest standard of privacy will be met."

A reading of these two reports would arm non-experts with the tools and language with which to articulate any privacy concerns they may be having. It also restores a little bit of confidence in traditional authority's ability to maintain citizens rights in a mediated online space.

If only government bodies could always be so helpful!