Canadian court dismisses data outsourcing claim.
When the British Columbia (B.C.) government decided to outsource the processing of Canadians' medical claims previously processed by B.C. government employees, the employees' union objected to the loss of jobs and the potential privacy risks. One principal argument was that the data might fall into the hands of the U.S. government because the proposed data processing contractor, Maximus Inc., was a U.S.-based multinational company.
The union feared that lack of broad U.S. privacy laws, together with expansive government authority to obtain personal information accorded by the USA PATRIOT Act, would put employees' personal information at risk. The Patriot Act became a focus of the B.C. outsourcing debate among Canadians.
Previous international controversies over the transborder flow of personal information resulted mostly from actions in Europe. The European Union Data Protection Directive restricted the transfer of personal information to countries with inadequate privacy laws, including the United States. However, few actual problems have been reported.
In spring 2004, British Columbia's information and privacy commissioner responded to the growing controversy by seeking public comment on the scope of the Patriot Act and the implications for Canadian privacy protections. He received more than 500 submissions, including some from the United States and Europe.
The Patriot Act, however, is not the only law that might force a U.S. company doing business with another country's government to turn over records on that country's citizens. Legal experts say records also might be released to satisfy grand jury subpoenas, National Security Letters, and other procedures that could require the production of records.
Canada has its own privacy law--The Personal Information Protection and Electronic Documents Act (PIPEDA)--but it is unclear whether disclosure of a record in response to a U.S. demand would violate Canadian law in every case because PIPEDA authorizes various legitimate disclosures, including some for law enforcement.
Despite the controversy, the B.C. Supreme Court dismissed a claim by the union challenging the outsourcing of the management of health information to Maximus. In the case B.C. Govt. Serv. Emil. Union v. British Columbia (Minister of Health Services), the court emphasized the importance of privacy protection but concluded that "the contractual provisions, the corporate structure, and the legislative provisions provide more than reasonable security with respect to records in British Columbia."
It also noted that "it is clear that parties to this arrangement have taken all reasonable steps to ensure the Privacy is not absolute." As a result, British Columbia awarded a 10-year, $324 million (Cdn.) contract to Maximus.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||UP FRONT: News, Trends, & Analysis|
|Publication:||Information Management Journal|
|Date:||Jul 1, 2005|
|Previous Article:||Google service remembers every search.|
|Next Article:||Data breaches: is anyone safe?|