Talks of consolidation of municipal government units resurfaced again recently.
Officials considering the move uttered the sentiment of not wanting to be left behind. It’s challenging for municipalities, big and small, to provide all the desired services to their residents.
In the modern world, municipalities are also looking to digital solutions and on-line services to help meet the demand. From the digitization of information storage for traditional services like taxation, by-law enforcement, emergency services, building permits, and animal control, to forays into technology solutions like video surveillance, police body-worn cameras, smart meters, and smart cities, municipalities are increasingly collecting and using sensitive personal information stored and accessed in digital formats. Data-driven decision-making, convenience, and the accountabilities that can flow from incorporating technology are almost like a mirage. They shimmer with possibility and nobody wants to be left out.
The question Nova Scotians should be asking at this critical juncture is whether municipalities are left out of a modern data protection framework that supports the drive for digital technology and has the capability to produce transparency and accountability for privacy risks.
Currently, the responsibility for municipalities to protect the personal information they collect about citizens is found in the Municipal Government Act, Part XX. They must provide “reasonable security.” However, the following is missing from this legislation: any obligation to inform or notify anybody about a privacy breach; any responsibility to report to anybody about information security or information practices; any responsibility to respond to citizen privacy complaints; and any authority for the Office of the Information and Privacy Commissioner to investigate a privacy issue or act on citizen complaints about privacy.
This is dramatically different from the data protection framework that exists for Nova Scotia’s provincial government under FOIPOP (Freedom of Information and Protection of Privacy Act), for Nova Scotia’s health custodians under the Personal Health Information Act, and for so many others across Canada and around the world who have implemented modern data protection regimes.
The year 2019 saw mainstream reporting on increased ransomware and other cyberattacks on municipalities and other local agencies across North America. Are Nova Scotia’s municipalities ready for the new age crime that comes along with new technology? If the state of Nova Scotia’s data protection framework for municipalities is any indication, we would have to say no.
On January 28, the world annually marks Data Privacy Day to raise awareness for data protection issues. Join Nova Scotia’s Information and Privacy Commissioner and other Commissioners across the country by calling on lawmakers to strengthen data protection laws. The call is on our Web site: https://oipc.novascotia.ca. In 2020, it’s time to ensure that Nova Scotia’s municipalities are not left behind in the modern world where sensitive data holds so much value but is also so easily at risk.
Information and Privacy Commissioner
for Nova Scotia